FreeBSD Port: frontpage-22.214.171.12423_1
swhetzel at gmail.com
Fri Apr 22 13:30:07 PDT 2005
> So clarify for me again why this is better?
> It seems that adding the submitted patches (4 months old now?) to the
> improved mod_frontpage would be better than trying to back-hack these
> things into the rtr version of the module. Improved mod_frontpage has
> other significant significant security enhancements as well.
The mod_frontpage*-rtr ports work on both apache 1.3 and 2.0. But
Improved mod_frontpage only works on apache 1.3. And it looks as
thou a version for Apache 2.0 of the Improved mod_frontpage is not
going to be developed.
I only added the options so that users who were using the Improved
mod_frontpage port and switched to Apache 2.0 and mod_frontpage2-rtr
port would have the same ability to control the use of the Frontpage
extensions on their servers.
The one difference that I know of between these two mod_frontpage
ports, is that Improved mod_frontpage checks to see if we have been
authenticated for the ADMIN and ADMINCGI urls. When I added these
checks to the RTR version (change FrontPageAlias to FrontPageNeedAuth
for the ADMIN and ADMINCGI checks in the mod_frontpage.c patches), the
mod_frontpage module was checking for authentication before the Apache
2.0 server requested authentication.
Without using the FrontPageNeedAuth check in the RTR mod_frontpage
module, I could only administrate, or author a FrontPage enabled web
site, sub web, or access admin pages after entering my authentication
What other significant security enhancements does Improved mod_frontpage have?
More information about the freebsd-ports