Bug 250470

Summary: www/mod_security: Make crs-setup.conf follow upstream changes when pulling; correct outdated instructions; improve the documentation
Product: Ports & Packages Reporter: Samy Mahmoudi <samy.mahmoudi>
Component: Individual Port(s)Assignee: Jochen Neumeister <joneum>
Status: New ---    
Severity: Affects Some People Flags: bugzilla: maintainer-feedback? (joneum)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Description Flags
Patch file none

Description Samy Mahmoudi 2020-10-19 18:20:09 UTC
Created attachment 218900 [details]
Patch file


• Make crs-setup.conf follow upstream changes when pulling
• Correct outdated instructions
• Improve other parts of the documentation

Here is a full log to ease in review:

• Replace confusing instruction 'enable mod_unique_id in httpd.conf' with coherent alternatives
• Isolate the comment related to the OWASP Core Rule Set and refine the reference to instructions
• Add a commented Include line to ease in configuration

• Replace outdated 'modsecurity_crs_10_setup.conf.example' with 'crs-setup.conf.example'
• Use upstream name 'crs-setup.conf' instead of 'crs.conf' to keep track of origin
• Replace outdated 'base_rules' with 'rules'
• Refine instructions with possible use of %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
• Replace etc with %%ETCDIR%% (no functional change, intention is to make %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% and %%DOCSDIR%%/README coherent)
• Make crs-setup.conf follow upstream changes by linking instead of copying, and update the documentation accordingly (stashing is done manually to cover all cases)

• Replace %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% with %%DOCSDIR%%/README so that the users can read the first paragraph of %%DOCSDIR%%/README before they are invited to use the signatures from the OWASP Core Rule Set (CRS)
• Refine the reference to instructions (CRS)