mod_security2 configuration

Bradley Giesbrecht pixilla at macports.org
Wed Jun 15 08:45:23 PDT 2011


I didn't see a link to your upload suggestion so I will have to look for it later when I have more time.
My comments do not have the benefit of your suggestion at this moment.

On Jun 15, 2011, at 7:31 AM, Bjarne D Mathiesen wrote:

> Bradley Giesbrecht wrote:
>> Take a look. This installs and apache2 loads with it active.
> 
> I've uploaded my own suggestion :-)
> 
> where we differ is in our handling of the conf-file.
> 
> my issues with your approach are the following:
> 1) I don't like creating the whole file inside the Portfile
>   we do have the files-directory for those kind of things :-)

I prefer to use the files dir sparingly, patches mostly. I read a lot of Portfiles in a day and having to look in files/* to see whats happening when a few lines in the Portfile can do the same thing.

> 2) the way you have done it the conf file is hard-linked,
>   thus any user-modifications to the file will be lost on
>   re-install/update

It is in conf/extra/ and is optional. You are welcome to create your own. I think this is the intended use of conf/extra. It's not loaded by default.

> 3) I prefer to have conf files depend on whether a module is loaded
>   or not, as I have the following in my httpd.conf file:
> 
> ############################
> # Supplemental configuration
> #
> # The configuration files in the conf/extra/ directory can be
> # included to add extra features or to modify the default
> # configuration of the server, or you may simply copy their contents
> # here and change as necessary.

I read, "can be included" and "or you may simply copy their contents here".

> Include conf/extra/*.conf

This may be convenient but I list my 5 or so modules manually. I am not inclined to include everything that any software package drops in conf/extra/ ending in .conf.
Read below.

> thus, I can simply comment the LoadModule and restart
> 
> this doesn't work that well with mod_security as the module _requires_
> the two LoadFile *.dylibs _before_ the LoadModule

Which is why I replace the note "apxs -a -e -n \"security2\" mod_security2.so" with the conf file.

Thanks for your comments Bjarne. I look forward reading your suggestions and finishing this port to are mutual satisfaction.


Regards,
Bradley Giesbrecht (pixilla)




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20110615/668a7a8b/attachment.html>


More information about the macports-users mailing list