|
From: Fred S. <fr...@me...> - 2005-02-08 20:43:54
|
A ruleset like this is well-suited for blocking movable type: # Block Movable Type Comments SecFilterSelective REQUEST_URI "mt-comments.cgi" chain SecFilterSelective REQUEST_METHOD "POST" chain SecFilterSelective SERVER_NAME "foo.org" allow,nolog This rule blocks all posts to mt-comments.cgi (still allowing your users to see their exsiting comments) and allows posts from only foo.org. You can add an instance of this rule for all domains that patch their movable types. FWIW, you might want to implement this for mt-tb.cgi as well, trackback spam is becoming quite prevalent. On Tue, 8 Feb 2005, Hugh Beaumont wrote: > Hi, > > I have server configured as follows : > > server wide mod_security rules set up in httpd.conf > > and then virtual hosts added at the end of httpd.conf > > Right now, the mod_security rules affect all virtual hosts. > > I would like to have the option to turn off certain rules for some hosts. > Is there a way to do this? A way to unset a rule? > > The only way I've thought of is to define the rules inside of the virtual hosts > instead of server wide. I would prefer not to do this since in the majority of > cases the rules should be enforced - it is only a select few that need them > waived. > > Are there resource/performance issues I would need to worry about if I resort defining the rules > inside each virtual host? > > Thanks for any advice. > > By the way, what I'm trying to resolve are the recent issues with Moveable Type blogs where > spammers are calling mt-comments.cgi repeatly and causing a DOS. > > For now I'm planning to just reject all requests for mt-comments.cgi and then only turn it on for > users who complain. I believe we have a lot of users who have the script installed but no longer > use it. > > Please let me know if anyone has a better solution to the recent Moveable Type issues (other than > upgrades which are too hard to get all users to do right now - I'm looking for a quick fix to stop > the problem ASAP). > > Thanks! > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - now with 250MB free storage. Learn more. > http://info.mail.yahoo.com/mail_250 > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > -- Fred Stutzman Desk: 962-5646 Cell: 260-8508 www.ibiblio.org |
