Justin Grindea wrote:
> hello,
>
> I'm interested in upgrading mod_security to 1.9 and have a couple of
> questions:
>
> First, how do I upgrade? I'm on apache 1.3, installed using apxs -cia
> mod_security.so.
Just do the same again, then stop and start Apache.
> Second, I've heard that now rules can be ignored per v-host and I'm
> interested in implementing this.
> Most of the rules I use are from gotroot. I have the main file, that
> includes all other files like rules.conf,
> agents.conf, etc.
> How can I disable one rule or more per v-host entry?
You would have to assign a unique ID to the rule and then
use SecFilterRemove in the virtual host later on. Look SecFilterRemove
in the manual.
> Lastly, I'm interested in cutting the audit_log into small files, for
> each v-host on the server, so
> my clients can see the relevant entries from the log and be able to
> adjust scripts as needed or be aware of
> attacking attempts.
If you use the concurrent audit log format (new to 1.9) the audit
log entries will already be separated for you. You only need to
write a script to parse the index file (which contains the host
field) and copy/move the audit log entries to the customers'
folders.
But, if you are using <VirtualHost> for hosting note that you
can spread the audit log into multiple files easily, simply
by putting a different SecAuditLog /path/to/file line into each
one.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
