Hi. Thierry Fournier <[email protected]> have written on Wed, 31 May 2017 16:49:53 +0200:
> Le 29 mai 2017 11:40:47 AM Willy TARREAU <[email protected]> a > écrit : > > > Hi Thierry, Dragan, > > > > On Mon, May 29, 2017 at 11:25:48AM +0200, Thierry Fournier wrote: > >> Hi dragan, thats a great news. > > > > Yep great news and apparently great work (as usual). > > > >> Just for information, the official project “mod_defender” is now > >> here > >> > >> https://github.com/VultureProject/mod_defender > > > > Since both of them are at the exact same commit ID, do you know if > > the project simply moved or is forked ? Does this mean we should > > expect to find updates only at the new URL above and not at the > > previous one ? Or maybe someone should just contact the project > > maintainer to know which one is supposed to be the right one. > > > The project owner says that is moved. I suppose that is for using the > brand of his own company. > > > > > > Two other comments while I'm thinking about this : > > - Dragan, I think it could be useful to mention in the README > > that in its current state, the module is limited by haproxy to the > > analysis of the first buffer and that just like for the mod_sec > > equivalent, one workaround may consist in significantly increasing > > haproxy's buffer size ; > > > > - Thierry/Dragan, given that both of your contribs were made from > > Apache modules, do you think it would be useful/feasible to have > > a more generic SPOE<->APR agent to natively support more Apache > > modules ? Some people might want to recompress images or inline > > CSS and JS for example, and while I totally despise these > > practises which modify the delivered contents and corrupt > > caches, I can understand why some people would prefer to run this > > on the edge LB than having to configure it on all hosted servers. > > > Hard question. the question is not about spoe <-> apr but spoe <-> > apache throuhgt apr. the usage of modsecurity I just writen the code > used by modsec, but for more compatibility we must implement the > behavior of apache and it is a big job and a little bit hazardous. I would go via http/https to apache. There are some interesting modules for apache and nginx which are interresing for haproxy but no time for implementing and nor resources. https://developers.google.com/speed/pagespeed/module/ https://www.startpage.com/do/search?q=mod+brotli ... > Thierry Regards Aleks > > > > Let's wait for a bit more feedback (if any) but at least from a > > quality perspective I'm fine with merging it as-is. > > > > Cheers, > > Willy > > >
