httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: Pull mod_unique_id out of default build?
Date Sat, 07 Nov 2009 09:28:10 GMT

On 7 Nov 2009, at 06:25, Brian Rectanus wrote:

> Yes, mod_security requires it.  Many who use mod_security may not even
> realize it.  It would be a shame to have vendors drop it by default,
> which would make mod_security a bit more difficult to install on
> vendor built httpd installs.

Isn't that overstating a case?  We have a steady trickle of people who
we have to tell to disable it to get a working webserver (and no doubt
many more who quietly find that advice by googling their problem).
So mod_security can't just assume it has mod_unique_id in any case.

>  I have not really seen any other product
> use it though and have debated rewriting something similar to include
> in mod_security.  Who "owns" the mod_unique_id code?  Maybe it could
> be donated to mod_security to include it in it's own code so we don't
> have to wory about it?

You're Breach Security, right?  Is that an official request?
How hard have you looked for other apps?

You can get the history of who committed and subsequently maintained
it from  And you can of course clone it.
But we generally prefer you participate here if you
find it needs more maintenance than it's getting from us.

Nick Kew

View raw message