On Fri, Jul 06, 2012 at 03:33:36PM +0300, Teodor MICU wrote: > 2012/7/6 Alberto Gonzalez Iniesta <a...@inittab.org>: > >> I'm proposing to remove the second paragraph completely because from my > >> experince enabling all these rules for all web sites will cause too much > >> noise in the log (like 99.9%) with entries like this: > > > > "enabling all these rules" ??? > > > > Which rules? The package includes NO /etc/modsecurity/*.conf files. So > > none are included unless you create them. > > Obviously, the sysadmin will add some rules otherwise why install the > package at all? > > The point is, once you add some rules it will affect all virtual web > sites and this causes trouble.
If you want rules only for a VirtualHost, they can be added to its configuration file. You don't need to use /etc/modsecurity at all. I don't really see the problem or the severity of the bug. Regards, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
