Substitute For Modsecurity

NinjaFirewall can replace ModSecurity.
You cannot whitelist one plugin but its firewall policies and security rules can be turned on or off easily and individually if one of them wrongly blocks a request.

I can’t tell you if you will be blocked or not with the default settings, without having more information about the HTTP request you want to whitelist.

Also, NinjaFirewall has a user configuration file called the .htninja which can be used to whitelist, blacklist or even tamper with incoming HTTP requests.

You might also want to Google “SecRuleRemoveById” You can find a number of tutorials on finding which ModSecurity rule is being triggered on what requested URL. Then you can disabled that rule on that URL if you have access to your site’s .conf file for your web site (ModSec2 removed the ability to disable rules in .htaccess).

I run both ModSec2 and NinjaFirewall with no problems, but I do have about 10 modsec rules disabled to keep WordPress functioning normally (I still had to do that even with ModSec’s WordPress CRS whitelist enabled).

Do a Google search for “countmodsec” and/or “modgrep” to find some helpful scripts for tracking down what rules are being triggered.

Wow thank you both for the detailed replies. I’ll definitely use NinjaFirewall then. The plugin is Content Egg, I’m not sure if that helps. It scrubs websites for prices and Modsecurity is blocking its requests.

I’m sure I’ll find resolution with both of your suggestions, so helpful!!!

Ari