[mod-security-users] SecFilterInheritance

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I run a small web hosting business and recently we've been plagued with
trackback spam.  It's been so bad recently that if I don't catch that attack
at the start and disable all the trackback scripts the server very quickly
becomes unusable and has to be rebooted.  To try and stem the tide I've
implemented Peter Wood's script
(http://prwdot.org/docs/blacklist_to_modsec.html) that uses the MT Blacklist
to create a set of rules for ModSecurity to block comments and trackbacks
containing spam.  Peter suggested bypassing ModSecurity for certain
locations and I've figured out how to do this for a file, eg, 
<Files mt.cgi>
SecFilterInheritance Off
</Files>

I would like to know how to do this for a whole directory, is it possible?

The other situation I'd like some help with is one of my customers who
doesn't blog at all.  Their site is devoted to transcribing a census index.
The only forms on the site are those used by the transcribers for data entry
in a password-protected area which is never going to get spammed.  One the
one hand they could just bypass ModSecurity completely but the handy thing
I've noticed about Peter's script is that not only is it blocking comments
and trackbacks it appears to be blocking a lot of referrer spam as well.
I'm assuming there is a way, using a .htaccess file, to stop ModSecurity
scanning the data entry forms but to continue blocking the referrer spam.

Thanks - Shelagh