First of all we can’t block mod_security2 via .htaccess on domain basis . So never put .htaccess mod-security rules. You have to disable it in the vhost configuration in apache.
In cpanel server it will be as follows,
1) Create a custom vhost configuration file called mod-security.conf in the following location.
# mkdir -pv /usr/local/apache/conf/userdata/std/2/CPUSER/DOMAINNAME/
# touch /usr/local/apache/conf/userdata/std/2/CPUSER/DOMAINNAME/mod-security.conf
2) Now add the following lines to this file
#################################
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
################################
The above will disable the modsecurity rule for a particulr domain name . If you only need to disable the rules for a particlur folder , please add the rules as follows,
######################
<LocationMatch specify_the_path_here>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>
#######################
If you only need to disable a particular rule , the create the file with the following ,
#########################3
<IfModule mod_security2.c>
SecRuleRemoveById give_ruleID_here
</IfModule>
##########################
3) Now as the final step please ensure this custom vhost using the following command in cpanel servers,
# /scripts/ensure_vhost_includes –user=CPUSERNAME
This script will uncomment the following line in apache configuration. It will customize the virtual host to use the particular include file and will restart apache.
##############
Include “/usr/local/apache/conf/userdata/std/2/CPUSER/DOMAINNAME/*.conf”
#################
