Re: [mod-security-users] Please remove
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Please remove
|
From: Brian R. <Bri...@br...> - 2010-01-05 18:20:04
|
Please remove yourself (see bottom of the page): https://lists.sourceforge.net/lists/listinfo/mod-security-users thanks, -B Dave Martin wrote: > Thanks! > > > > -----Original Message----- > From: Brian Rectanus [mailto:Bri...@br...] > Sent: Tuesday, January 05, 2010 1:09 PM > To: sup...@dy... > Cc: mod...@li... > Subject: Re: [mod-security-users] Does mod_security 1.9.5 work with 64-bit unix? > > Hmm, you cut my reply off early, so not sure that you read it all, so > let me add some more detail to the discussion... > > Ivan Ristic rewrote ModSecurity for 2.x to be more modular so that it > was less Apache centric/dependent. This modularity was designed to > separate out the ModSecurity engine from the Web server specific code, > allowing more ability to port to other Web servers and easier adapt to > changes in Apache (such as the jump from v1 to v2). However, there just > was not enough resources (just him) to rewrite for both Apache 1 and > Apache 2 as the architectures of the two platforms are so different, so > the obvious choice is to target the latest (Apache 2) with a design that > was better suited to other platforms (Apache 1, IIS, etc). The core > engine in 2.5 is pretty close to being separated from the Apache code, > however there is not a well defined separation (API) for a separate > Apache 1 module to live by itself. I believe that there was always > intention to add Apache 1.3 support in ModSecurity, but there just was > just not much demand for it and so it never came about. > > The next major ModSecurity release will be 2.6. This will focus more on > modularity and the ability to write third-party modules more easily. At > this point, I think it will be easier to consider a separate modular > port to Apache 1, but probably not by Breach -- especially now that > Apache 2.4 is being carved and the End of Life of 1.3 is finally > becoming a reality > (http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/%3C6...@ma...%3E) > as may be 2.0 as well > (http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/%3Cc...@ma...%3E). > The capabilities should be there and it would be a good community > project if there truly is a market demand for Apache 1 support. > > thanks, > -B > > Peter M. Abraham wrote: > >> Greetings Brian: >> >> We are on H-Sphere 3.0.0 P9. >> >> And while H-Sphere 3.1 forward (Parallels maintains several product lines like mySQL, Apache, etc. -- most of which is considered stable and alive) does support the option to pick on a server-by-server basis whether to be on Apache 1 or Apache 2, we've not yet seen enough incentives to be on Apache 2. >> >> While mod_security 2 is one incentive, it is not large enough to have us leave an extremely stable, supported by the Apache community (that is to state, not declared EOL), Apache 1 along with the stability we have with H-Sphere 3.0.0 P9 (almost all of the new versions - multi-branch like mySQL, Apache, etc.) have stability issues. >> >> What I don't understand is that since Apache 1.3.41 has not been declared EOL, and Apache 1 is still very popular, why Breach doesn't support both versions of Apache. But that's just my own lack of understanding. >> >> Thank you. >> >> ________________________________________________ >> Peter M. Abraham >> Support and Customer Care Department >> Dynamic Net, Inc. >> Helping companies do business on the Net >> 13 Cowpath >> Denver, PA 17517 >> Toll Free Voice: 1-888-887-6727 >> International: 1-717-484-1062 >> FAX: 1-717-484-1162 >> Web: http://www.dynamicnet.net/services/hsphere.htm >> >> >>> -----Original Message----- >>> From: Brian Rectanus [mailto:Bri...@br...] >>> Sent: Monday, January 04, 2010 5:38 PM >>> To: sup...@dy... >>> Cc: mod...@li... >>> Subject: Re: [mod-security-users] Does mod_security 1.9.5 work with 64-bit unix? >>> >>> >>> Peter M. Abraham wrote: >>> >>>> Greetings: >>>> >>>> We and many of our colleagues use a hosting automation system where Apache >>>> 1.3 (Apache, like mySQL maintains several production lines) is still the >>>> flavor and will be for a number of years to come. >>>> >>>> Are there any adjustments that need to be made to mod_security.c under Mod >>>> Security 1.9.5 for it to compile under CentOS 5.4 64-bit when using Apache >>>> 1? >>>> >>> What automation system are you using that is not at least Apache 2.0 >>> compatible? >>> > > -- Brian Rectanus Breach Security |
