From: Ivan Ristic <ivanr@we...> - 2005-09-19 12:24:49
ModSecurity 1.9dev3 has been released. It is available for immediate
This is an intermediary release on the road to a stable 1.9.x.
It is now possible to enable or disable ModSecurity dynamically, on a
per-request basis. Action rev (short for revision) was added to allow
you to differentiate between versions of the same rule. Directive
SecFilterActionsRestricted was added to restrict what can appear in
the per-rule action lists (useful for adding third-party rules to the
configuration in a controlled manner). The SecFilterDefaultActions
directive can now appear more than once in the same configuration
context, making it easy to group rules according to how they react to
attacks. Many smaller bug fixes were made.
ModSecurity is a web application firewall, designed to protect
vulnerable applications and reject manual and automated attacks.
It is an open source intrusion detection and prevention system. It
can work embedded in Apache, or as a standalone security device when
configured to work as part of an Apache-based reverse proxy.
Optionally, ModSecurity creates application audit logs, which contain
the full request body in addition to all other details. Requests are
filtered using regular expressions. Some of the things possible are:
* Apply filters against any part of the request (URI,
headers, either GET or POST)
* Apply filters against individual parameters
* Reject SQL injection attacks
* Reject Cross site scripting attacks
* Store the files uploaded through the web server, and have them
checked by external scripts
With few general rules ModSecurity can protect from both known
and unknown vulnerabilities. A Java version is also available, which
works with any Servlet 2.3 compatible web server.
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org