diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml
index bd5110e..3dc5804 100644
--- a/ansible/roles/podman/defaults/main.yml
+++ b/ansible/roles/podman/defaults/main.yml
@@ -112,7 +112,7 @@ crs_rule_links:
   - name: REQUEST-944-APPLICATION-ATTACK-JAVA
     enabled: true
   - name: REQUEST-949-BLOCKING-EVALUATION
-    enabled: true
+    enabled: false
   - name: RESPONSE-950-DATA-LEAKAGES
     enabled: true
   - name: RESPONSE-951-DATA-LEAKAGES-SQL
diff --git a/ansible/roles/podman/tasks/configuration-nginx-modsec.yml b/ansible/roles/podman/tasks/configuration-nginx-modsec.yml
index 861c844..46d33b8 100644
--- a/ansible/roles/podman/tasks/configuration-nginx-modsec.yml
+++ b/ansible/roles/podman/tasks/configuration-nginx-modsec.yml
@@ -48,7 +48,9 @@
     mode: 0644
     remote_src: true
   loop: "{{ modsec_conf_links }}"
-  notify: restorecon podman
+  notify:
+    - restorecon podman
+    - restart nginx
   tags: modsec
 
 - name: setup coreruleset rules
@@ -63,7 +65,23 @@
     remote_src: true
   when: item.enabled
   loop: "{{ crs_rule_links }}"
-  notify: restorecon podman
+  notify:
+    - restorecon podman
+    - restart nginx
+  tags:
+    - modsec
+    - modsec_rules
+
+- name: removed disabled coreruleset rules
+  become: true
+  ansible.builtin.file:
+    path: "{{ modsec_rules_path }}/{{ item.name }}.conf"
+    state: absent
+  when: not item.enabled
+  loop: "{{ crs_rule_links }}"
+  notify:
+    - restorecon podman
+    - restart nginx
   tags:
     - modsec
     - modsec_rules
@@ -79,7 +97,9 @@
     mode: 0644
     remote_src: true
   loop: "{{ crs_data_links }}"
-  notify: restorecon podman
+  notify:
+    - restorecon podman
+    - restart nginx
   tags:
     - modsec
     - modsec_rules
diff --git a/ansible/roles/podman/tasks/container-bookstack.yml b/ansible/roles/podman/tasks/container-bookstack.yml
index c117ac7..89271ad 100644
--- a/ansible/roles/podman/tasks/container-bookstack.yml
+++ b/ansible/roles/podman/tasks/container-bookstack.yml
@@ -60,7 +60,7 @@
   containers.podman.podman_container:
     name: bookstack
     image: docker.io/solidnerd/bookstack:22.04
-    recreate: false
+    recreate: true
     restart: false
     restart_policy: on-failure
     log_driver: journald
diff --git a/ansible/roles/podman/tasks/podman.yml b/ansible/roles/podman/tasks/podman.yml
index 6d97c72..a6119c3 100644
--- a/ansible/roles/podman/tasks/podman.yml
+++ b/ansible/roles/podman/tasks/podman.yml
@@ -85,6 +85,8 @@
   become_user: "{{ podman_user }}"
   containers.podman.podman_network:
     name: shared
+    internal: false
+    disable_dns: false
   tags: podman
 
 - name: allow unprivileged ports to lower number
diff --git a/ansible/roles/podman/templates/nginx/sites/wiki.skudakrennsport.com.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/wiki.skudakrennsport.com.https.conf.j2
index 6f6b91e..cb786c2 100644
--- a/ansible/roles/podman/templates/nginx/sites/wiki.skudakrennsport.com.https.conf.j2
+++ b/ansible/roles/podman/templates/nginx/sites/wiki.skudakrennsport.com.https.conf.j2
@@ -6,7 +6,7 @@ server {
   modsecurity on;
   modsecurity_rules_file /etc/nginx/modsec_includes.conf;
 
-  resolver 127.0.0.1 127.0.0.53 9.9.9.9 valid=60s;
+  resolver 9.9.9.9 valid=60s;
 
   listen 443 ssl http2;
   server_name {{ bookstack_server_name }};