The old method of disabling mod_security by placing a SecFilterEngine Off SecFilterScanPOST Off in a .htaccess doesn't work anymore. This doesn't seem to be clear in the docs and I only found this info in a mod-sec mailing post.
So the rules now need to go directly into the apache conf files.
I have most sites hosted on a plesk server. In plesk you can add to the virtual host config inside a vhost.conf file found in
Create or edit this file and enter:
<location "/" >
Apply the vhost changes if a new vhost file with:
/usr/local/psa/admin/bin/websrvmng -v -a
And reload the httpd server with:
service httpd restart
Better still disable specific rules with
Instead of the sledgehammer SecRuleEngine Off