[mod-security-users] mod_security in .htaccess files opinions?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] mod_security in .htaccess files opinions?
|
From: Ivan R. <iv...@we...> - 2004-09-27 18:32:49
|
I am thinking about removing the ability of mod_security to have its configuration directives in .htaccess files. I am even considering doing that in the forthcoming 1.8.5 release. I haven't made up my mind yet but I'd like to know what others think about it. For example: * Are you configuring mod_security from .htaccess files? * Are you aware mod_security can be used from .htaccess files (AllowOverride AuthConfig is required)? * Would you consider giving other (semi-trusted) people access to mod_security directives? Basically I am not convinced people are aware mod_security directives can be used from .htaccess files and about potential consequences. (I am to blame for that, of course, I should have documented that better.) On the other hand, I would hate to break backward compatibility in a minor, bug-fixing release. So the other option is to have .htaccess configuration directives off by default in 1.9.x, and introduce a global directive to enable it explicitly. Would someone care to share their views? -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
