allowing remote inclusions as exceptions?

hello everybody,
I'm using mod security on my servers and escpecially enjoy
that remote 
inclusions are blocked because I host a couple of phpbb2
sites, but now 
a user set up a site with search function to index other
sites, the URLs 
for those requests look like this:
http://www.hos
tsite.com/admin/admin.php?f=index&url=http://www.indexed
-site.com/&reindex=1
as you can see this is also some kind of remote inclusion.
my question is:
is it possible to allow remote inclusions as exceptions in
the rule-set?
any help is appreciated.

-- 

-----------------------------

SHA1 Fingerprint
2F:B3:C4:72:0E:A9:47:11:04:5C:1D:7B:73:C6:71:B8:6B9:B7:BA

MD5 Fingerprint
18:36:79:A2:68:19:4E:AF:8B:10:37:02:82:B2

-----------------------------


------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users

Yes, it is possible to create exceptions to rules.  Is your
configuration blocking these requests (assuming your site
name is
www.hostsite.com) -
http://www.hostsite.com/admin/admin.
php?f=index&url=http://www.indexed-s
ite.com/&reindex=1

What rule is triggering?  Can you provide an example alert
message for
the rule that is matching that you want to create an
exception for?

-- 
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
 
--------------
Web Security Threat Report Webinar on May 9, 2007 (12 pm
EST)
Learn More About the Breach Webinar Series:
http://www.breach.
com/webinars.asp
--------------
 

> -----Original Message-----
> From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-
> security-users-bounceslists.sourceforge.net] On
Behalf Of bad_brain
> Sent: Friday, March 30, 2007 12:11 PM
> To: mod-security-userslists.sourceforge.net
> Subject: [mod-security-users] allowing remote
inclusions as
exceptions?
> 
> hello everybody,
> I'm using mod security on my servers and escpecially
enjoy that remote
> inclusions are blocked because I host a couple of
phpbb2 sites, but
now
> a user set up a site with search function to index
other sites, the
URLs
> for those requests look like this:
>
http://www.hostsite.com/admin/admin.p
hp?f=index&url=http://www.indexed-
> site.com/&reindex=1
> as you can see this is also some kind of remote
inclusion.
> my question is:
> is it possible to allow remote inclusions as exceptions
in the
rule-set?
> any help is appreciated.
> 
> --
> 
> -----------------------------
> 
> SHA1 Fingerprint
> 2F:B3:C4:72:0E:A9:47:11:04:5C:1D:7B:73:C6:71:B8:6B9:B7:BA
> 
> MD5 Fingerprint
> 18:36:79:A2:68:19:4E:AF:8B:10:37:02:82:B2
> 
> -----------------------------


------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users