ModSecurity Issue

Hi, Can someone please help me to disable ModSecurity rule ID "1234123456" for a specific folder. I spent hours without any success. I'm currently on WHM 11.38.1 (build 15) if that helps.

First I added this directives to my domain's custom include file -

Code:

    <IfModule mod_security2.c>
        SecRuleRemoveById 1234123456 13050 13051
    </IfModule>

I have added 13050, 13051 to avoid some rules which are affecting WordPress. And only those 2 IDs are removed but not 1234123456 and it's still active. Then I tried the following

Code:

    <IfModule mod_security2.c>
        SecRuleEngine Off
    </IfModule>

Even after that, WordPress rules are removed but not 1234123456. To verify this I checked the modsec2 debug log file and the rule is there. Then I had to disable it globally by commenting out the rule it self in modsec2.conf file which was added by EA I guess which I'm sure will get added when I do an update in the future. And I really don't like to mess with those files. Can someone please help to disable the Rule ID 1234123456 using my domain's custom apache include file.

Thank you very much

 

Thanks a lot for the quick reply And Thanks a lot for the Addon link. But can you please let me know what I'm doing wrong? How can I do this without installing the addon you mentioned? Thanks

 

Hi Infopro, I installed the addon but unfortunately still it's not working. Can it be because the ID is really long "1234123456" ? Please help me out Thank you

 

@quietFin, I first checked disabling it for the account and then tried globally, In both cases it didn't work.

@quizknows, Thanks for the reply, I'm pretty sure this is a false positive. I did go through the modsec debug log and the error is triggered because DB - 1 which I think is because "HTTP Response Body - Data Before" is having an issue. Anyway, I would like to disable that rule Any idea how I can do it rather than commenting out the rule itself in the modsec2.conf file which I really don't like to do

Thank you