How to disable the WAF for a URL Follow

Avatar
mikeshinn
  • Updated
 
Step 1:  Setup support for custom rules by running these commands as root:
 
cd /etc/httpd/conf.d

wget https://www.atomicorp.com/examples/01_modsecurity.conf

mkdir /etc/httpd/modsecurity.custom.d

cd /etc/httpd/modsecurity.custom.d

wget https://www.atomicorp.com/examples/99_zzz_custom.conf
Step 2: Choose the URL you want to exclude, in the example below "/administrator" is used.
 
Add the below to the file /etc/httpd/modsecurity.custom.d/99_zzz_custom.conf
 <LocationMatch /administrator>
  SecRuleEngine Off
 </LocationMatch>
Step 3: check apaches config:

service httpd configtest

If you get no errors, restart apache:

Step 4: Restart apache
 
service httpd restart

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more
Powered by Zendesk