Re: [mod-security-users] mod_security and virtual hosts
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2005-08-15 13:38:26
|
Justin Grindea wrote: > Greetings, > > I'd like to know if it's possible to implement per/vhost exclussions > using mod_security. Sure it is. > We are using gotroot's rules as well as some custom rules but it's not > working correctly with all sites. > > For example the cookies validation, UTF-8 encoding checks as well as > application specific rules need to be excluded here and there. Simply turn them off where you need: <VirtualHost XYZ> SecFilterCheckURLEncoding Off SecFilterCheckUnicodeEncoding Off SecFilterCheckCookieFormat Off SecFilterNormalizeCookies Off </VirtualHost> VirtualHosts will inherit the configuration from the main server but you can make changes as you wish. In 1.9 you can even import or delete individual rules via their IDs. (I am about to document these 1.9 features.) -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |