From: Ivan Ristic <ivanr@we...> - 2004-06-15 15:04:40
Mod_security 1.8 has been released. It is available for immediate
After more than six months of development, resulting in a
40% larger code base, a stable version of the 1.8 branch
is available. The list of changes below contains only the
list of improvement since the last v1.7.x release.
Mod_security is an Apache module whose purpose is to protect
vulnerable applications and reject human or automated attacks.
It is an open source intrusion detection and prevention system
for Apache. In addition to request filtering, it also creates Web
application audit logs. Requests are filtered using regular
expressions. Some of the things possible are:
* Apply filters against any part of the request (URI,
headers, either GET or POST)
* Apply filters against individual parameters
* Reject SQL injection attacks
* Reject Cross site scripting attacks
With few general rules mod_security can protect from both
known and unknown vulnerabilities.
Changes (since v1.7)
* Implementation of a multipart/form-data parser, closing
a hole attackers could use to go through.
* File upload interception and validation (via
* Improved audit log logs full requests (referencing
files stored outside the file when necessary).
* Improved debug logging, data is now properly escaped.
* Improved logging, log entries now contain all the data
needed to identify who, what, when, and where.
* Keep uploaded files (option).
* Much improved configuration code.
* POST analysis can be turned off on the per-request
basis now, dynamically.
* A new (validating) cookie parser. Cookie data can
be normalized or not.
* Support for custom logging (to log only mod_security
* Rewritten chroot support, now always works.
* External scripts work with suExec.
* Fixed a long-standing design flaw, where rejects due
to normalization errors would not execute a default
* The automated testing utility now supports a debug
mode, where it prints the request and the response
to the output.
* Many small improvements. Many bugs fixed.
[ Open source IDS for Web applications ]