Clearing the cruft
Today I took a step I’ve been meaning to take for a few weeks: I wiped out most of it in favor of a simpler file using
mod_security which, because it can filter in a much more specific manner, allows the removal of many of the convoluted tactics from the old file. I followed this walk-through. I’ve actually cut the length of the file nearly in half, and one of the other benefits of
mod_security’s flexibility is that the resulting file would work perfectly well, with no changes, on another site—it isn’t, for example, customized to account for my renamed comment scripts, and the rules are less likely to block where they shouldn’t.
The one drawback is that I haven’t found a way to make the Google exception properly. (Just wait until we’re getting search term spamming! Spoofed Google referrers with the spam in the query string?)
I’m leaving the old file intact (at this different URL) for those whose web hosts haven’t installed
mod_security, but I will not continue updating it.
Now Playing: Spark from Starfish by The Church