This object is in archive!
Allow modsecurity version selection in easyapache
Open Discussion
Further to having multiple servers (using the Atomic Real Time Rules) break after cPanel pushed out Mod Security 2.8.0 without warning - I am requesting that cpanel provides admin with some sort of control over the version of ModSecurity gets compiled in with easyapache.
http://forums.cpanel.net/f442/revert-mod_security-2-7-7-a-411361.html
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
It is not currently planned to support multiple versions of ModSecurity at one time. The incurred technical costs of maintaining multiple versions of any software adds up and can prevent the addition of newer features at the cost of legacy support. Therefore we try to limit our support of multiple versions to only situations where critical and necessary.
In this particular situation, we'd likely consider tackling this by means of ensuring that the server doesn't get into such a state.
This may be through existing rules and halting/preventing upgrade when existing rules fail to validate the new version.
Another route discussed is by pulling ModSecurity out of the EasyApache tool and it being its own standalone module to install/uninstall that has its own validation for each install/upgrade, again halting on failure to validate with the current rules.
I can't promise anything just yet on what/when we'll pursue, but I did want to mention it is unlikely that we will take the route of supporting multiple ModSecurity versions simultaneously.
I welcome further input/comments on this and the use cases that server owners run into with ModSecurity issues (install/upgrade/otherwise).
It is not currently planned to support multiple versions of ModSecurity at one time. The incurred technical costs of maintaining multiple versions of any software adds up and can prevent the addition of newer features at the cost of legacy support. Therefore we try to limit our support of multiple versions to only situations where critical and necessary.
In this particular situation, we'd likely consider tackling this by means of ensuring that the server doesn't get into such a state.
This may be through existing rules and halting/preventing upgrade when existing rules fail to validate the new version.
Another route discussed is by pulling ModSecurity out of the EasyApache tool and it being its own standalone module to install/uninstall that has its own validation for each install/upgrade, again halting on failure to validate with the current rules.
I can't promise anything just yet on what/when we'll pursue, but I did want to mention it is unlikely that we will take the route of supporting multiple ModSecurity versions simultaneously.
I welcome further input/comments on this and the use cases that server owners run into with ModSecurity issues (install/upgrade/otherwise).
It is not currently planned to support multiple versions of ModSecurity at one time. The incurred technical costs of maintaining multiple versions of any software adds up and can prevent the addition of newer features at the cost of legacy support. Therefore we try to limit our support of multiple versions to only situations where critical and necessary.
In this particular situation, we'd likely consider tackling this by means of ensuring that the server doesn't get into such a state.
This may be through existing rules and halting/preventing upgrade when existing rules fail to validate the new version.
Another route discussed is by pulling ModSecurity out of the EasyApache tool and it being its own standalone module to install/uninstall that has its own validation for each install/upgrade, again halting on failure to validate with the current rules.
I can't promise anything just yet on what/when we'll pursue, but I did want to mention it is unlikely that we will take the route of supporting multiple ModSecurity versions simultaneously.
I welcome further input/comments on this and the use cases that server owners run into with ModSecurity issues (install/upgrade/otherwise).
It is not currently planned to support multiple versions of ModSecurity at one time. The incurred technical costs of maintaining multiple versions of any software adds up and can prevent the addition of newer features at the cost of legacy support. Therefore we try to limit our support of multiple versions to only situations where critical and necessary.
In this particular situation, we'd likely consider tackling this by means of ensuring that the server doesn't get into such a state.
This may be through existing rules and halting/preventing upgrade when existing rules fail to validate the new version.
Another route discussed is by pulling ModSecurity out of the EasyApache tool and it being its own standalone module to install/uninstall that has its own validation for each install/upgrade, again halting on failure to validate with the current rules.
I can't promise anything just yet on what/when we'll pursue, but I did want to mention it is unlikely that we will take the route of supporting multiple ModSecurity versions simultaneously.
I welcome further input/comments on this and the use cases that server owners run into with ModSecurity issues (install/upgrade/otherwise).
Replies have been locked on this page!