Disabling Mod Security on one URI


#1

Hello,
I have a script I wrote that automatically takes RFI/Webshell attacks against my website and posts them to a page to see. The script works fine. The problem is, if it has: c99shell /c99shell/ or the like in a string of the returned page, Mod Security will flag it and the site returns a 404. I tried the steps here:


to disable Mod Security for one page, but I think the instruction are for an older version as they do not work on the current Mod Security. Ideas on how to disable for one page?
[hr]
This seems to be the rule that is flagging it from 99_dreamhost_rules.conf:

SecRule RESPONSE_BODY "(?:<title>[^<]*?(?:\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\b|imhabirligi phpftp)|(?:r(?:emote explorer|57shell)|aventis klasvayv|zehir)\b|\.::(?:news remote php shell injection::\.| rhtools\b)|ph(?:p(?:(?: commander|-terminal)\b|remoteview)|vayv)|myshell)|\b(?:(?:(?:microsoft windows\b.{,10}?\bversion\b.{,20}?\(c\) copyright 1985-.{,10}?\bmicrosoft corp|ntdaddy v1\.9 - obzerve \| fux0r inc)\.|(?:www\.sanalteror\.org - indexer and read|haxplor)er|php(?:konsole| shell)|c99shell)\b|aventgrup\.<br>))" \ "phase:4,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Backdoor access',id:'10000001',tag:'MALICIOUS_SOFTWARE/TROJAN',severity:'2'"