Re: [mod-security-users] Include rules file per Directory
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Include rules file per Directory
|
From: Ivan R. <iva...@gm...> - 2006-04-19 09:42:38
|
On 4/17/06, Justin Grindea <web...@sw...> wrote: > hi, > > I'm looking into using gotroot's blacklist.conf but would like to restric= t > processing rules in this file only to specific scripts that need it, not = load > it like any other rules file, since the load goes very high on a busy ser= ver. You can do that, simply do something like: <Location /xyz> Include conf/blacklist.conf </Location> But using blacklist.conf is not a good idea (that's the one with many IP addresses in it?) because ModSecurity needs to test for each IP address individially (and that's slow when you have thousands of IP addresses to check). From what I've heard Mike (GotRoot) will be maintaining a proper RBL to replace blacklist.conf (and ModSecurity 2.x already supports RBLs). The combination will be an order of magnitude faster. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
