There's an incompatibility between ModSecurity and mod_deflate, which I would like to fix it. (It is triggered when AddOutputFilterByType is used.) I basically need to ensure that ModSecurity's output filter runs before mod_deflate's in all cases. I am aware of mod_filter (which I suspect should be able to deal with this situation), but I prefer a solution that does not require further work on the part of ModSecurity users.
I was unable to find a polite way of asking Apache to run one filter before another. Could it be that I am missing something? Assuming the above is not possible, I have two solutions that work: - A quick fix seems to be declaring ModSecurity's output filter as (AP_FTYPE_CONTENT_SET - 1), but I am not convinced such a change would go without side-effects, although a trivial test did not show anything unusual. - Do not use ap_add_output_filter(), but work directly with the filter structures to place ModSecurity's output filter before mod_deflate's. Any hints? -- Ivan Ristic Security assessment of your SSL servers https://www.ssllabs.com/ssldb/