got it. support for SecMarker and skipAfter action is required, should be easy to implement. We do assume rule ID is numeric though, all examples given in modsec document are integers.
We are adding more features for our 4.1 release to improve the compatibility with modsec 2.5, however, there is some feature we wont consider to support right now:
1. xml related.
2. pdf related.
3. lua script (we are investigating, may add, but low priority)
4. geo lookup (duplicate with mod_geoip, can use env added by mod_geoip)
5. inspecting response body (still evaluating)
6. executing external script
We do not plan to implement features mainly because, some features may rely on third party libraries, and the license of that library may not allow us to incorporate into our product; some features may severely slow down the non-blocking, single-thread process, especially, when large amount of data need to be processed, it is fatal. We have seen even PCRE hanging lshttpd process with 100% cpu.
Hope it will make it a little bit clearer with our mod_sec support.
BTW: we will publish a document regarding what feature is supported, what is not, after our 4.1 release settled.
Last edited by mistwang; 02-03-2011 at 01:14 PM..