Mailing List Archive

On Thu, Oct 20, 2022 at 9:56 AM Nick Gearls <nickgearls@gmail.com> wrote:
>
> Hello,
>
> It would sometimes be very handy to be able to define a variable (like -D on command-line or "Define xxx" in the config) inside a module.
> This would, for instance, allow to have a config file based on a define from the module, knowing if the new syntax is known or not, etc.
>
> Concrete example: in mod_security2, they introduced a new "collection".
> If you use this collection in an old version, it's a syntax error.
> If mod_security2 defines the variable "support_new_collection" (OK, very bad name obviously), then we can enclose the rule using a "<IfDefine support_new_collection>.
>
> Would it be possible to export a function to define such a variable?

I think it's feasible. Might want to safeguard against it being called
in unexpected times (after pre-config?) or ways (in child processes?)

Le 20/10/2022 à 15:55, Nick Gearls a écrit :
> Hello,
>
> It would sometimes be very handy to be able to define a variable (like
> -D on command-line or "Define xxx" in the config) inside a module.
> This would, for instance, allow to have a config file based on a
> define from the module, knowing if the new syntax is known or not, etc.
>
> Concrete example: in mod_security2, they introduced a new "collection".
> If you use this collection in an old version, it's a syntax error.
> If mod_security2 defines the variable "support_new_collection" (OK,
> very bad name obviously), then we can enclose the rule using a
> "<IfDefine support_new_collection>.
>
> Would it be possible to export a function to define such a variable?
>
> Thanks

Hi,

Maybe this would not be super-clean, but the module could define some
(useless) directives (i.e. MOD_SEC2_HAS_NEW_COLLECTION_SUPPORT) and
config files could be tweaked with <IfDirective>.

This should work as-is without any new code.
Does it match your use-case?

CJ

Technically, it would work, and I actually did it in my own modules.
But I'm afraid some people (at ModSecurity or in other modules) won't accept to misuse a feature :-(

On 20-10-2022 20:35, Christophe JAILLET wrote:

Le 20/10/2022 à 15:55, Nick Gearls a écrit :

Hello,

It would sometimes be very handy to be able to define a variable (like -D on command-line or "Define xxx" in the config) inside a module.
This would, for instance, allow to have a config file based on a define from the module, knowing if the new syntax is known or not, etc.

Concrete example: in mod_security2, they introduced a new "collection".
If you use this collection in an old version, it's a syntax error.
If mod_security2 defines the variable "support_new_collection" (OK, very bad name obviously), then we can enclose the rule using a "<IfDefine support_new_collection>.

Would it be possible to export a function to define such a variable?

Thanks

Hi,

Maybe this would not be super-clean, but the module could define some (useless) directives (i.e. MOD_SEC2_HAS_NEW_COLLECTION_SUPPORT) and config files could be tweaked with <IfDirective>.

This should work as-is without any new code.
Does it match your use-case?

CJ

It sounds like the desired change is <IfModuleVersion foo rev>, but there
isn't a baked-in module revision field, not even a module release date that
would be helpful here, so that isn't promising. IfDefine is a solution.

Wouldn't <IfDirective directivename [modname]> solve this once and for all,
for many use cases? Ship a patch for folks who want to rely on this with any
rebuilt httpd 2.4.older?


On Fri, Oct 21, 2022 at 9:10 AM Nick Gearls <nickgearls@gmail.com> wrote:
>
> Technically, it would work, and I actually did it in my own modules.
> But I'm afraid some people (at ModSecurity or in other modules) won't accept to misuse a feature :-(
>
> On 20-10-2022 20:35, Christophe JAILLET wrote:
>
> Le 20/10/2022 à 15:55, Nick Gearls a écrit :
>
> Hello,
>
> It would sometimes be very handy to be able to define a variable (like -D on command-line or "Define xxx" in the config) inside a module.
> This would, for instance, allow to have a config file based on a define from the module, knowing if the new syntax is known or not, etc.
>
> Concrete example: in mod_security2, they introduced a new "collection".
> If you use this collection in an old version, it's a syntax error.
> If mod_security2 defines the variable "support_new_collection" (OK, very bad name obviously), then we can enclose the rule using a "<IfDefine support_new_collection>.
>
> Would it be possible to export a function to define such a variable?
>
> Thanks
>
> Hi,
>
> Maybe this would not be super-clean, but the module could define some (useless) directives (i.e. MOD_SEC2_HAS_NEW_COLLECTION_SUPPORT) and config files could be tweaked with <IfDirective>.
>
> This should work as-is without any new code.
> Does it match your use-case?
>
> CJ
>
>