Mod Security 3 instead Mod Security 2

[castris]

As we know, mod security has finally become an OpenSource project outside of Trustware's control attempts, (or so I have understood)

The truth is that the current team, which is working on version 3, which is now a kind of connector-library that seems to be stable.

Is there an internal Directadmin project to incorporate this version in the future?

Directadmin would win a lot in my opinion, over the competition, since despite its many detractors, Mod Security is perhaps one of the best elements of perimeter security in the software layer, for web servers, that exists, and that frees hosting users from a great source of problems, who, no matter how much you tell them, are not friends of security and keeping things up to date.

Greetings

 

[sparek]

Been a while since I looked at ModSecurity v3, but the one thing that I found to slow adoption was the lack of a deprecatevar action in version 3.

deprecatevar has usefulness is limiting flooding in the web hosting world. For example, WordPress login attempts where the wrong information is used X number of times in Y number of seconds. Without deprecatevar you can't implement a solution to do the same task.

No clue why they removed deprecatevar in ModSecurity v3. But it's just going to make things a lot more difficult without it.

At least that's my opinion.

 

[DanielP]

On LS Enetprise mod security came build in the webserver so no control what it came with

OLS and Nginx use modsecurity 3

DA Nginx_Apache implementation is the only correct with mod security build on the nginx not on the apache like cPanel so mod security is 3

So maybe only on apache build is 2 I do not build apache server for a long time ?

 

[castris]

The topic is so interesting that it seems to have died in glory, modsecurity 3.0.x. What's the DeprecateVar alternative ?