From owner-freebsd-ports@FreeBSD.ORG Fri Jan 25 11:29:10 2008 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB37516A417 for ; Fri, 25 Jan 2008 11:29:10 +0000 (UTC) (envelope-from chflags@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.freebsd.org (Postfix) with ESMTP id 7AC6513C461 for ; Fri, 25 Jan 2008 11:29:10 +0000 (UTC) (envelope-from chflags@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so1012272pyb.10 for ; Fri, 25 Jan 2008 03:29:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=WO/jXTCytlCKwlidFoKK6A5tKPg4ighvQiniGd9TWeY=; b=vR/Sjg80tvk5S5yHsZdgGA2h77YMk3deW9WExPCHHLC0YMwIHpFSAjCuaHYwJ7SEzhGyEd1SiFkP5YB7s2Bwpfe8b8VqRK6cZ0OHQhgDatGzaHeuIR4FMEz8GMQb6HCRBoe4+swFTXyI9jWvQ1sF6s0cNO8lc8Q9eGmpFXtoYJc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=C+s0tCwd8BMs0lvpTX0UBMEWY5XSOfFrFx6OLAqyt/KySjtKlcgYRRCEVKPokgpefLlBjDSiLYi1uVjPmChctPs0XbNXFqKyUFt9Ag5nZNTscDqiO7pvT3+J+7hPtgrqL3PR9YNNqGM5Fw8kIYS46Z1QIrjUt4S/Jah5dyjvTco= Received: by 10.65.154.2 with SMTP id g2mr4065153qbo.55.1201260548163; Fri, 25 Jan 2008 03:29:08 -0800 (PST) Received: by 10.65.137.9 with HTTP; Fri, 25 Jan 2008 03:29:08 -0800 (PST) Message-ID: <25cb30801250329s40bd820bt1c9c8ad59d3ee2be@mail.gmail.com> Date: Fri, 25 Jan 2008 19:29:08 +0800 From: "Kevin Foo" To: araujo@freebsd.org In-Reply-To: <4799B78E.3000509@FreeBSD.org> MIME-Version: 1.0 References: <25cb30801250003q5f484676s1851351aebc708c5@mail.gmail.com> <4799B78E.3000509@FreeBSD.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ports@freebsd.org Subject: Re: mod_security2 rules X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: chflags@gmail.com List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2008 11:29:11 -0000 Dear Marcelo, The problem I faced was not upgrade of mod_security to mod_security2 issue. It was mod_security 2.1.4 overwrote my rule files of 2.1.3. These rule files were modification of default mod_security2 core rules. >From file "mod_security2/README" :- To activate the rules for your web server installation: 1) You may want to edit and customize modsecurity_crs_10_config.conf. Additionally you may want to edit modsecurity_crs_30_http_policy.conf which enforces an application specific HTTP protocol usage. For instance, I edited modsecurity_crs_10_config.conf and so on to activate mod_security on apache and further modified the rules to suit my needs. When upgraded mod_security from 2.1.3 to 2.1.4 with portupgrade, all these files were replaced to the default core rules. Should the ports take more care when comes to upgrading configuration files? Some ports append configuration with suffix i.e. myconf.conf.default to avoid such problem. It is just a minor bug and I don't think this worth for a PR. Thus, I email instead. Anyway, thanks for your effort in maintaining ports. -- Regards Kevin Foo On Jan 25, 2008 6:18 PM, Marcelo Araujo wrote: > Hey dear Kevin, > > The change to version 2 of mod_security is a dramatic change, because > exist a need to completely rewrite their obsolete rules for ability to > use the new syntax. > I search but not find in UPDATE files any references about this, I > believe I forgot this. > > Thanks about the alert, I will take the providences! > > Best Regards, > > -- > Marcelo Araujo (__) > araujo@FreeBSD.org \\\'',) > http://www.FreeBSD.org \/ \ ^ > Power To Server. .\. /_) > > >