Hello,
If CWAF is installed on server without control panel then disable mod_security for domain is not working. I tried -f to force disable domain even if its not found but its not generating exclude file (000_exclude_yourdomain.com.conf) in domains folder. I see under yml, disabled.yml is generated with the domain info. Please check this function and include in next update.
Also when disabling domain you should allow user to specify port number. As in without control panel someone may install Nginx or Varnish to act as reverse proxy for Apache and then Apache wont be working on default 80 port. So below workout may be helpful.
/usr/local/cwaf/scripts/cwaf-cli.pl -f -dd yourdomain.com:potnumber
disabled.yml gets created:
yourdomain.com:portnumber 0
Then excluded config created for domain 000_exclude_yourdomain.com.conf
SecRule SERVER_NAME “(?:..)?www.yourdomain.com(?::portnumber)?|(?:..)?yourdomain.com(?::portnumber)?” “phase:1,nolog,noauditlog,allow,ctl:ruleEngine=Off,id:10001”