Uncategorized

Mod_security upgrade from 1.8.7 to 2.1.1 — Major issue with mod_limitipconn [UPDATE]

I just received an email from Ivan Ristic this morning! He looked through the source of mod_limitipconn and found that the module is NOT compatible with mod_security-2.x.

Ivan Ristic – “I’ve looked briefly at the source code of mod_limitipconn and it would appear that this module is not compatible with ModSecurity in the current version (as far as blocking is concerned). This is not unusual. Apache has an incredibly rich API that allows modules to significantly change the way requests are processed and it appears that mod_limitipconn does this.”

I just received an email from Ivan Ristic this morning! He looked through the source of mod_limitipconn and found that the module is NOT compatible with mod_security-2.x.

Ivan Ristic – “I’ve looked briefly at the source code of mod_limitipconn and it would appear that this module is not compatible with ModSecurity in the current version (as far as blocking is concerned). This is not unusual. Apache has an incredibly rich API that allows modules to significantly change the way requests are processed and it appears that mod_limitipconn does this.”

They will be looking into a mod_security upgrade to deal with this issue. I hope that they will release a patch since 2.1.1 is ‘stable’ in portage. Or better yet, just add the patch to 2.1.1 source. In that case, it would be just a simple re-emerge of mod_security-2.1.1.

I’ll keep everyone posted as I find more information.