[mod-security-users] ModSecurity on lighttpd (?)

Discussion:

Christian Folini

2007-04-12 06:15:31 UTC

Hi there,

I am wondering if porting ModSecurity to lighttpd is an issue or not.
Lighttpd is getting hotter as time moves on and its speed makes it
a good alternative to apache as reverse proxy; obviously a position
where ModSecurity is welcome.

I found http://trac.lighttpd.net/trac/ticket/403 stating, that lighttpd
users should use mod_magnet, but mod_magnet does not sound like
supporting the interesting features in ModSecurity out of the box
(http://trac.lighttpd.net/trac/wiki/Docs%3AModMagnet). Despite looking
like a very nice module by itself.

Lighttpd has a share of 0.3% according to netcraft
(http://news.netcraft.com/archives/2007/04/02/april_2007_web_server_survey.html)
but considering sourceforge and reddit as being lighttpd users, there
might be some interest...

regs,

Christian

--
Given the choice between two theories, take the one which is funnier.
--- Blore's Razor, Author unknown

Ivan Ristic

2007-04-12 08:21:53 UTC

Permalink

I'd love to see ModSecurity running on other web servers, including
lighttpd. But I am pretty sure we (as in the ModSecurity developers)
are not going to attempt to port it. We'd be happy to assist someone
else do the job.

However, there is no point in trying to port ModSecurity 2.x. Although
significant changes were made in the 2.x branch to separate it from
Apache the ties are still strong. The good news is the main goal of
ModSecurity 3.x, due later this year, is portability. It should be
pretty straightforward to port ModSecurity 3.x to a web server of your
choice.

Post by Christian Folini
Hi there,
I am wondering if porting ModSecurity to lighttpd is an issue or not.
Lighttpd is getting hotter as time moves on and its speed makes it
a good alternative to apache as reverse proxy; obviously a position
where ModSecurity is welcome.
I found http://trac.lighttpd.net/trac/ticket/403 stating, that lighttpd
users should use mod_magnet, but mod_magnet does not sound like
supporting the interesting features in ModSecurity out of the box
(http://trac.lighttpd.net/trac/wiki/Docs%3AModMagnet). Despite looking
like a very nice module by itself.
Lighttpd has a share of 0.3% according to netcraft
(http://news.netcraft.com/archives/2007/04/02/april_2007_web_server_survey.html)
but considering sourceforge and reddit as being lighttpd users, there
might be some interest...
regs,
Christian
--
Given the choice between two theories, take the one which is funnier.
--- Blore's Razor, Author unknown
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
https://lists.sourceforge.net/lists/listinfo/mod-security-users

--
Ivan Ristic

Filip Hajny

2007-04-12 09:05:32 UTC

Permalink

Slightly offtopic: LiteSpeed 3.0 does include a simplified,
mod_security 1.9 inspired markup for request filtering. I think
SecFilter and SecFilterSelective are implemented.

Filip

Post by Ivan Ristic
I'd love to see ModSecurity running on other web servers, including
lighttpd. But I am pretty sure we (as in the ModSecurity developers)
are not going to attempt to port it. We'd be happy to assist someone
else do the job.
However, there is no point in trying to port ModSecurity 2.x. Although
significant changes were made in the 2.x branch to separate it from
Apache the ties are still strong. The good news is the main goal of
ModSecurity 3.x, due later this year, is portability. It should be
pretty straightforward to port ModSecurity 3.x to a web server of your
choice.

Post by Christian Folini
Hi there,
I am wondering if porting ModSecurity to lighttpd is an issue or not.
Lighttpd is getting hotter as time moves on and its speed makes it
a good alternative to apache as reverse proxy; obviously a position
where ModSecurity is welcome.
I found http://trac.lighttpd.net/trac/ticket/403 stating, that lighttpd
users should use mod_magnet, but mod_magnet does not sound like
supporting the interesting features in ModSecurity out of the box
(http://trac.lighttpd.net/trac/wiki/Docs%3AModMagnet). Despite looking
like a very nice module by itself.
Lighttpd has a share of 0.3% according to netcraft
(http://news.netcraft.com/archives/2007/04/02/
april_2007_web_server_survey.html)
but considering sourceforge and reddit as being lighttpd users, there
might be some interest...
regs,
Christian
--
Given the choice between two theories, take the one which is funnier.
--- Blore's Razor, Author unknown
---------------------------------------------------------------------
----
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?
page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
https://lists.sourceforge.net/lists/listinfo/mod-security-users

--
Ivan Ristic
----------------------------------------------------------------------
---
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?
page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
https://lists.sourceforge.net/lists/listinfo/mod-security-users