[Modsecurity] per vhost exclusions solved? | order of exclusions | mixing rules from modsecurity.org

[J-P Human]

Hi

I have three questions,

Firstly something I had trouble with was skipping certain rules for certain
files on certain vhosts. Basically what im saying is on a box running
multiple vhosts a specific vhost say www.example.com was triggering an XSS
rule ( id of 40002 )  with its page /styles.php. now a simple:

</LocationMatch /styles.php>
SecFilterRemove 40002
</LocationMatch>

would exclude it from that rule, but it would also exclude all other
occurrences of  /style.php on all other vhosts, which is not good. The only
solution I found to that was, In the vhost file for www.example.com I
inserted the above <LocationMatch> exclusion and it seemed to work. To test
I copied the styles.php to another vhost on the same server and it triggered
the rule, while the www.example.com was skipping the rule. Is this the
correct way to solve this problem or am i missing something?

My second question

The exclude.conf rule set if this gets loaded into your "global rule set" it
has a lot of common file names which are excluded rules for example, a
Joomla rule for /index.php skips a couple of checks. This would mean for all
occurrence's of index.php on all vhosts index.php will never have those
rules run against it? The only solution i see is to apply each exclusion on
a per vhost basis if my above method does in fact work. ( I think it does )

Lastly my third question,

If im using all the gotroot rule sets am I duplicating rules by using the
rule sets from modsecurity.org ?
Or should I run both?

Thanks for the all the work these rules make a huge difference.

Regards
J-P Human
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gotroot.com/pipermail/modsecurity/attachments/20060823/da2b8f4c/attachment.html