[Mod-security-developers] [JIRA] Closed: (MODSEC-98) Process phase 1 in the same Apache hook as pha

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-98?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto closed MODSEC-98.
-----------------------------------

    Resolution: Fixed

> Process phase 1 in the same Apache hook as phase 2
> --------------------------------------------------
>
>                 Key: MODSEC-98
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-98
>             Project: ModSecurity
>          Issue Type: Improvement
>      Security Level: Normal
>            Reporter: Ivan Ristic
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.0
>
>
> I have this idea that ModSecurity should not use post_read for its phase 1. Instead, phase 1 should use the same hook as phase 2. With this change, users would be able to override configuration from a
> <Location> or <Directory> container, removing the problem that has been causing confusion for years. The only advantage of having phase 1 early is to allow for rules that are protecting Apache itself, but I am yet to see a single such rule. Besides, we can still keep one such early phase (although we'd better move to using names for phases, instead of numbers).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Mod-security-developers] [JIRA] Closed: (MODSEC-98) Process phase 1 in the same Apache hook as pha

[Mod-security-developers] [JIRA] Closed: (MODSEC-98) Process phase 1 in the same Apache hook as phase 2