How to disable the WAF for a URL

Step 1: Setup support for custom rules by running these commands as root:

cd /etc/httpd/conf.d

wget https://www.atomicorp.com/examples/01_modsecurity.conf

mkdir /etc/httpd/modsecurity.custom.d

cd /etc/httpd/modsecurity.custom.d

wget https://www.atomicorp.com/examples/99_zzz_custom.conf

Step 2: Choose the URL you want to exclude, in the example below "/administrator" is used.

Add the below to the file /etc/httpd/modsecurity.custom.d/99_zzz_custom.conf

 <LocationMatch /administrator>
  SecRuleEngine Off
 </LocationMatch>

Step 3: check apaches config:

service httpd configtest

If you get no errors, restart apache:

Step 4: Restart apache

service httpd restart