Gday Team, I have debian etch with ispc 2.2.14 I have installed mod_security 2.1.1-0 I am concerned about breaking somthing in ispc. I found the following in my log file. The following entry relates to the domain for ispconfig not for hosted domains. These errors are 'CRITICAL' and I guess it means ispconf will not be able to do something it need to. [07/Aug/2007:01:15:13 +1000] [tld.mydomain.com/sid#8292580][rid#856aab8][/][2] Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required. [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] After commenting out The above rule, I get the following 'critical' error [07/Aug/2007:01:19:48 +1000] [tld.mydomain.com/sid#82942b0][rid#857f5f8][/][2] Warning. Match of "rx ^((??OS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] After comment out both rules, I have no more errors for my ispconfig domain, however I also do not have those rules being applied to my hosted domains. Can someone please help with writing a rule to exclude ispconfigs domain only, so the above rule can be used again. Thankyou for your time and effort. Cheers Rick
ISPC comes with it's own apache webserver. So if you install mod_security on Debian Etch, it is "only" integrated in the distribution's apache serving the webpages, not within ISPC's apache.