I recently ran into an issue with MOD_SECURITY and false positives while posting content in the craftCMS admin. Previously I was able to disable mod_security for the entire admin by using a <LocationMatch> directive, but since the later version of craft, the entry editor posts the form directly to the platform entry url, usually /index.php. Therefore, using the old method your only option was to disable mod_security or the specific rules for the entire site. This new method works around that:
Add the following to your
httpd.conf(.htaccess control is no longer supported after mod_security2)<IfModule security2_module> SecRule REQUEST_URI "p=admin/actions" id:99999999,phase:1,pass,nolog,t:none,ctl:ruleEngine=Off </IfModule>
The rule ID specified is required on mod_security >= 2.7 (I believe). Just give it a number that does not conflict with an existing rule. The number in the sample works fine for me.
This basically just says if "p=admin/actions" is present in the REQUST_URI of the request, disable mod_security.
Since these requests are authenticated, it should be safe.