Re: [mod-security-users] The difference between v2 and v3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] The difference between v2 and v3
|
From: Christian F. <chr...@ne...> - 2021-01-08 15:36:24
|
On Fri, Jan 08, 2021 at 02:59:34PM +0000, Michael Woods via mod-security-users wrote: > We are current users of version 2 of mod_security and wondering what is the > differences between this and version 3. What issues are experienced when > moving to version 2?regards Different when moving from v2 to v3? Or the other way around? Your wording is not quite clear, sorry. Brief summary of what is potentially a big discussion: v3 has the advantage it runs "stable" on nginx. I put this in apostrophes, since it has certain gaps in the implementation and suffers from a series of weaknesses. The ModSecurity reference platform for the OWASP ModSecurity Core Rule Set project (CRS) is ModSecurity v2 on Apache 2.4. v3 fails to pass the testsuite of CRS because of the issues named above and also has severe performance problems. On the bright side, v3 is actively developed, while v2 is stable but no longer under active development. Also, ModSecurity v2 is not stable on Nginx. Regs, Christian > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
