Mod_security2 and gotroot config question
Hey,
Just a quick question here.
If I have the gotroot ruleset, is there any need to use any of the default rulesets that come with the mod_security package? Or should I disable those rules?
At the moment I have this config:
#Turn on security
SecRuleEngine On
#Logs
SecAuditLog logs/mod_security2.log
#Include exclude.conf FIRST
Include conf/extra/mod_security_gotroot/99_asl_exclude.conf
#Load all other gotroot config files & rulesets
Include conf/extra/mod_security_gotroot/*.conf
So I'm not using any of the default mod_security rules.
Can anyone advise if I need to use any of those? Is there anything extra that you advise to add to the above config before I load the gotroot rules?
cheers
J
|