MODSEC-224: For distributed environments, we need to extend the persistent storage mechanism to allow for centralized logging. This would allow individual ModSec installs to access a central storage location for initcol, setsid, setuid actions. One option may be to look at memcached.
Possible directives would be:
Original reporter: rbarnett
email@example.com: I have seen that in the beta release of http 2.3 there is now also a memcache implementation for the SSL Sessioncache (modules/cache/mod_socache_memcache.c). Maybe some part of the Code can be reused?
firstname.lastname@example.org: I tested kyoto tycoon which can be used as an alternative for memcached and has also a replication feature built in, memcached protocol is supported.
rbarnett: there is an Apache module that implements this -
We could re-use some data.
This functionality is under test under the branch:
This test implementation is using memcache to store the collections values. The memcache server can be informed by the utilization of the following configuration option:
SecPersistentStorage memcache "--SERVER=your.server.ip.addrs."
If SecPersistentStorage was not informed or if is set to "local" the collection will be stored on the sdbm files.
Anyone know the current status of this feature? This type of feature would be awesome for people who want to use multiple embedded solutions. Apache 2.4 (as people have mentioned) supports this type of functionality for SSL cache and 2.4 is now in Debian stable (8.0).