From: Ivan Ristic <ivanr@we...> - 2005-08-19 08:40:29
ModSecurity 1.9dev3 has been released. It is available for immediate
This version implements the final batch of major improvements to the
1.9.x series. These include a completely new audit logging subsystem
intended for real-time audit log aggregation, audit logging based on
response status code, support for PUT uploads, stateful denial of
service defence through httpd-guardian (an external monitoring process),
significantly improved support for rule inheritance (import from parent
context, remove from current context, mandatory inheritance, etc.), and
many smaller improvements.
ModSecurity is a web application firewall, designed to protect
vulnerable applications and reject manual and automated attacks.
It is an open source intrusion detection and prevention system. It
can work embedded in Apache, or as a standalone security device when
configured to work as part of an Apache-based reverse proxy.
Optionally, ModSecurity creates application audit logs, which contain
the full request body in addition to all other details. Requests are
filtered using regular expressions. Some of the things possible are:
* Apply filters against any part of the request (URI,
headers, either GET or POST)
* Apply filters against individual parameters
* Reject SQL injection attacks
* Reject Cross site scripting attacks
* Store the files uploaded through the web server, and have them
checked by external scripts
With few general rules ModSecurity can protect from both known
and unknown vulnerabilities. A Java version is also available, which
works with any Servlet 2.3 compatible web server.
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org