On Monday 28 September 2009 07:15:03 am Peter M. Abraham wrote:
> Greetings:
>
> In a shared hosting environment where there could be many admin.php files,
> is there a way to limit specific settings in mod_security 1.9 (we are still
> on Apache 1) to a specific admin.php that happens to be in the HTML root
> document directory of a domain name?
>


See the 1.9 documentation for controlling ModSecurity dynamically -
http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-
multipage/03-configuration.html#N101B0. I am not sure if you can use the
Apache SetEnvIf directive to match both the hostname and filename in one line
so that you can set MODSEC_ENABLE to Off.


If you have mod_rewrite, you might try to use some RewriteCond rules and then
set the ENV variable there. Something like this (untested) -


RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.yourhostname.com$
RewriteCond %{REQUEST_FILENAME} ^/admin\.php$
RewriteRule .* - [E=MODSEC_ENABLE=Off]


-Ryan