Users can disable mod_security

#1
Hey guys,

At the moment our clients can disable mod_security completely through the use of SecFilterEngine Off in their .htaccess. Ideally we'd prefer our clients contact us to whitelist the rules they're triggering, than disable the entire platform.

Under apache SecFilterEngine Off doesn't work, is it possible to disable it from working under LS?

Cheers
 
Top