Jignesh Badani wrote: > Thanks Nick, it makes sense. So can I assume that the Apache group is fine > with its user base using 3rd party mod_security
Why not? http://modules.apache.org/ - lots of modules - we have no problem with users deploying any module which solves their requirements. > and that they do not plan to develop something similar ? I haven't seen anyone express interest in developing such features for the core server, nor any feedback from mod_security developers asking to become part of the core server. As a general rule the httpd project doesn't seek out more features, devs bring us offers of more features. Or they host them seperately. > The reason I am confused is I see Ryan Barnett as Team Lead for "Internet > Security Apache Benchmark Project" and he talks/writes a lot about > mod_security. http://www.amazon.com/gp/product/0321321286/ref=sr_11_1/104-5102527-8430348?ie=UTF8 (newly minted, and the page includes a good bio for Ryan.) Ryan comes from a network/systems security background, and has many valuable observations, so none of this should come as a surprise. For that matter, I never actually saw the mysterious Andrew Ford at the Apache http project either, although he also writes a decent book :) Not everyone in the Apache httpd server sphere actually participates in the project. The "Internet Security Apache Benchmark Project" is not affiliated with the Apache software foundation. > On Tuesday 22 August 2006 23:22, Jignesh Badani wrote: >> We have been looking at implementing mod_security for quite some time >> now, but it is not getting a green flag because the module is not part >> of the Apache group offering (yet). Of course I trust you don't use PHP or any other third party project. Apache is an extensible platform, ruling in your choices in or out based on if they are "Apache Software Foundation" projects is silly. Looking at the license, the cast of characters supporting the extension etc are valuable measurements, of course. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
