Re: [mod-security-users] excluding virtual hosts

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

David Obando wrote:
> I found the answer myself.
> One example would be:
> 
> SecFilterSelective ARGS "/bin/" chain
> SecFilterSelective SERVER_NAME !example.com

   Correct. FYI you should be aware that second rule will match
   "www.example.com", "somethingelse.example.com",
   "example.com.modsecurity.org" and so on. It's better to use
   the dollar sign to anchor the regex to the end of string. E.g.

   SecFilterSelective SERVER_NAME !example.com$

   Anyway, that approach only works one rule at a time. There
   are other things you could try:

   1) The allow action will let the request through. So if you
      do something like this:

      # rules that apply to all hosts
      SecFilter ...
      SecFilter ...

      # end processing early for some hosts
      SecFilterSelective SERVER_NAME (example1.com|example2.com)$ allow

      # rules that apply to some hosts
      SecFilter ...

   2) You could use the skip action to skip over some rules
      but you would need to count them so it's not very
      practical.

   3) You can explicitly disable filtering for some hosts:

      <VirtualHost ...>
      SecFilterEngine Off
      </VirtualHost>

   4) Or clear the rule list and load a partial list only:

      <VirtualHost ...>
      SecFilterInheritance Off
      Include conf/partial_modsecurity_rules.conf
      </VirtualHost>

-- 
Ivan Ristic (http://www.modsecurity.org)