Thread: [mod-security-users] ModSecurity 2.0.0-dev1 Question

Brought to you by: victorhora, zimmerletw

mod-security-users

[mod-security-users] ModSecurity 2.0.0-dev1 Question

From: Zach R. <ad...@li...> - 2006-03-18 13:38:42

"P.S. There is no support for Apache 1.x in this development release."

I hadn't had time to look into the 2.0.0 release for a bit aside from
reading the notes on the mailing list.

Does this mean that 2.0.0 is going to support Apache 2+ only or will it
be made for 1.3 too?

--
Zach

Re: [mod-security-users] ModSecurity 2.0.0-dev1 Question

From: Ivan R. <iv...@we...> - 2006-03-18 20:56:14

Zach Roberts wrote:
> "P.S. There is no support for Apache 1.x in this development release."
> 
> I hadn't had time to look into the 2.0.0 release for a bit aside from
> reading the notes on the mailing list.
> 
> Does this mean that 2.0.0 is going to support Apache 2+ only or will it
> be made for 1.3 too?

  I haven't decided yet. But I can tell you that I have no need for
  ModSecurity to run with Apache 1.3.x and that maintaining two
  versions requires a lot of my time.

  It would be nice to know how many people are actually running
  ModSecurity with Apache 1.3.x, but that's very difficult to
  tell considering ModSecurity is an open source project. Perhaps
  a survey would be a good idea...

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net

Re: [mod-security-users] ModSecurity 2.0.0-dev1 Question

From: Zach R. <ad...@li...> - 2006-03-18 21:52:54

I can give you several reasons why supporting Apache 1.3.x is a must.

1) cPanel does not support any version of Apache higher than 1.3 at this
time. There is no clear timetable for the support of Apache 2. As the
dominate control panel this will limit many of us to 1.9.x.

2) Many that haven't upgraded to Apache 2 just see no reason. Apache
1.3.x has served our needs well and continues to do so.

3) I really want that RBL support and I use cPanel. :)

Zach

Ivan Ristic wrote:
> Zach Roberts wrote:
>   
>> "P.S. There is no support for Apache 1.x in this development release."
>>
>> I hadn't had time to look into the 2.0.0 release for a bit aside from
>> reading the notes on the mailing list.
>>
>> Does this mean that 2.0.0 is going to support Apache 2+ only or will it
>> be made for 1.3 too?
>>     
>
>   I haven't decided yet. But I can tell you that I have no need for
>   ModSecurity to run with Apache 1.3.x and that maintaining two
>   versions requires a lot of my time.
>
>   It would be nice to know how many people are actually running
>   ModSecurity with Apache 1.3.x, but that's very difficult to
>   tell considering ModSecurity is an open source project. Perhaps
>   a survey would be a good idea...
>
>

Re: [mod-security-users] ModSecurity 2.0.0-dev1 Question

From: Alberto G. I. <ag...@in...> - 2006-03-19 17:03:57

On Sat, Mar 18, 2006 at 08:57:56PM +0000, Ivan Ristic wrote:
> Zach Roberts wrote:
> > "P.S. There is no support for Apache 1.x in this development release.=
"
> >=20
> > I hadn't had time to look into the 2.0.0 release for a bit aside from
> > reading the notes on the mailing list.
> >=20
> > Does this mean that 2.0.0 is going to support Apache 2+ only or will =
it
> > be made for 1.3 too?
>=20
>   I haven't decided yet. But I can tell you that I have no need for
>   ModSecurity to run with Apache 1.3.x and that maintaining two
>   versions requires a lot of my time.
>=20
>   It would be nice to know how many people are actually running
>   ModSecurity with Apache 1.3.x, but that's very difficult to
>   tell considering ModSecurity is an open source project. Perhaps
>   a survey would be a good idea...
>=20

My new servers usually end up with Apache 2.x, but the ones already
working (and perfectly) are mostly using Apache 1.3.x and I won't bother
on moving them in some years. I guess this kind of situation is quite
common.

But you asked for stats, so here there are some:
http://popcon.debian.org/by_inst  (WARNING: 5 MB file)

To sum up:
mod-security-common              245 installations=20
(common package for both the Apache 2.x and the Apache 1.3.x packages)
libapache2-mod-security          175 installs
libapache-mod-security            99 installs
(probably more than one has both installed)

Also to be mentioned that the tool used to make this stats was made an
install decision on Sarge (new installs) so probably there's a bunch of
Woodys using it not listed (i.e. my oldest servers).

Regards,

Alberto

--=20
Alberto Gonzalez Iniesta    | Formaci=F3n, consultor=EDa y soporte t=E9cn=
ico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint =3D 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3

Re: [mod-security-users] ModSecurity 2.0.0-dev1 Question

From: Ivan R. <iv...@we...> - 2006-03-21 11:09:41

Alberto Gonzalez Iniesta wrote:
>
> But you asked for stats, so here there are some:
> http://popcon.debian.org/by_inst  (WARNING: 5 MB file)
> 
> To sum up:
> mod-security-common              245 installations 
> (common package for both the Apache 2.x and the Apache 1.3.x packages)
> libapache2-mod-security          175 installs
> libapache-mod-security            99 installs
> (probably more than one has both installed)

  That's quite interesting. Judging by those numbers there are
  more Apache 1.3.x users than I thought there would be.

  Are there any estimates of the total number of Debian
  users? It would be nice to be able to extrapolate the total
  number of Debian users of ModSecurity.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net

Re: [mod-security-users] ModSecurity 2.0.0-dev1 Question

From: Alberto G. I. <ag...@in...> - 2006-03-21 11:40:54

On Tue, Mar 21, 2006 at 11:10:15AM +0000, Ivan Ristic wrote:
> Alberto Gonzalez Iniesta wrote:
> >
> > But you asked for stats, so here there are some:
> > http://popcon.debian.org/by_inst  (WARNING: 5 MB file)
> >=20
> > To sum up:
> > mod-security-common              245 installations=20
> > (common package for both the Apache 2.x and the Apache 1.3.x packages=
)
> > libapache2-mod-security          175 installs
> > libapache-mod-security            99 installs
> > (probably more than one has both installed)
>=20
>   That's quite interesting. Judging by those numbers there are
>   more Apache 1.3.x users than I thought there would be.
>=20
>   Are there any estimates of the total number of Debian
>   users? It would be nice to be able to extrapolate the total
>   number of Debian users of ModSecurity.
>=20


Hi Ivan,

I guess it's pretty hard to estimate the number of Debian users. Since
there's no licences, no registration, and lots of derivated distros.



--=20
Alberto Gonzalez Iniesta    | Formaci=F3n, consultor=EDa y soporte t=E9cn=
ico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint =3D 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3