havent used it myself, but i can offer my opinion on whether it would be a good idea - i think the answer is "if you trust the people in your admin section"
basically, my view is that you need to trust them to some degree, right? if you are letting them publish pages and upload files, you have already opened yourself up to so many attack vectors, that turning off mod_security seems to be a negligible change
if they’ve authenticated, I don’t need to block their request
if they’re not, though, that’s really when I want ModSecurity to kick in
https://stackoverflow.com/a/46045010 could be the answer
looks like a very similar requirement
well crap - turning off the rules in the virtualhost config doesn’t seem to stop the request from getting blocked