View more context



havent used it myself, but i can offer my opinion on whether it would be a good idea - i think the answer is "if you trust the people in your admin section"


basically, my view is that you need to trust them to some degree, right? if you are letting them publish pages and upload files, you have already opened yourself up to so many attack vectors, that turning off mod_security seems to be a negligible change


if they’ve authenticated, I don’t need to block their request


if they’re not, though, that’s really when I want ModSecurity to kick in

andante could be the answer

Show 1 attachment(s)
Stack Overflow  
Disable mod_security by requested URL

I use mod_security with Apache 2.4. On this platform we have an ecommerce system using the following URL for its administrative tools: I want to achive to goals: Ac...

Hide attachment content

well crap - turning off the rules in the virtualhost config doesn’t seem to stop the request from getting blocked