Hi Josh,

Thanks for the reply.
 
How are you including the CRS rules? Have your tried specifying the rule sets you want in each individual virtual host config?

We installed mod_security and the CRS on RedHat via Yum.  By default, mod_security.conf is loading the rules from modsecurity.d/activated_rules/*.conf.

To disable the rules, would I just need to comment that out in mod_security.conf and then add the Include modsecurity.d/activated_rules/*.conf directive inside of each VirtualHost directive that we want to apply the rules to?

Thanks again,

Aaron Brown

From: "Josh Amishav-Zlatin" <jamuse@gmail.com>
To: "Aaron M. Brown" <aambrown@uindy.edu>
Cc: mod-security-users@lists.sourceforge.net
Sent: Thursday, November 8, 2012 2:32:39 PM
Subject: Re: [mod-security-users] Disable modsec CRS rules by default and enable

On Thu, Nov 8, 2012 at 4:51 PM, Aaron M. Brown <aambrown@uindy.edu> wrote:
Hello list subscribers,

Is it possible to disable some of the CRS rules by default for all virtualhosts on a server and then enable rules for specific locations?

Hi Aaron,

How are you including the CRS rules? Have your tried specifying the rule sets you want in each individual virtual host config?
 
 We tried the opposite approach - enable all CRS rules for all VirtualHosts and disable rules for specific locations using the LocationMatch directive and SecRuleRemoveById. But we ended up getting thousands of false positives on pages that didn't really need some of the CRS enabled.

Also, are there any good tools (can be command line / GUI / whatever) for viewing a modsec log by hostname?  I'd like to be able to see which rules we should disable / enable by looking at the logs we have collected.  It would be helpful if I could pull the audit records for a particular host.

Have you looked at AuditConsole (http://jwall.org/web/audit/console/index.jsp)

--
 - Josh


Thanks in advance!

Aaron Brown

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/