httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] mod_security general question...
Date Wed, 23 Aug 2006 02:58:18 GMT
Jignesh Badani wrote:
> Thanks Nick, it makes sense. So can I assume that the Apache group is fine 
> with its user base using 3rd party mod_security 

Why not?  http://modules.apache.org/ - lots of modules - we have no problem
with users deploying any module which solves their requirements.

> and that they do not plan to develop something similar ?

I haven't seen anyone express interest in developing such features for
the core server, nor any feedback from mod_security developers asking
to become part of the core server.

As a general rule the httpd project doesn't seek out more features, devs
bring us offers of more features.  Or they host them seperately.

> The reason I am confused is I see Ryan Barnett as Team Lead for "Internet 
> Security Apache Benchmark Project" and he talks/writes a lot about 
> mod_security. 

http://www.amazon.com/gp/product/0321321286/ref=sr_11_1/104-5102527-8430348?ie=UTF8
(newly minted, and the page includes a good bio for Ryan.)

Ryan comes from a network/systems security background, and has many valuable
observations, so none of this should come as a surprise.  For that matter,
I never actually saw the mysterious Andrew Ford at the Apache http project
either, although he also writes a decent book :)  Not everyone in the Apache
httpd server sphere actually participates in the project.

The "Internet Security Apache Benchmark Project" is not affiliated with the
Apache software foundation.

> On Tuesday 22 August 2006 23:22, Jignesh Badani wrote:
>> We have been looking at implementing mod_security for quite some time 
>> now, but it is not getting a green flag because the module is not part 
>> of the Apache group offering (yet).

Of course I trust you don't use PHP or any other third party project.

Apache is an extensible platform, ruling in your choices in or out based
on if they are "Apache Software Foundation" projects is silly.  Looking
at the license, the cast of characters supporting the extension etc are
valuable measurements, of course.





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message