Posted on 2006-06-16
we have enabled mod_security and prevented a lots of XSS attacks.
the problem is that some of the clients couldn work with they cms or forums cause the xss rules denied the access to many functions of the forums/cms's.
I had to disable these rules from mod_security but now i have problems iwth XSS attacks again.
As I understand there must be a way not to disable the rules from apache but just for a particular site's vhost, by using .htaccess or some include?
anyone has idea how to do that?
the rules I want to disable ONLY for these particular vhosts are these:
SecFilter "<( |\n)*script"