If you too have searched online for a way to disable ModSecurity using htaccess you know the pain. Every blog/forum post is either old and not applicable anymore or unintentionally deceiving. So, to save you some time, here is the simplest way to disable ModSecurity using htaccess.
Let’s assume that you have a specific virtual host that you want to exclude from the WAF. What you have to input inside the configuration file is the following directive:
<VirtualHost *:8080> ... SecRuleEngine Off ...
Restart your web server and you are good to go.
Update – July 2014: ModSecurity now has “restricted” htaccess support: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES#L358-371