Solved

mod_security question

Posted on 2006-06-16
4
232 Views
Last Modified: 2010-03-04
we have enabled mod_security and prevented a lots of XSS attacks.
the problem is that some of the clients couldn work with they cms or forums cause the xss rules denied the access to many functions of the forums/cms's.

I had to disable these rules from mod_security but now i have problems iwth XSS attacks again.

As I understand there must be a way not to disable the rules from apache but just for a particular site's vhost, by using .htaccess or some include?

anyone has idea how to do that?

the rules I want to disable ONLY for these particular vhosts are these:

 SecFilter "<( |\n)*script"
 SecFilter "<(.|\n)+>"
0
Comment
Question by:MaRiOsGR
4 Comments
 
LVL 23

Accepted Solution

by:
rama_krishna580 earned 500 total points
ID: 16972377
0
 
LVL 2

Author Comment

by:MaRiOsGR
ID: 17175091
The links do not give any answer to the specific thing I asked, so it not helpful to accept as a right answer.
It won't help anyone that would read this post.

But, you are the Site Admin and you decide :)

0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question