Hi Willy, Thierry, Thank you both for the comments!
On 29.5.2017. 11:40, Willy TARREAU wrote: > > Yep great news and apparently great work (as usual). > >> Just for information, the official project “mod_defender†is now here >> >> https://github.com/VultureProject/mod_defender > > Since both of them are at the exact same commit ID, do you know if the > project simply moved or is forked ? Does this mean we should expect to > find updates only at the new URL above and not at the previous one ? Or > maybe someone should just contact the project maintainer to know which > one is supposed to be the right one. > OK, thanks for the info. I can update the project link later. > Two other comments while I'm thinking about this : > - Dragan, I think it could be useful to mention in the README that in > its current state, the module is limited by haproxy to the analysis > of the first buffer and that just like for the mod_sec equivalent, > one workaround may consist in significantly increasing haproxy's > buffer size ; > Added to README. I'll send you an updated patch. > - Thierry/Dragan, given that both of your contribs were made from > Apache modules, do you think it would be useful/feasible to have > a more generic SPOE<->APR agent to natively support more Apache > modules ? Some people might want to recompress images or inline > CSS and JS for example, and while I totally despise these > practises which modify the delivered contents and corrupt caches, > I can understand why some people would prefer to run this on the > edge LB than having to configure it on all hosted servers. > It should be feasible to make it more generic, but could be complex. One of the important parts is the way the Apache2 modules hooks are called and input/output filters. Of course, other additional changes (on the SPOE side) would be required to enable modification of the content. It sounds interesting. Best regards, Dragan Dosen
