[ic] mod_security and mod_interchange

Kevin Walsh kevin at cursor.biz
Tue Mar 27 13:39:32 EST 2007

"Matthew Daniels" <mpd at krilion.net> wrote:
> I'm using Apache 1.3, mod_security 1.9 and the latest mod_interchange.
> Requests that are handled by mod_interchange and match my mod_security rules
> appear to properly trigger the correct response from mod_security, at least
> in 
> the apache error log.  But going to a forbidden URL in a browser displays a
> page
> from interchange, despite the apache log saying it returned a HTTP 500
> response.
> I'm guessing this has something to do with the ordering of modules, since
> requests
> that aren't handled by mod_interchange are correctly denied.  I have
> mod_security.c
> at the top of my LoadModule list for all the good that does.
I'm not familiar with mod_security, but I know that mod_interchange-1
does not "chain" well with other modules, such as mod_cgi and mod_php

There doesn't seem to be much point in putting too much time into
working out a solution for this for mod_interchange-1, unless you
already have a solution you'd like to suggest, of course.  This sort
of thing should be much easier to handle with the Apache 2 API, so
the time will probably be better spent creating mod_interchange-2 for
Apache 2.

Mod_interchange-2 will be written at some point, when there's enough
interest, and should hopefully put an end to the exotic module chaining
issues that are reported on this mail list from time to time.

   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/

More information about the interchange-users mailing list