Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Jan 2008 19:29:08 +0800
From:      "Kevin Foo" <chflags@gmail.com>
To:        araujo@freebsd.org
Cc:        freebsd-ports@freebsd.org
Subject:   Re: mod_security2 rules
Message-ID:  <25cb30801250329s40bd820bt1c9c8ad59d3ee2be@mail.gmail.com>
In-Reply-To: <4799B78E.3000509@FreeBSD.org>
References:  <25cb30801250003q5f484676s1851351aebc708c5@mail.gmail.com> <4799B78E.3000509@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dear Marcelo,

The problem I faced was not upgrade of mod_security to mod_security2 issue.
It was mod_security 2.1.4 overwrote my rule files of 2.1.3. These rule files
were modification of default mod_security2 core rules.

>From file "mod_security2/README" :-
To activate the rules for your web server installation:

  1) You may want to edit and customize modsecurity_crs_10_config.conf.
     Additionally you may want to edit modsecurity_crs_30_http_policy.conf
     which enforces an application specific HTTP protocol usage.

For instance, I edited modsecurity_crs_10_config.conf and so on to activate
mod_security on apache and further modified the rules to suit my needs. When
upgraded mod_security from 2.1.3 to 2.1.4 with portupgrade, all these files
were replaced to the default core rules. Should the ports take more care
when comes to upgrading configuration files? Some ports append configuration
with suffix i.e. myconf.conf.default to avoid such problem.

It is just a minor bug and I don't think this worth for a PR. Thus, I email
instead. Anyway, thanks for your effort in maintaining ports.

-- 
Regards
Kevin Foo

On Jan 25, 2008 6:18 PM, Marcelo Araujo <araujobsdport@gmail.com> wrote:

> Hey dear Kevin,
>
> The change to version 2 of mod_security is a dramatic change, because
> exist a need to completely rewrite their obsolete rules for ability to
> use the new syntax.
> I search but not find in UPDATE files any references about this, I
> believe I forgot this.
>
> Thanks about the alert, I will take the providences!
>
> Best Regards,
>
> --
> Marcelo Araujo            (__)
> araujo@FreeBSD.org     \\\'',)
> http://www.FreeBSD.org   \/  \ ^
> Power To Server.         .\. /_)
>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25cb30801250329s40bd820bt1c9c8ad59d3ee2be>