Re: [mod-security-users] Include rules file per Directory
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Include rules file per Directory
|
From: Ivan R. <iva...@gm...> - 2006-04-19 20:45:27
|
On 4/19/06, Michael Shinn <mi...@go...> wrote: > On Wed, 2006-04-19 at 20:56 +0100, Ivan Ristic wrote: > > On 4/19/06, Michael Shinn <mi...@go...> wrote: > > > On Wed, 2006-04-19 at 10:42 +0100, Ivan Ristic wrote: > > > > On 4/17/06, Justin Grindea <web...@sw...> wrote: > > > > > hi, > > > > > > > > > > I'm looking into using gotroot's blacklist.conf but would like to= restrict > > > > > processing rules in this file only to specific scripts that need = it, not load > > > > > it like any other rules file, since the load goes very high on a = busy server. > > > > > > > > You can do that, simply do something like: > > > > > > > > <Location /xyz> > > > > Include conf/blacklist.conf > > > > </Location> > > > > > > > > But using blacklist.conf is not a good idea (that's the one with ma= ny > > > > IP addresses in it?) > > > > > > blacklist.conf has all the spammer URLs in it. > > > > The next dev. release of ModSecurity will have the SURBL support. You > > should be able to use that to replace blacklist.conf, right (i.e. just > > do a single DNS lookup to verify a URI instead)? > > Yep. Will I be able to extract multiple URIs from a POST? If not in 2.0 then in 2.1 for sure (I have a very tight deadline for 2.0). Were you thinking of having ModSecurity extract the URIs from the request parameters? -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
