Apache2: Disable mod_security for a virtual host

How to remove the security module for a particular site.

This cannot be done in the htaccess file for modsecurity2 – youll get a sitewide 500 error and “SecRuleEngine not allowed here”.

To switch it off in the vhost:

<VirtualHost *:80>
        #...
        ServerName ...
        ServerAlias ...

        ServerAdmin ...
        DocumentRoot ...
        
        <IfModule mod_security2.c>
                SecRuleEngine Off
        </IfModule>

PHP: Always redirect to the non-www and https version of the current page

<?php
if(empty($_SERVER[‘HTTPS’]) || $_SERVER[‘HTTPS’] == “off”){ //check for non secure connections
$redirect = ‘https://’ . str_replace(‘www.’, ”, $_SERVER[‘HTTP_HOST’]) . $_SERVER[‘REQUEST_URI’];
header(‘HTTP/1.1 301 Moved Permanently’); //make a permanent redirect
header(‘Location: ‘ . $redirect);
exit();
}elseif(substr($_SERVER[‘HTTP_HOST’], 0, 4) === ‘www.’){ //check if the requested url begins with “www.”
$redirect = ‘https://’ . str_replace(‘www.’, ”, $_SERVER[‘HTTP_HOST’]) . $_SERVER[‘REQUEST_URI’];
header(‘HTTP/1.1 301 Moved Permanently’);¬† //make a permanent redirect
header(‘Location: ‘ . $redirect);
exit();
}