Re: [users@httpd] mod_security general question...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks to Nick, Joshua & William for your responses. Keep up the good 
work.

regards
-Jignesh




"William A. Rowe, Jr." <wrowe@xxxxxxxxxxxxx> 
08/22/2006 07:58 PM
Please respond to
users@xxxxxxxxxxxxxxxx


To
users@xxxxxxxxxxxxxxxx
cc

Subject
Re: [users@httpd] mod_security general question...






Jignesh Badani wrote:
> Thanks Nick, it makes sense. So can I assume that the Apache group is 
fine 
> with its user base using 3rd party mod_security 

Why not?  http://modules.apache.org/ - lots of modules - we have no 
problem
with users deploying any module which solves their requirements.

> and that they do not plan to develop something similar ?

I haven't seen anyone express interest in developing such features for
the core server, nor any feedback from mod_security developers asking
to become part of the core server.

As a general rule the httpd project doesn't seek out more features, devs
bring us offers of more features.  Or they host them seperately.

> The reason I am confused is I see Ryan Barnett as Team Lead for 
"Internet 
> Security Apache Benchmark Project" and he talks/writes a lot about 
> mod_security. 

http://www.amazon.com/gp/product/0321321286/ref=sr_11_1/104-5102527-8430348?ie=UTF8

(newly minted, and the page includes a good bio for Ryan.)

Ryan comes from a network/systems security background, and has many 
valuable
observations, so none of this should come as a surprise.  For that matter,
I never actually saw the mysterious Andrew Ford at the Apache http project
either, although he also writes a decent book :)  Not everyone in the 
Apache
httpd server sphere actually participates in the project.

The "Internet Security Apache Benchmark Project" is not affiliated with 
the
Apache software foundation.

> On Tuesday 22 August 2006 23:22, Jignesh Badani wrote:
>> We have been looking at implementing mod_security for quite some time 
>> now, but it is not getting a green flag because the module is not part 
>> of the Apache group offering (yet).

Of course I trust you don't use PHP or any other third party project.

Apache is an extensible platform, ruling in your choices in or out based
on if they are "Apache Software Foundation" projects is silly.  Looking
at the license, the cast of characters supporting the extension etc are
valuable measurements, of course.





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux