Thanks for the reply.
How are you including the CRS rules? Have your tried specifying the rule sets you want in each individual virtual host config?
We installed mod_security and the CRS on RedHat via Yum. By default, mod_security.conf is loading the rules from modsecurity.d/activated_rules/*.conf.
To disable the rules, would I just need to comment that out in mod_security.conf and then add the Include modsecurity.d/activated_rules/*.conf directive inside of each VirtualHost directive that we want to apply the rules to?
"Josh Amishav-Zlatin" <email@example.com>To:
"Aaron M. Brown" <firstname.lastname@example.org>Cc:
Thursday, November 8, 2012 2:32:39 PMSubject:
Re: [mod-security-users] Disable modsec CRS rules by default and enable