Beginning on Monday, February 9, we will be updating Apache, PHP and mod_security on all of our servers. No more than 10 minutes of HTTP downtime is expected per server. These upgrades will be spread out through the week and this thread will be kept updated with our current progress.
All servers will be updated to:
Apache 2.2.x
PHP 5.2.8 (w/ Tidy support added)
mod_security 2.5.x
Most customers will not notice any difference with the new versions. However, there are a couple of things that you should be aware of:
1. Apache 2.2.x is a bit stricter on .htaccess file syntax. In some of our test cases we've seen improper syntax ignored under Apache 1.3.x but throw a 500 Internal Server error under Apache 2.2.x. It is important that you make sure that your .htaccess files do not have any obvious syntax errors.
2. mod_security 2.x cannot be changed using .htaccess files. If you currently have any mod_security directives in your .htaccess file you need to make sure that these are within an appropriate IfModule section. For example, if you are currently using:
You need to change it to:
This modifies your directive such that it is only used if mod_security 1.x is running. When your server is upgraded to mod_security 2.x, it will be ignored. If you do not make this change you will receive 500 Internal Server errors after the updates. We will occasionally be checking the error logs after the updates to try and fix any remaining errors for those that didn't make the necessary changes.
mod_security 2.x cannot be disabled via .htaccess files. If you experience problems with the new mod_security rules please submit a ticket and we'll work with you to get it resolved. We've already addressed many of the issues that caused some to disable mod_security 1.x on their domains before.
All servers will be updated to:
Apache 2.2.x
PHP 5.2.8 (w/ Tidy support added)
mod_security 2.5.x
Most customers will not notice any difference with the new versions. However, there are a couple of things that you should be aware of:
1. Apache 2.2.x is a bit stricter on .htaccess file syntax. In some of our test cases we've seen improper syntax ignored under Apache 1.3.x but throw a 500 Internal Server error under Apache 2.2.x. It is important that you make sure that your .htaccess files do not have any obvious syntax errors.
2. mod_security 2.x cannot be changed using .htaccess files. If you currently have any mod_security directives in your .htaccess file you need to make sure that these are within an appropriate IfModule section. For example, if you are currently using:
Code:
SecFilterEngine Off
Code:
<IfModule mod_security.c> SecFilterEngine Off </IfModule>
mod_security 2.x cannot be disabled via .htaccess files. If you experience problems with the new mod_security rules please submit a ticket and we'll work with you to get it resolved. We've already addressed many of the issues that caused some to disable mod_security 1.x on their domains before.
Comment