On Feb 8, 2008 9:12 AM, Danek Duvall <danek.duvall at sun.com> wrote: > On Thu, Feb 07, 2008 at 08:24:50PM -0800, Jyri Virkki wrote: > > > 5.3. Exported Interfaces > > > > NAME STABILITY > > --------------------------------------------------------------- > > /usr/apache2/2.2/libexec/mod_jk.so Volatile > > /usr/apache2/2.2/libexec/mod_fcgid.so Volatile > > /usr/apache2/2.2/libexec/mod_security.so Uncommitted > > /usr/apache2/2.2/libexec/mod_dtrace.so Volatile > > So what are the interfaces this project is actually exporting? That is, > for instance, what is Volatile about "/usr/apache2/2.2/libexec/mod_jk.so"? > Is it the pathname? The pathname seems unlikely to change -- either it > stays the same pretty much forever or we decide to yank it. Doesn't seem > particularly Volatile. > > Is it behavior? > > Is it the set of configuration directives it supports? > > Something else? > > A description of what each actually does would also be nice. The fact that > it was discussed at length somewhere else is nice, but most of us aren't on > those other lists, so a summary in the proposal of, y'know, what the > project actually *does* would be useful to the majority of ARC members > reviewing the proposal. :) > > Thanks, > Danek
I was curious on this as well. What does the Uncommited mean for mod_security? Also the filename is normally compiled as mod_security2.so (mod_security.so being the 1.x.y version). Additionally, "the most recent stable releases of" for mod_security is no longer 2.1.3. It is 2.1.5, which fixes a number of issues that you may want included... 10 Jan 2008 - 2.1.5 ------------------- * Updated included Core Ruleset to version 1.5.1. * Phase 5 rules can now be removed via SecRuleRemoveBy* directives. * Fixed issue where only the first phase 5 rule would run when the request was intercepted in an earlier phase. * Fixed configuration parsing so that disruptive actions, meta actions and phases are not allowed in a chained rule (as originally intended). * Fixed t:escapeSeqDecode to better follow ANSI C escapes. 27 Nov 2007 - 2.1.4 ------------------- * Updated included Core Ruleset to version 1.5 and noted in the docs that XML support is required to use the rules without modification. * Fixed an evasion FP, mistaking a multipart non-boundary for a boundary. * Fixed multiple warnings on Solaris and/or 64bit builds. * Do not process subrequests in phase 2-4, but do hand off the request data. * Fixed a blocking FP in the multipart parser, which affected Safari. thanks, -B
