I recently discovered some issues with saving certain types of resources in a CMS, the cause of which I’ve narrowed down to 3 specific mod_security rules. The host’s cPanel allows for disabling mod_security site-wide but that’s heavy-handed, and they don’t allow modifying the Apache httpd.conf file nor will they disable the offending rules on a shared server. I need a surgical solution that allows me to disable mod_security for a single directory.
Not sure if it will work on this server but I though I’d try using .htaccess but the demos I’ve found haven’t worked yet. Anyone know of an example for doing this?
I am pretty sure that mod_security can only be configured using am Apache config file, and if your host won’t let you do that, you’re pretty well out of luck.
Walter
On Oct 17, 2015, at 7:02 PM, Todd email@hidden wrote:
I recently discovered some issues with saving certain types of resources in a CMS, the cause of which I’ve narrowed down to 3 specific mod_security rules. The host’s cPanel allows for disabling mod_security site-wide but that’s heavy-handed, and they don’t allow modifying the Apache httpd.conf file nor will they disable the offending rules on a shared server. I need a surgical solution that allows me to disable mod_security for a single directory.
Not sure if it will work on this server but I though I’d try using .htaccess but the demos I’ve found haven’t worked yet. Anyone know of an example for doing this?
Well, the host is who recommended trying htaccess, though they were vague as to whether it would actually work. Odd.
There are certainly plenty of online examples for doing this sort of thing with htaccess and Apache, but as I said none of it has worked for me which might support your conclusion.
I am pretty sure that mod_security can only be configured using am Apache config file, and if your host won’t let you do that, you’re pretty well out of luck.