I don't find apache2 mod-security in etch repositories. why is that ?Building it from source was out of my knowledge , how can i do without ?Is any alternative ? Thanks !!!
IIRC, it's been removed due to licensing issues. The original maintainer has a private repository at http://etc.inittab.org/~agi/debian/libapache-mod-security2/ Proceed at your own peril.
Pardon modsecurity exists still .i have a big problem: wherever i am if i run http://mysite.it/etc/passwd all passwords shows off .... permissions are: i put a.c.l. directories in apache2.conf : I have a2enmod mod-security2 and got all rules from gotroot site and it still shows off , it's a big problem never had before in stable sarge what shall i do ???
As far as I know mod_security doesn't exist in the official Debian Etch repositories anymore. What's in your /etc/apt/sources.list?
You can install apache2-devel and then compile http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz as shown in the instructions (use apxs2 instead of apxs). Restart Apache2 afterwards, and mod_security should work again. But I couldn't compile mod_security 2.1.1 on Debian Etch...
I don't actually see which change i made did make stop going on the "/" but now everything is allright The modsecurity audit.log is empty,so i think is because i put " " around the / in apache2.conf acl.