Re: [mod-security-users] The difference between v2 and v3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for the info
Tel:       01257 266394 Mobile: 07944032617 Email:  sco...@ya... 

    On Friday, 8 January 2021, 15:37:02 GMT, Christian Folini <chr...@ne...> wrote:  

 On Fri, Jan 08, 2021 at 02:59:34PM +0000, Michael Woods via mod-security-users
wrote:
> We are current users of version 2 of mod_security and wondering what is the
> differences between this and version 3. What issues are experienced when
> moving to version 2?regards

Different when moving from v2 to v3? Or the other way around? Your wording is
not quite clear, sorry.

Brief summary of what is potentially a big discussion:

v3 has the advantage it runs "stable" on nginx. I put this in apostrophes,
since it has certain gaps in the implementation and suffers from a series of
weaknesses.

The ModSecurity reference platform for the OWASP ModSecurity Core Rule Set
project (CRS) is ModSecurity v2 on Apache 2.4.

v3 fails to pass the testsuite of CRS  because of the issues named above
and also has severe performance problems.

On the bright side, v3 is actively developed, while v2 is stable but no longer
under active development. Also, ModSecurity v2 is not stable on Nginx.

Regs,

Christian

> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/

_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/