Date: Fri, 25 Jan 2008 19:29:08 +0800 From: "Kevin Foo" <chflags@gmail.com> To: araujo@freebsd.org Cc: freebsd-ports@freebsd.org Subject: Re: mod_security2 rules Message-ID: <25cb30801250329s40bd820bt1c9c8ad59d3ee2be@mail.gmail.com> In-Reply-To: <4799B78E.3000509@FreeBSD.org> References: <25cb30801250003q5f484676s1851351aebc708c5@mail.gmail.com> <4799B78E.3000509@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Marcelo, The problem I faced was not upgrade of mod_security to mod_security2 issue. It was mod_security 2.1.4 overwrote my rule files of 2.1.3. These rule files were modification of default mod_security2 core rules. >From file "mod_security2/README" :- To activate the rules for your web server installation: 1) You may want to edit and customize modsecurity_crs_10_config.conf. Additionally you may want to edit modsecurity_crs_30_http_policy.conf which enforces an application specific HTTP protocol usage. For instance, I edited modsecurity_crs_10_config.conf and so on to activate mod_security on apache and further modified the rules to suit my needs. When upgraded mod_security from 2.1.3 to 2.1.4 with portupgrade, all these files were replaced to the default core rules. Should the ports take more care when comes to upgrading configuration files? Some ports append configuration with suffix i.e. myconf.conf.default to avoid such problem. It is just a minor bug and I don't think this worth for a PR. Thus, I email instead. Anyway, thanks for your effort in maintaining ports. -- Regards Kevin Foo On Jan 25, 2008 6:18 PM, Marcelo Araujo <araujobsdport@gmail.com> wrote: > Hey dear Kevin, > > The change to version 2 of mod_security is a dramatic change, because > exist a need to completely rewrite their obsolete rules for ability to > use the new syntax. > I search but not find in UPDATE files any references about this, I > believe I forgot this. > > Thanks about the alert, I will take the providences! > > Best Regards, > > -- > Marcelo Araujo (__) > araujo@FreeBSD.org \\\'',) > http://www.FreeBSD.org \/ \ ^ > Power To Server. .\. /_) > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25cb30801250329s40bd820bt1c9c8ad59d3ee2be>