Re: [mod-security-users] dynamiconly
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] dynamiconly
|
From: Ivan R. <iv...@we...> - 2006-03-26 10:45:07
|
Chris wrote: > I noticed that dynamiconly is been depreciated, it is my understanding > this saves resources since it stops static files such as images been > checked. > > What is the reason for this, is the performance improvement tiny? is > it unstable? or some other reason? It's a combination of various factors. To use the feature successfully one needs to configure Apache in a special way, but I've seen too many people just ignore that part and/or forget to test if it works. Furthermore, there are inconsistencies in the ways Apache handles certain request types (e.g. for directory requests) which make dynamic-detection somewhat unreliable. ModSecurity has always supported the HANDLER variable (although I see now it's not documented). For 2.0 I'll make sure it is possible to implement the same thing using just rules. But even without that, you could just use SCRIPT_FILENAME to test the file extensions and execute "nolog,allow" for static files. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
