Re: [mod-security-users] SecFilterInheritance
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecFilterInheritance
|
From: Peter W. <prw...@gm...> - 2005-03-23 19:58:58
|
Hi Shelagh, Funny running into you here. :-) > containing spam. Peter suggested bypassing ModSecurity for certain > locations and I've figured out how to do this for a file, eg, > > <Files mt.cgi> > SecFilterInheritance Off > </Files> > > I would like to know how to do this for a whole directory, is it possible? <Files> limits scope by filename. You can use either one of the following directives to achieve what you want: <Directory> Limit scope based on absolute filesystem paths http://httpd.apache.org/docs-2.0/mod/core.html#directory <Location> Limit scope based on URL http://httpd.apache.org/docs-2.0/mod/core.html#location FYI, these are Apache directives, and are not specific to mod_security. > I'm assuming there is a way, using a .htaccess file, to stop ModSecurity > scanning the data entry forms but to continue blocking the referrer spam. They would simply need to put the following in their .htaccess file: <IfModule mod_security.c> SecFilterInheritance Off SecFilterSelective HTTP_Referer "example rule to block" </IfModule> This would only block content found in referers. Be sure to note that this does not necessarily eliminate referrers from Apache's log files. You would need to do some custom log configuration in Apache so that requests blocked by mod_security do not show up in the Apache logs. Peter -- Peter R. Wood | email: prw...@gm... | blog: http://prwdot.org/ |
