From: Ivan Ristic <ivanr@we...> - 2004-11-05 12:53:23
Mod_security 1.8.6 has been released. It is available for immediate
This maintenance release relaxes several minor problems discovered
in 1.8.5. A minor improvement was made to make detection-only
deployment of mod_security easier. Please see the changes below
for more details.
Mod_security is an Apache module whose purpose is to protect
vulnerable applications and reject human or automated attacks.
It is an open source intrusion detection and prevention system
for Apache. In addition to request filtering, it also creates Web
application audit logs. Requests are filtered using regular
expressions. Some of the things possible are:
* Apply filters against any part of the request (URI,
headers, either GET or POST)
* Apply filters against individual parameters
* Reject SQL injection attacks
* Reject Cross site scripting attacks
With few general rules mod_security can protect from both
known and unknown vulnerabilities.
* Made changes to accommodate those who only want to operate
in detection mode. Validation checks (e.g. byte range) are
now performed only at the beginning of request processing (by
mod_security, not Apache). At the same time I have expanded
the validation checks to include request headers as well. Which
means all request data will be validated. Normalisation (e.g.
URL decoding, and other anti-evasion actions) is still performed
for every variable in a rule, as usual.
There is one constraint to have in mind for detection-only
deployments, though. Non-fatal default action (e.g. "log,pass"
is not allowed in the initialization phase. All validation
problems will result in request rejected. Therefore the only
way to operate in a fully transparent detection mode is to turn
off implicit validation options (URL decoding, Unicode, byte
range, cookie format validation).
* BUG Fixed the broken "skip" action.
* BUG Fixed a problem with file interception (when either file
storage or approval is enabled) that used to occur with IE.
* BUG I introduced a new bug to 1.8.5 while fixing a bug from
1.8.4. Uploading a file larger than the memory buffer would
cause the approval phase to be skipped altogether (Apache 2
[ Open source IDS for Web applications ]