Sep 23 2013

Disable mod_security with htaccess

If you too have searched online for a way to disable ModSecurity using htaccess you know the pain. Every blog/forum post is either old and not applicable anymore or unintentionally deceiving. So, to save you some time, here is the simplest way to disable ModSecurity using htaccess.

Let’s assume that you have a specific virtual host that you want to exclude from the WAF. What you have to input inside the configuration file is the following directive:

<VirtualHost *:8080>


    SecRuleEngine Off


Restart your web server and you are good to go.

Update – July 2014: ModSecurity now has “restricted” htaccess support:

Leave a Reply

More in General News, Web Application Security
Honeypot Workshop @ BruCON 2013
How to resize an EC2 root partition
AthCon Trailer 2013
Adding an HP printer to BackTrack 5