Hi, Thanks for your advice. This is my first time writing Apache modules. Do I need to create a Git/SVN pull request with my code now, or should I wait until I get the green light?
Sorry for all the questions, and thanks for your patience. Le dim. 2 nov. 2025 à 21:50, Christian Folini via dev <[email protected]> a écrit : > Hey Pierre, > > I'm not an Apache developer, so my proposals don't matter. > > Yet from an operational standpoint, it is far easier to use a new > functionality in an existing module (that is already a prerequisite > for ModSecurity in this particular case), then convincing your users > to add a new module. > > Best, > > Christian > > On Sun, Nov 02, 2025 at 05:42:16PM +0100, Pierre Pilou wrote: > > Hi Christian, > > Thanks for your response > > What is your advice? Let mod_random be proposed as another module that > > lives in parallele of mod_unique_id (my preference) ? Or move my code > into > > mod_unique_id? > > > > Kind Regards > > > > Le dim. 2 nov. 2025 à 17:24, Christian Folini via dev < > [email protected]> > > a écrit : > > > > > On Sun, Nov 02, 2025 at 12:53:52PM +0100, Pierre Pilou wrote: > > > > mod_unique_id provides a unique but deterministic variable based on a > > > > timestamp and a counter. The counter requires a lock via > apr_atomic_inc32 > > > > to guarantee the correlation between requests (and could be a > performance > > > > issue). I thought this module was mainly used for correlation in a > > > logging > > > > system rather than for use in a security system. > > > > > > I'm sure that's the main use. But entropy is very hard to come by > within > > > the Apache config / ModSecurity rule language. And this is what we > came up > > > with. > > > > > > For those interested, here is the rules in question: > > > > > > > > > > https://github.com/coreruleset/coreruleset/blob/main/rules/REQUEST-901-INITIALIZATION.conf#L400 > > > > > > If we could get that out of a mod_unique_id environment variable, it > would > > > be much easier. > > > > > > Best, > > > > > > Christian > > > > > > > > > -- > > > It's really hard to innovate if you're afraid to open your mouth. > > > -- Greg Lukianoff > > > >
