cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Allow modsecurity version selection in easyapache

santrix shared this idea 7 years ago
Open Discussion

Further to having multiple servers (using the Atomic Real Time Rules) break after cPanel pushed out Mod Security 2.8.0 without warning - I am requesting that cpanel provides admin with some sort of control over the version of ModSecurity gets compiled in with easyapache.


http://forums.cpanel.net/f442/revert-mod_security-2-7-7-a-411361.html

Best Answer
photo

It is not currently planned to support multiple versions of ModSecurity at one time. The incurred technical costs of maintaining multiple versions of any software adds up and can prevent the addition of newer features at the cost of legacy support. Therefore we try to limit our support of multiple versions to only situations where critical and necessary.


In this particular situation, we'd likely consider tackling this by means of ensuring that the server doesn't get into such a state.


This may be through existing rules and halting/preventing upgrade when existing rules fail to validate the new version.


Another route discussed is by pulling ModSecurity out of the EasyApache tool and it being its own standalone module to install/uninstall that has its own validation for each install/upgrade, again halting on failure to validate with the current rules.


I can't promise anything just yet on what/when we'll pursue, but I did want to mention it is unlikely that we will take the route of supporting multiple ModSecurity versions simultaneously.


I welcome further input/comments on this and the use cases that server owners run into with ModSecurity issues (install/upgrade/otherwise).

Replies (1)

photo
1

It is not currently planned to support multiple versions of ModSecurity at one time. The incurred technical costs of maintaining multiple versions of any software adds up and can prevent the addition of newer features at the cost of legacy support. Therefore we try to limit our support of multiple versions to only situations where critical and necessary.


In this particular situation, we'd likely consider tackling this by means of ensuring that the server doesn't get into such a state.


This may be through existing rules and halting/preventing upgrade when existing rules fail to validate the new version.


Another route discussed is by pulling ModSecurity out of the EasyApache tool and it being its own standalone module to install/uninstall that has its own validation for each install/upgrade, again halting on failure to validate with the current rules.


I can't promise anything just yet on what/when we'll pursue, but I did want to mention it is unlikely that we will take the route of supporting multiple ModSecurity versions simultaneously.


I welcome further input/comments on this and the use cases that server owners run into with ModSecurity issues (install/upgrade/otherwise).

Leave a Comment
 
Attach a file