Disbale mod security for 1 site

[screege]

Hi I am using apache 2.2 and mod security 2 with the default configs, my problem is that one site is using a php to call a jpg image but mod security keeps blocking it, I wanted to add the SecFilterEngine off to the htacess file but everytime I do it I get 500 internal server error for the whole site. Is there a way to disable mod security just for this site?

Thanks

[s.a.]

Edit httpd.conf and add the following into site VirtualHost entry:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

[screege]

Thanks a lot it works like a charm

[elevenx]

This may get lost after cpanel updates. Please see the link below:

How to disable mod_security2 rule for one domain?

[screege]

After a while I have added the rule and now it doers not seem to work can anyone help me please? I addedd to one of my vhosts
<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>

on /etc/httpd/conf/httpd.conf restarted apache but it is not working should I put in another place?

THANKS

[screege]

Ok found the new code just put it in /etc/httpd/conf/httpd.conf before the </virtualhost> of the domain you want to disable it:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

Thanks

[Spiral]

Blindly turning off mod_security entirely, even for one site, just because a rule triggers is for lack of a better word "stupid" to say the very least!

Don't turn off mod_security as that utterly defeats the point of having mod_security setup on your server in the first place! Subsequently, disabling one site leaves enough of a hole that the whole entire server may as well not have mod_security installed or enabled and may as well remove it entirely!

If you have a problem with a rule triggering, I suggest either rewrite the specific rule so that it doesn't trigger for that specific site or content or disable the offending rule (did you know you can disable individual rules?) and just that rule only --- leaving the rest of mod_security fully running!