Disabling individual modsecurity rules

[jayw1]

What's the correct way to disable a specific modsecurity rule? Right now I'm commenting out a line in /usr/local/cwaf/rules/02_Global_Generic.conf and it works, but I get a syntax error in DirectAdmin > Custom HTTPD Configurations

2020-05-21 15:48:56.712098 [ERROR] [Module:Mod_Security]setSecRule(type 2) /usr/local/lsws/conf/httpd-modsecurity.conf failed, ret -1, reason: 'Rules error. File: /usr/local/cwaf/rules/02_Global_Generic.conf. Line: 14. Column: 174. Expecting an action, got: "id:211350,chain,t:none,msg:'COMODO WAF: IGNORE_CRS||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,skipAfter:'IGNORE_CRS_Generic',rev:1,severity:2,tag:'CWAF',tag:'Generic'"

Is there a proper way to do this?
Using OpenLiteSpeed if that matters.

 

[jayw1]

Actually, the line the error mentioned is one I didn't even touch.

An error in the default config or still a result of me commenting out a rule several lines below?

 

[smtalk]

ModSecurity control has been added to admin/user levels in pre-release. You may try using it to disable a specific rule ID.

 

[jayw1]

ModSecurity control has been added to admin/user levels in pre-release. You may try using it to disable a specific rule ID.

Has this made it to the stable version yet?

 

[mcormick]

Bit of a bump here, but I noticed a bug.
It _is_ possible to disable individual modsec rules on a DirectAdmin/LiteSpeed server, but you better not enter any comments...:

[ERROR] [190745] [Module:mod_security]setSecRule(type 2) /usr/local/directadmin/data/users/user/domains/domain.modsecurity_rules failed, ret -1, reason: 'Rules error. File: /usr/local/directadmin/data/users/user/domains/domain.modsecurity_rules. Line: 2. Column: 16. SecRuleRemoveById: failed to load:1337 # comment here. Not a number or range: # '.

Looks like whatever code is calling setSecRule, may want to exclude the comments from the line, so the actual rule Id is parsed correctly.