mod_security question
we have enabled mod_security and prevented a lots of XSS attacks.
the problem is that some of the clients couldn work with they cms or forums cause the xss rules denied the access to many functions of the forums/cms's.
I had to disable these rules from mod_security but now i have problems iwth XSS attacks again.
As I understand there must be a way not to disable the rules from apache but just for a particular site's vhost, by using .htaccess or some include?
anyone has idea how to do that?
the rules I want to disable ONLY for these particular vhosts are these:
SecFilter "<( |\n)*script"
SecFilter "<(.|\n)+>"
the problem is that some of the clients couldn work with they cms or forums cause the xss rules denied the access to many functions of the forums/cms's.
I had to disable these rules from mod_security but now i have problems iwth XSS attacks again.
As I understand there must be a way not to disable the rules from apache but just for a particular site's vhost, by using .htaccess or some include?
anyone has idea how to do that?
the rules I want to disable ONLY for these particular vhosts are these:
SecFilter "<( |\n)*script"
SecFilter "<(.|\n)+>"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It won't help anyone that would read this post.
But, you are the Site Admin and you decide :)