WordPress and ModSec using the OWASP Rule Set

Running WordPress and Mod Security together can be a challenge but we have been doing it successfully for a few years now so I thought I’d share our Global Disable list and User configuration settings.

These rules are globally disabled in /usr/local/apache/conf/modsec2.whitelist.conf:

981261
950901
981244
981243
981248
981257
960015
958979
981245
973343
950109
981249
973336
973340
981242
981246
981256
973339
950120
970901
960915
981240
981320
958231
981251