Dear Marcelo,
The problem I faced was not upgrade of mod_security to mod_security2 issue.
It was mod_security 2.1.4 overwrote my rule files of 2.1.3. These rule files
were modification of default mod_security2 core rules.
>From file "mod_security2/README" :-
To activate the rules for your web server installation:
1) You may want to edit and customize modsecurity_crs_10_config.conf.
Additionally you may want to edit modsecurity_crs_30_http_policy.conf
which enforces an application specific HTTP protocol usage.
For instance, I edited modsecurity_crs_10_config.conf and so on to activate
mod_security on apache and further modified the rules to suit my needs. When
upgraded mod_security from 2.1.3 to 2.1.4 with portupgrade, all these files
were replaced to the default core rules. Should the ports take more care
when comes to upgrading configuration files? Some ports append configuration
with suffix i.e. myconf.conf.default to avoid such problem.
It is just a minor bug and I don't think this worth for a PR. Thus, I email
instead. Anyway, thanks for your effort in maintaining ports.
--
Regards
Kevin Foo
On Jan 25, 2008 6:18 PM, Marcelo Araujo <[EMAIL PROTECTED]> wrote:
> Hey dear Kevin,
>
> The change to version 2 of mod_security is a dramatic change, because
> exist a need to completely rewrite their obsolete rules for ability to
> use the new syntax.
> I search but not find in UPDATE files any references about this, I
> believe I forgot this.
>
> Thanks about the alert, I will take the providences!
>
> Best Regards,
>
> --
> Marcelo Araujo (__)
> [EMAIL PROTECTED] \\\'',)
> http://www.FreeBSD.org \/ \ ^
> Power To Server. .\. /_)
>
>
>
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
