Thread: [mod-security-users] [ANNOUNCE] ModSecurity 1.9dev3 has been released
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2005-08-19 08:40:29
|
ModSecurity 1.9dev3 has been released. It is available for immediate download from: http://www.modsecurity.org/download/ This version implements the final batch of major improvements to the 1.9.x series. These include a completely new audit logging subsystem intended for real-time audit log aggregation, audit logging based on response status code, support for PUT uploads, stateful denial of service defence through httpd-guardian (an external monitoring process), significantly improved support for rule inheritance (import from parent context, remove from current context, mandatory inheritance, etc.), and many smaller improvements. About ModSecurity ----------------- ModSecurity is a web application firewall, designed to protect vulnerable applications and reject manual and automated attacks. It is an open source intrusion detection and prevention system. It can work embedded in Apache, or as a standalone security device when configured to work as part of an Apache-based reverse proxy. Optionally, ModSecurity creates application audit logs, which contain the full request body in addition to all other details. Requests are filtered using regular expressions. Some of the things possible are: * Apply filters against any part of the request (URI, headers, either GET or POST) * Apply filters against individual parameters * Reject SQL injection attacks * Reject Cross site scripting attacks * Store the files uploaded through the web server, and have them checked by external scripts With few general rules ModSecurity can protect from both known and unknown vulnerabilities. A Java version is also available, which works with any Servlet 2.3 compatible web server. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |