[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing apache

Jochen Spieker <ml@well-adjusted.de> wrote:
> Sven Hartge:
>> Jochen Spieker <ml@well-adjusted.de> wrote:

>>> I didn't check, but I would be surprised if it was possible to only
>>> install Apache 2.4 from testing without upgrading half of your
>>> system.  What you need is a backport -- Apache 2.4 compiled against
>>> the library versions available in wheezy. Currently, there is no
>>> official backport.
>> Since to backport apache2.4 you need to backport (or at lease
>> recompile) _everything_ touching apache, including _any_ package
>> providing config-snippets (since some of the syntax of the
>> apache-configuration changed), I doubt there will ever be a backport
>> of apache2.4 to Wheezy.

> Makes sense. I hope they find a nice upgrade path for all involved
> packages. The transition to Apache 2.4 is probably going to be painful
> for years to come.

Right now packages with DDs who care about easy backporting carry code
like this in their config snippets (example from roundcube):

 <IfVersion >= 2.3>
   Require all granted
 <IfVersion < 2.3>
   Order allow,deny
   Allow from all

You can also enable a compatibility module for apache, but this practice
is frowned upon, since it can cause problems if you combine both (new
and old) methods of granting or denying access.


Sigmentation fault. Core dumped.

Reply to: