mod_security - whitelist?


What would be the best way to exclude certain app (cms) from apache mod_security rules.
Also when this app would be on a white list, does it mean that apache is vulnerable to attacks originated through that app?

does anyone know how to add, apps / domains to mod_security white list?