[4.3-apache] Question: Inactive configuration files

coreruleset / modsecurity-crs-docker

Official ModSecurity Docker + Core Rule Set (CRS) images

https://coreruleset.org

Apache License 2.0

257 stars 69 forks source link

[4.3-apache] Question: Inactive configuration files #271

Closed mhutter closed 1 month ago

mhutter commented 1 month ago

This image provides the httpd-logging-before-modsec.conf and httpd-logging-after-modsec.conf, but they are never included in the server configuration. Is this intended behavior?

theseion commented 1 month ago

No, definitely not. They were removed from the archived modsecurity-docker repo a couple of years ago and since then have not be included, as with that change also the sed instruction was removed that had included the files up to that point.

Since they haven't been in use for several years, I would remove them. Unless you would like to use them, then we add the inclusion again (or at least make the inclusion configurable).

mhutter commented 1 month ago

Thanks! Since we introduced this change originally, we'll just move it to our downstream image, feel free to remove the config here.