Using mod_security 2.5 and Apache 2 on Mac OS X

Unfortunately recent MacPorts comes with mod_security 1.8.6 and the maintainer is not actively supporting updates (for details see this ticket). Since I wanted to test some settings on a local Apache installation on my Mac with the latest release (2.5.11) I used the information given in the ticket to patch and update my mod_security port.

This guide is straight forward and shows just the required changes, a working MacPorts installation with Apache 2 is mandatory. You simply have to edit the Portfile that contains the details for mod_security.

Step-by-step explanation

  1. Update your MacPorts installation by sudo port selfupdate and sudo port upgrade outdated (read this guide for more details on MacPorts selfupdate)
  2. Open the portfile for mod_security and replace the content of the file with the provided code. The portfile in my installation resides in/opt/local/var/macports/sources/rsync.macports.org/ release/ports/www/mod_security/Portfile


    Download the Portfile as text file

  3. Now you may install mod_security via MacPorts using this terminal command:sudo port install mod_security
  4. Open the Apache configuration file (/opt/local/apache2/conf/httpd.conf) in a text editor and add mod_security to the list.Open a new Terminal (the Termin.app resides in /Applications/Utilities on your harddrive) window and then type the following command to open and edit the file (the sudo command is required to get write-access to this file since it is normally not writable for you user account).sudo nano /opt/local/apache2/conf/httpd.confNow enter your password (the same you use to log in to your Mac). Use the cursor keys to scroll down to the section for the Dynamic Shared Object (DSO) Support and copy the following line below the last LoadModule… statement (see screenshot).LoadModule security2_module modules/mod_security2.so

    To save and leave the Nano editor press CTRL+X and confirm with Y (for Yes) to save.

  5. Reload the Apache server. The security module should now be loaded by Apache (start or restart Apache to commit changes).sudo /opt/local/etc/LaunchDaemons/org.macports.apache2/apache2.wrapper restart

YAML 3.0 geht an den Start

YAML 3.0 geht an den Start: „Wie es der Versionssprung von 2.5.2 auf 3.0 bereits vermuten lässt, bringt die neue Version zahlreiche Verbesserungen und auch einige Veränderungen mit sich. Der wohl wichtigste Punkt ist die vollständig überarbeitete, zweisprachige Dokumentation (deutsch/englisch) des Frameworks. Daneben bietet YAML 3 eine deutlich übersichtlichere Dateistruktur, verbesserte Robustheit und Barrierefreiheit der CSS-Bausteine, optimierte CSS-Bausteine für den produktiven Einsatz sowie zahlreiche neue Layoutbeispiele.

Eine detaillierte Übersicht aller neuen Funktionen und Änderungen der neuen Version liefert das Changelog.“

(Via YAML News.)

Angriffswelle gegen Webserver (”iFrame-Attacken”) – nun auch TYPO3

Angriffswelle gegen Webserver (”iFrame-Attacken”) – nun auch TYPO3: „Schon seit einiger Zeit wird von wiederkehrenden Angriffen auf Webserver berichtet, so etwa in den Pressemeldungen “Groß angelegter Angriff auf Web-Anwender im Gange”, “Weitere Details zu Web-Attack-Toolkit MPack” “Schneeball-Effekt: nur ein anfälliges PHP-Script genügt” und vielen anderen Quellen. In diesen Angriffen werden – zumindest teilweise automatisiert – verschiedene Wege ausgenutzt, um Kontrolle über die Webserver zu erlangen.

Dies hat nun auch TYPO3 (und andere CMS-Systeme) erreicht: Einige Berichte zu solchen Vorkommnissen waren in Foren zu lesen, andere wurden diskret dem TYPO3 Security Team gemeldet. In diesem Artikel möchte ich vorstellen, was davon von allgemeinem Interesse ist.“

(Via TYPO3 Security Blog.)

Yet another one more thing… a new Web Inspector!

Yet another one more thing… a new Web Inspector!:

„As some of you saw last week at WWDC, we have a brand new version of the Web Inspector. We know that a lot people have found the current Web Inspector useful, and we have gotten a lot of feedback and sugestions about how to make it even better. And boy have we been listening! We have taken the current Web Inspector and have added a bunch of new features that you will find invaluable for web development:

  • Completely redesigned interface, no longer a transparent panel
  • Works with any WebView inside third-party applications, not just Safari
  • Supports docking to the inspected page
  • Shows all resources included by the page, sorted into categories
  • Global search through all text-based resources
  • Console to show errors and warnings with live JavaScript evaluation
  • Network panel showing resource load timeline along with HTTP request and response headers
  • Resource size and load time summary graph in the Network panel
  • Syntax highlighted HTML source
  • Inline JavaScript and HTML error reporting

We will be telling you in more detail about all of the great new features in future blog posts.

We have been working on this for a long time, but now we want to get the whole WebKit community involved with making this the best web development tool available. So show up in #webkit or on the mailing list and suggest new ideas or implement them yourself (remember everything is HTML, JavaScript and CSS)!

And there is one more thing… all of this new inspector goodness also works on Windows.

The new inspector is available in the Mac and Windows nightly builds.

New Web Inspector

(Via Surfin‘ Safari.)

Extensions: Static file publishing – 23000% speed gain and cooling the globe

Extensions: Static file publishing – 23000% speed gain and cooling the globe: „Interview with Michiel Roos about TYPO3 performance improvement using static file cache. During a 30+ minute interview and demonstration you will be introduced into the Dark Arts of optimizing TYPO3 performance using static files, mod_rewrite and mod_expires. Learn how to make your site 230 times as fast! Includes comparison of extensions doing more or less the same.
Sponsor: http://www.lightwerk.com/“

(Via TYPO3 Podcast.)

SuSE Linux 9.1 vs. Debian Sarge (updated)

We use Linux for a long time as an operating system for our servers. In the last eight years we always used SuSE Linux, since the 5.1 release. Even my desktop runs on SuSE Linux 9. Yesterday I decided to install Debian for no particular reason, maybe just out of curiosity.

I removed SuSE Linux 9.1 and installed Debian Sarge on our latest server (a dual Xeon) using the netinstall CD-ROM image. Of course it’s a testing release but the Debian team is testing for a long time now and I think it’s quite good.

My first impression on Sarge (compared to my bad Debian Woody experience) is very positive. The installation of the base system was easy and only took about 10 Minutes including re-partitioning of the disk array. The further installation process was easy, too. I will set up the system (as a server) the next days and compare this to the SuSE distribution. So far Debian Sarge seems to be very promising.

Update 1: So far everything worked very well. I set up the core mail services, SMTP / POP / IMAP with LDAP and SSL support, in about the same time as I did on SuSE Linux. There are at least as much helpful websites for mail service setup on Debian as I found for SuSE Linux. I noticed that the Debian core system in my configuration needs fewer space than SuSE Linux did.

Update 2: Things went very well! Our first Debian server (Sarge) has been very stable in all tests – and is now a production system and our mail exchanger. Migration will go on.

Update 3: Adding anti-virus and anti-SPAM services took some time but now all is up and running. There are good tutorials out there that provide all the information you need. Try this or this or this.