Re: [mod-security-users] couple of questions about mod_security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] couple of questions about mod_security
|
From: Ivan R. <iv...@we...> - 2005-11-13 20:06:53
|
Justin Grindea wrote: > hello, > > I'm interested in upgrading mod_security to 1.9 and have a couple of > questions: > > First, how do I upgrade? I'm on apache 1.3, installed using apxs -cia > mod_security.so. Just do the same again, then stop and start Apache. > Second, I've heard that now rules can be ignored per v-host and I'm > interested in implementing this. > Most of the rules I use are from gotroot. I have the main file, that > includes all other files like rules.conf, > agents.conf, etc. > How can I disable one rule or more per v-host entry? You would have to assign a unique ID to the rule and then use SecFilterRemove in the virtual host later on. Look SecFilterRemove in the manual. > Lastly, I'm interested in cutting the audit_log into small files, for > each v-host on the server, so > my clients can see the relevant entries from the log and be able to > adjust scripts as needed or be aware of > attacking attempts. If you use the concurrent audit log format (new to 1.9) the audit log entries will already be separated for you. You only need to write a script to parse the index file (which contains the host field) and copy/move the audit log entries to the customers' folders. But, if you are using <VirtualHost> for hosting note that you can spread the audit log into multiple files easily, simply by putting a different SecAuditLog /path/to/file line into each one. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
