Ditch mod_security?

General eFa discussion
Post Reply

mod_security Turn Off?

Poll ended at 03 May 2017 15:23

Yes
3
100%
No
0
No votes
 
Total votes: 3

User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Ditch mod_security?

Post by shawniverson »

With the built-in security now in MailWatch and sgwi, mod_security may be redundant, and it is causing problems for many eFa users.

Considering mass disabling mod_security in next update....please cast a vote.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Ditch mod_security?

Post by pdwalker »

Fuck yes!

I am constantly getting "invalid security tokens" for no apparent reasons. Mailwatch has gone from being usable to unusable.

Also, the damn timeouts are still a problem. Even after I changed the session timeouts to 10 times longer in the code, I am still getting timeouts, even when I leave the tab active on the "recent messages" page. I can't stand it, and I want to have a way to turn this security "feature" off.

Yes, yes, I know it's more secure this way, but the best security is of no use if the software becomes useless in the process.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: Ditch mod_security?

Post by BliXem »

Maybe ditch mod_security and upgrade to latest PHP version, like php 5.7 and not on php 5.3, also for apache...
r31griffo
Posts: 19
Joined: 31 Mar 2017 05:09

Re: Ditch mod_security?

Post by r31griffo »

YES PLEASE
I can't seem to cast a vote so +1 on yes.

I've been putting up with the errors and refreshing pages to make them appear, if there's a quick way to disable this on my current appliance could someone either describe it here or link me to it?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Ditch mod_security?

Post by ovizii »

I can't vote either but you have my YES.

Also, any particula reason for using Apache? Could it not be replaced by nginx with php5_fpm?
r31griffo
Posts: 19
Joined: 31 Mar 2017 05:09

Re: Ditch mod_security?

Post by r31griffo »

@ovizii
I'd imagine the reason for Apache may be through inheritance from the original project...
There's an eFa v4 thread around here...it'd be a good idea to through it in there.
From my perspective, I'm more experienced and would be much happier with that platform too...I'd also like Debian or Ubuntu but I think I've been outvoted on that one :)
Justin
Posts: 111
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: Ditch mod_security?

Post by Justin »

BliXem wrote: 02 May 2017 07:21 Maybe ditch mod_security and upgrade to latest PHP version, like php 5.7 and not on php 5.3, also for apache...
Or, if possible PHP 7.1.x?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Ditch mod_security?

Post by pdwalker »

That'll be up to MailWatch, I'd expect.

7.x may still need some shakeout time anyway. We shall see.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Ditch mod_security?

Post by shawniverson »

Modsecurity is now configurable to enable/disable via EFA-Configure under Apache Settings
Post Reply