Re: [mod-security-users] ModSecurity version and nginx open source edition
Brought to you by:
victorhora,
zimmerletw
From: Victor H. <vic...@gm...> - 2017-05-23 23:14:41
|
Hi Ervin, (sorry for the question, but what do you mean about "steroids"? :)) > No need for sorry :). Yeah it's the same module and code in the end, but I mean that you get the performance enhancements from Nginx+ itself (not ModSecurity), the fact that it is a loadable module (so you don't need to recompile Nginx yourself when a new version / update comes out) and you also get full support from them for Nginx, libModSecurity, and your loaded OWASP CRS. More info here: https://www.nginx.com/blog/modsecurity-waf-released/ > just a (relevant :)) question: is there any roadmap about > libmodsecurity? I mean, when will it "stable", and when will it > supports Lua? :) > We are working to get a stable version later this year, but can't say the date yet as there's still a lot of work to be done to make it feature complete with 2.9.x. You can check the progress by checking the latest commits to v3 master branch here: https://github.com/SpiderLabs/ModSecurity/commits/v3/master These are some of the roadmaps we have for libModSecurity: https://github.com/SpiderLabs/ModSecurity/milestone/9 https://github.com/SpiderLabs/ModSecurity/milestone/8 Cheers. -- - Victor Ribeiro Hora |