• Several typos and grammatical mistakes have been corrected as the first version had been written in a very fast pace.
• The section about the filter inheritance has been rewritten from scratch in order to present the relevant directives in a more logical order and also to include some explanation and example about the SecFilterInheritanceMandatory directive, which was completely missing in the first revision.
• The explanations of some of the directives have been rewritten.
• The section with the recommended filters was also updated with some more info about the presented filters and also a horrible mistake – weak and strong XSS attack rules were the same – has been corrected.

For example, in my case, it is needed to add text/xml to the acceptable encodings in a POST request, so that the wordpress pingbacks/trackbacks work. But, pingbacks still won’t work if the filter, that matches requests without a User-Agent header, denies further processing of the request. This happens because wordpress sends a GET request without specifying a user-agent string prior to actually executing the pings. Not to mention filters that catch other types of attacks (sql injection etc). It takes time…