2012/7/6 Alberto Gonzalez Iniesta <a...@inittab.org>: > If you want rules only for a VirtualHost, they can be added to its > configuration file. You don't need to use /etc/modsecurity at all.
Yes, but that's exactly the purpose of this directory. > I don't really see the problem or the severity of the bug. The problem I've had was that on every web server I have at least one virtual site (default) that it's not public. This caused too much noise from mod_security when all rules from «/etc/modsecurity/*.conf» were enabled globally. So, I thought what options do I have? 1) move the rules from /etc/modsecurity to another place or 2) remove the rule from mods-available/modsecurity.conf that includes them. I believe the best design is to use /etc/modsecurity for all common (or specific rules) of all public web sites. Cheers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org