i'm having a problem with mod_security. I have installed it, but i am not sure on how to make the rules for it, i want the rules to prevent all major attacks like cross site scripting, remote file inclusion etc i'm using mod security 2.6.5, apache 2.2 with php 5.3.10. i went to this site http://www.gotroot.com/mod_security+rules but i am not sure how to set up the rules or which one to use, or how i add them properly in httpd.conf, would someone please explain the process and also recommend rules for someone in my position?