Re: Securing apache
Jochen Spieker <ml@well-adjusted.de> wrote:
> Sven Hartge:
>> Jochen Spieker <ml@well-adjusted.de> wrote:
>>> I didn't check, but I would be surprised if it was possible to only
>>> install Apache 2.4 from testing without upgrading half of your
>>> system. What you need is a backport -- Apache 2.4 compiled against
>>> the library versions available in wheezy. Currently, there is no
>>> official backport.
>>
>> Since to backport apache2.4 you need to backport (or at lease
>> recompile) _everything_ touching apache, including _any_ package
>> providing config-snippets (since some of the syntax of the
>> apache-configuration changed), I doubt there will ever be a backport
>> of apache2.4 to Wheezy.
> Makes sense. I hope they find a nice upgrade path for all involved
> packages. The transition to Apache 2.4 is probably going to be painful
> for years to come.
Right now packages with DDs who care about easy backporting carry code
like this in their config snippets (example from roundcube):
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
</IfVersion>
You can also enable a compatibility module for apache, but this practice
is frowned upon, since it can cause problems if you combine both (new
and old) methods of granting or denying access.
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Reply to: