Page MenuHomePhabricator

Installer should detect mod_security(2) via get_apache_modules() and give warning
Closed, ResolvedPublic

Description

mod_security(2) does weird things, like cause apache to serve a 500 error if people use words like "select" in an article. Since there is no error given to user, people blame us.

we should detect with get_apache_modules() and warn user when installing mediawiki about this, because this sort of "security" is just stupid


Version: 1.20.x
Severity: enhancement

Details

Reference
bz39463

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 22 2014, 12:56 AM
bzimport set Reference to bz39463.
Bawolff created this task.Aug 17 2012, 8:35 PM

And oh look, I was poking around in Installer.php today, and noticed we actually already do this.

But there appears to be a mod_security2 we still need to check for (I think, need to do some googling)

Change 161669 had a related patch set uploaded by Jackmcbarn:
Improve mod_security warning

https://gerrit.wikimedia.org/r/161669

I'm also wondering if we should add something to Special:Version that says if mod_security(2) is loaded, so that we can point it out immediately to users when they show us their wiki with these random problems.

Change 161669 merged by jenkins-bot:
Improve mod_security warning

https://gerrit.wikimedia.org/r/161669

(In reply to Jackmcbarn from comment #3)

I'm also wondering if we should add something to Special:Version that says
if mod_security(2) is loaded, so that we can point it out immediately to
users when they show us their wiki with these random problems.

Eh, that seems like a slippery slope. Anyways, probably out of scope for this bug.