Sometimes you need disable ModSecurity rules in specific url or program, because it causes false positives. This tutorial we show how you can whitelist rule or rules with apache LocationMatch directive.
LocationMatch examples
WordPress admin
<locationmatch "/wp-(admin|login)/"> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch>
phpmyadmin
<locationmatch "/phpmyadmin/">
SecRuleRemoveById 150005
SecRuleRemoveById 150006
</locationmatch>
Depend your server configuration, like cPanel or DirectAdmin, you need add these in specific files:
cPanel: /etc/apache2/conf.d/modsec/modsec2.user.conf
DirectAdmin: /etc/modsecurity.d/ folder
More Details in LocationMatch directive in Apache Server Documentation.
Remember restart apache after modifications.
Final words
if you are not interesting write own ModSecurity rules, you can use Malware.Expert – Web Hosting ModSecurity rules