How to disable a rule in ModSecurity Apache
To disable a rule in ModSecurity, edit Apache configuration, add
1 |
SecRuleRemoveById 980130 949110 |
It will disable rules with IDs 980130 and 949110.
On Ubuntu, I edited the file
1 |
/etc/apache2/mods-enabled/security2.conf |
Here is what I have in the file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
root@news:~# cat /etc/apache2/mods-enabled/security2.conf <IfModule security2_module> # Default Debian dir for modsecurity's persistent data SecDataDir /var/cache/modsecurity # Include all the *.conf files in /etc/modsecurity. # Keeping your local configuration in that directory # will allow for an easy upgrade of THIS file and # make your life easier IncludeOptional /etc/modsecurity/*.conf # Include OWASP ModSecurity CRS rules if installed IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf SecRuleRemoveById 980130 949110 </IfModule> root@news:~# |
Back to ModSecurity