Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Release of CRS v2.1.0

Rules
2011-01-03
2013-06-12
  • Ryan Barnett
    Ryan Barnett
    2011-01-03

    https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

    CHANGE LOG -

    Version 2.1.0 - 12/29/2010

    Improvements:
    - Added Experimental Lua Converter script to normalize payloads. Based on
      PHPIDS Converter code and it used with the advanced filters conf file.
    - Changed the name of PHPIDS converted rules to Advanced Filters
    - Added Ignore Static Content (Performance enhancement) rule set
    - Added XML Enabler (Web Services) rule set which will parse XML data
    - Added Authorized Vulnerability Scanning (AVS) Whitelist rule set
    - Added Denial of Service (DoS) Protection rule set
    - Added Slow HTTP DoS (Connection Consumption) Protection rule set
    - Added Brute Force Attack Protection rule set
    - Added Session Hijacking Detection rule set
    - Added Username Tracking rule set
    - Added Authentication Tracking rule set
    - Added Anti-Virus Scanning of File Attachments rule set
    - Added AV Scanning program to /util directory
    - Added Credit Card Usage Tracking/Leakage Prevention rule set
    - Added experimental CC Track/PAN Leakage Prevention rule set
    - Added an experimental_rules directory to hold new BETA rules
    - Moved the local exceptions conf file back into base_rules dirctory however
      it has a ".example" extension to prevent overwriting customized versions
      when upgrading
    - Separated out HTTP Parameter Pollution and Restricted Character Anomaly Detection rules to
      the experimental_rules directory
    - Adding the REQUEST_HEADERS:User-Agent macro data to the initcol in 10 config file, which will
      help to make collections a bit more unique