• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 245
  • Last Modified:

mod_security question

we have enabled mod_security and prevented a lots of XSS attacks.
the problem is that some of the clients couldn work with they cms or forums cause the xss rules denied the access to many functions of the forums/cms's.

I had to disable these rules from mod_security but now i have problems iwth XSS attacks again.

As I understand there must be a way not to disable the rules from apache but just for a particular site's vhost, by using .htaccess or some include?

anyone has idea how to do that?

the rules I want to disable ONLY for these particular vhosts are these:

 SecFilter "<( |\n)*script"
 SecFilter "<(.|\n)+>"
0
MaRiOsGR
Asked:
MaRiOsGR
1 Solution
 
MaRiOsGRAuthor Commented:
The links do not give any answer to the specific thing I asked, so it not helpful to accept as a right answer.
It won't help anyone that would read this post.

But, you are the Site Admin and you decide :)

0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now