Re: [mod-security-users] ModSecurity 1.9.2 has been released
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSecurity 1.9.2 has been released
|
From: Steffen <in...@ap...> - 2006-01-17 17:09:38
|
The windows binary is available for Apache 2.2.0 and 2.0.55 at http://www.apachelounge.com . Steffen ----- Original Message ----- From: "Ivan Ristic" <iv...@we...> To: <mod...@li...> Cc: <mod...@li...> Sent: Tuesday, January 17, 2006 5:03 PM Subject: [mod-security-users] ModSecurity 1.9.2 has been released > > ModSecurity 1.9.2 has been released. It is available for > immediate download from: > > http://www.modsecurity.org/download/ > > ModSecurity 1.9.2 is primarily a bug-fix release, but it > includes a few interesting new features. > > ModSecurity can now be compiled against PCRE regex library > (Apache 1.3.x only, Apache 2.x already uses PCRE), resulting > in large performance increase. It is also possible to compile > ModSecurity not to use suEXEC for process creation. Some > concurrent audit logging improvements. New proof-of-concept > script for real-time audit log centralisation. Many smaller > bug fixes and improvements throughout. > > > About ModSecurity > ----------------- > ModSecurity is a web application firewall designed to protect > vulnerable applications and reject manual and automated attacks. > It is an open source intrusion detection and prevention system. It > can work embedded in Apache, or as a standalone security device when > configured to work as part of an Apache-based reverse proxy. > > Optionally, ModSecurity creates application audit logs, which contain > the full request body in addition to all other details. Requests are > filtered using regular expressions. Some of the things possible are: > > * Apply filters against any part of the request (URI, > headers, either GET or POST) > * Apply filters against individual parameters > * Reject SQL injection attacks > * Reject Cross site scripting attacks > * Store the files uploaded through the web server, and have them > checked by external scripts > > With a few general rules ModSecurity can protect from both known > and unknown vulnerabilities. It excels as a tool for HTTP traffic > monitoring and just-in-time patching. > > ModSecurity is dual-licensed. It can be used at no cost under the > terms of GPL v2. Support and commercial licences (for end-users > and OEM distributors) can be obtained from Thinking Stone > (http://www.thinkingstone.com). > > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > |
