[mod-security-users] Apache2 / mod_sec per virtual host config?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi there

As I fummbled around with this great mod I found out that in my 
configuration, as soon as I activate mod_security in one virtual host 
(name based), _all_ virtual hosts have mod_sec activated with the rules 
I defined for that one special vhost.

As I read from the documentation this should not be the case - so: what 
am I missing? Is it a mod_sec version-thing?

My setup in short:

Debian Sid
Apache/2.0.52
libapache2-mod-security 1.8.4-1.1 (most recent :-/ Debian package)

apache2.conf has no mod_sec defined, it includes multiple vhost-confs 
right before EOF, so it basically looks like this:

<VirtualHost ip.ad.re.ss:80>
ServerName A
... (no mod_sec)
</VirtualHost>

<VirtualHost ip.ad.re.ss:80>
ServerName B
-> mod_sec enabled
</VirtualHost>

<VirtualHost ip.ad.re.ss:80>
ServerName C
...  (no mod_sec)
</VirtualHost>

-> allthough mod_sec is only enabled and configured in vhost B, all 
three vhosts have it activated and the rules applied.

Thanks for your help,
Jan

-- 
You never see empty pot boil over
(Jamaican)