Home / server / Questions / 501806
In Process
powtac
Asked: 2013-04-23 23:52:09 +0800 CST

Limit mod_security rule to one vhost only

  • 772

I run several domains (via vhosts) with the same apache installation. Some domains require different mod_security rules than the others. In a seperate exceptions.conf file I collect all those rules and have this syntax:

<Location "/test">
    SecAuditEngine Off
    SecRuleRemoveById 950134
    SecRuleRemoveById 981265
    SecRuleRemoveById 981289
    SecRuleRemoveById 981244
    SecAuditEngine RelevantOnly     
</Location>

But this rule would match all /test folders on all domains! But I only want to limit it to a specific host. How can I limit those rules to a vhost only in a global exceptions.conf file?

apache-2.2

1 Answers

  1. Here are some different ways to do that:

    • instead of having a global exception file, put the exceptions inside the virtual host definitions
    • if you want to have an exception file separate from the actual virtual host definition, don't include it in the main server config - instead include it from inside the virtual host.
    • instead of using <Location>, use SecRule and the ctl:ruleRemoveByID action. Example:

    SecRule SERVER_NAME "somedomain\.com$" "@streq /test/.*" "ctl:ruleRemoveByID=981244"

    If possible, the first one would be by far the simplest.

    • 1