View more context



if they’ve authenticated, I don’t need to block their request


if they’re not, though, that’s really when I want ModSecurity to kick in

andante could be the answer

Show 1 attachment(s)
Stack Overflow  
Disable mod_security by requested URL

I use mod_security with Apache 2.4. On this platform we have an ecommerce system using the following URL for its administrative tools: I want to achive to goals: Ac...

Hide attachment content

well crap - turning off the rules in the virtualhost config doesn’t seem to stop the request from getting blocked


Yeah there are a few ModSecurity rules that SilverStripe seems to trigger…


is there a reference page for what rules those might be and how to accommodate?