You really need to learn how to ask your questions, and stop repeating yourself (you've opened several posts for the same question, each with different details)...
Your question should say "How to disable access logs for all vhosts in Apache controlled by Plesk?"
From what I've read, there's no easy way because of the way Plesk creates/rewrites all apache .conf files everytime you modify something.
What someone did, was to create a shell script that replaces all instances of "CustomLog" by "#CustomLog" in all http.include files for each vhosts, and to add this script to the crontab so it runs every 15 minutes.
See his thread: http://forums.theplanet.com/lofiversion/index.php/t52435.html
I would use Perl to do in-place replacements however, like this. My version also only comments out the CustomLog lines if it's the first keyword on the line, and I made it so httpd only reloads (SIGHUP) instead of trying to start it, so it's better:
#!/bin/bash
for FILE in /home/httpd/vhosts/*
do
perl -p -i -e "s/^[[:space:]]*CustomLog/#CustomLog/" "$FILE/conf/httpd.include"
done
service httpd reload
exit 0
Make sure this is run as root.
The question you linked to was about whitelisting rule 981231 which looks like this:
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(/\*!?|\*/|[';]--|--[\s\r\n\v\f]|(?:--[^-]*?-)|([^\-&])#.*?[\s\r\n\v\f]|;?\\x00)" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'8',accuracy:'8',\
id:'981231',t:none,t:urlDecodeUni,block,\
msg:'SQL Comment Sequence Detected.'\
,severity:'2',capture,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',tag:'WASCTC/WASC-19',tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE1',tag:'PCI/6.5.2',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.sql_injection_score=+1,setvar:'tx.msg=%{rule.msg}',setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}"
You are trying to whitelist 981172 which looks like this:
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES "([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\´\’\‘\`\<\>].*?){8,}" "phase:2,t:none,t:urlDecodeUni,block,\
id:'981172',rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'8',\
msg:'Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded',\
capture,logdata:'Matched Data: %{TX.1} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.sql_injection_score=+1,setvar:'tx.msg=%{rule.msg}',setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/RESTRICTED_SQLI_CHARS-%{matched_var_name}=%{tx.0}"
As you can see the message is different for this rule, so you are whitelisting the wrong message. Hence why it is not working for you.
Best Answer
You can disable the ModSecurity on a specific URL with LocationMatch directive, something like this:
http://www.atomicorp.com/wiki/index.php/Mod_security