[mod-security-users] mod_security and virtual hosts
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] mod_security and virtual hosts
|
From: Justin G. <web...@sw...> - 2005-08-15 13:31:16
|
Greetings,
I'd like to know if it's possible to implement per/vhost exclussions using
mod_security.
We are using gotroot's rules as well as some custom rules but it's not
working correctly with all sites.
For example the cookies validation, UTF-8 encoding checks as well as
application specific rules need to be excluded here and there.
All the below config vars for example are hitting few sites on every
general web hosting server I came across till now and it's a pitty not to
secure some 400 sites on the machine because 10 of them are getting hurt :(
SecFilterCheckURLEncoding Off
SecFilterCheckUnicodeEncoding Off
SecFilterCheckCookieFormat Off
SecFilterNormalizeCookies Off
I believe mod_security is a great tools for webhosters, but rules
organizations can be improved, specially when working with tons of rules,
like the ones provided by gotroot.
thanks,
Justin
|
