Re: [mod-security-users] mod_security and virtual hosts
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security and virtual hosts
|
From: Ivan R. <iv...@we...> - 2005-08-15 13:38:26
|
Justin Grindea wrote:
> Greetings,
>
> I'd like to know if it's possible to implement per/vhost exclussions
> using mod_security.
Sure it is.
> We are using gotroot's rules as well as some custom rules but it's not
> working correctly with all sites.
>
> For example the cookies validation, UTF-8 encoding checks as well as
> application specific rules need to be excluded here and there.
Simply turn them off where you need:
<VirtualHost XYZ>
SecFilterCheckURLEncoding Off
SecFilterCheckUnicodeEncoding Off
SecFilterCheckCookieFormat Off
SecFilterNormalizeCookies Off
</VirtualHost>
VirtualHosts will inherit the configuration from the main
server but you can make changes as you wish. In 1.9 you can
even import or delete individual rules via their IDs. (I am
about to document these 1.9 features.)
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|