apache and modsecurity #2603
Comments
|
Hi @rickyrocker , It is not recommended to use ModSecurity v3 with Apache. There are still enough portions of functionality that do not work correctly that it is not considered production-ready. With Apache, ModSecurity v2.9.x is still the recommended version to use. Re:
There is a response here at least: The Apache connector has not been abandoned. The lack of progress there is simply a matter of prioritization. ModSecurity v2.9.x continues to be a solid implementation. There are no plans to discontinue the v2.9.x line while a fully functioning v3 implementation for Apache is still unavailable. |
Currently, Some restriction from usage Modescurity v3 in production with Apache? |
|
There is no change in status. For use with Apache, ModSecurity v2.9.x is the recommended version. |
Uh oh!
There was an error while loading. Please reload this page.
I have been trying to build modsecurity 3.0.5 and modsecurity-apache 0.0.9-beta1 and am really struggling.
I have seen a comment from zimmerle saying that "currently modsecurity-apache supports modsecurity 3.0.4" - but I don't know what version of modsecurity-apache "currently" refers to. Is it still the case as at today? or have things changed.
Subsequently I have tried to build 3.0.4 and am seeing issue 2519 - which is really not an ideal start.
Further, I am seeing people commenting on modsecurity-apache issues saying it's "unstable" and asking "what is planned for future?" for the connector - and there is absolutely no response from the developers
...all of which is really worrying.
Against this backdrop, my questions are really as follows:
Has apache been abandoned from a modsecurity 3.0.x connector perspective?
Is modsecurity-apache 0.0.9-beta1 stable for an apache production environment, or should I be installing modsecurity v2.9.4 ? And if so, what is the future of the modsecurity 2.9 series?
The text was updated successfully, but these errors were encountered: