|
From: Hugh B. <hbe...@ya...> - 2005-02-08 20:13:34
|
Hi, I have server configured as follows : server wide mod_security rules set up in httpd.conf and then virtual hosts added at the end of httpd.conf Right now, the mod_security rules affect all virtual hosts. I would like to have the option to turn off certain rules for some hosts. Is there a way to do this? A way to unset a rule? The only way I've thought of is to define the rules inside of the virtual hosts instead of server wide. I would prefer not to do this since in the majority of cases the rules should be enforced - it is only a select few that need them waived. Are there resource/performance issues I would need to worry about if I resort defining the rules inside each virtual host? Thanks for any advice. By the way, what I'm trying to resolve are the recent issues with Moveable Type blogs where spammers are calling mt-comments.cgi repeatly and causing a DOS. For now I'm planning to just reject all requests for mt-comments.cgi and then only turn it on for users who complain. I believe we have a lot of users who have the script installed but no longer use it. Please let me know if anyone has a better solution to the recent Moveable Type issues (other than upgrades which are too hard to get all users to do right now - I'm looking for a quick fix to stop the problem ASAP). Thanks! __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 |
