Thread: [mod-security-users] ModSecurity 1.9.2 has been released
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Ivan R. <iv...@we...> - 2006-01-17 16:03:39
|
ModSecurity 1.9.2 has been released. It is available for
immediate download from:
http://www.modsecurity.org/download/
ModSecurity 1.9.2 is primarily a bug-fix release, but it
includes a few interesting new features.
ModSecurity can now be compiled against PCRE regex library
(Apache 1.3.x only, Apache 2.x already uses PCRE), resulting
in large performance increase. It is also possible to compile
ModSecurity not to use suEXEC for process creation. Some
concurrent audit logging improvements. New proof-of-concept
script for real-time audit log centralisation. Many smaller
bug fixes and improvements throughout.
About ModSecurity
-----------------
ModSecurity is a web application firewall designed to protect
vulnerable applications and reject manual and automated attacks.
It is an open source intrusion detection and prevention system. It
can work embedded in Apache, or as a standalone security device when
configured to work as part of an Apache-based reverse proxy.
Optionally, ModSecurity creates application audit logs, which contain
the full request body in addition to all other details. Requests are
filtered using regular expressions. Some of the things possible are:
* Apply filters against any part of the request (URI,
headers, either GET or POST)
* Apply filters against individual parameters
* Reject SQL injection attacks
* Reject Cross site scripting attacks
* Store the files uploaded through the web server, and have them
checked by external scripts
With a few general rules ModSecurity can protect from both known
and unknown vulnerabilities. It excels as a tool for HTTP traffic
monitoring and just-in-time patching.
ModSecurity is dual-licensed. It can be used at no cost under the
terms of GPL v2. Support and commercial licences (for end-users
and OEM distributors) can be obtained from Thinking Stone
(http://www.thinkingstone.com).
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
Tel: +44 20 8141 2161, Fax: +44 87 0762 3934
|
|
From: Steffen <in...@ap...> - 2006-01-17 17:09:38
|
The windows binary is available for Apache 2.2.0 and 2.0.55 at http://www.apachelounge.com . Steffen ----- Original Message ----- From: "Ivan Ristic" <iv...@we...> To: <mod...@li...> Cc: <mod...@li...> Sent: Tuesday, January 17, 2006 5:03 PM Subject: [mod-security-users] ModSecurity 1.9.2 has been released > > ModSecurity 1.9.2 has been released. It is available for > immediate download from: > > http://www.modsecurity.org/download/ > > ModSecurity 1.9.2 is primarily a bug-fix release, but it > includes a few interesting new features. > > ModSecurity can now be compiled against PCRE regex library > (Apache 1.3.x only, Apache 2.x already uses PCRE), resulting > in large performance increase. It is also possible to compile > ModSecurity not to use suEXEC for process creation. Some > concurrent audit logging improvements. New proof-of-concept > script for real-time audit log centralisation. Many smaller > bug fixes and improvements throughout. > > > About ModSecurity > ----------------- > ModSecurity is a web application firewall designed to protect > vulnerable applications and reject manual and automated attacks. > It is an open source intrusion detection and prevention system. It > can work embedded in Apache, or as a standalone security device when > configured to work as part of an Apache-based reverse proxy. > > Optionally, ModSecurity creates application audit logs, which contain > the full request body in addition to all other details. Requests are > filtered using regular expressions. Some of the things possible are: > > * Apply filters against any part of the request (URI, > headers, either GET or POST) > * Apply filters against individual parameters > * Reject SQL injection attacks > * Reject Cross site scripting attacks > * Store the files uploaded through the web server, and have them > checked by external scripts > > With a few general rules ModSecurity can protect from both known > and unknown vulnerabilities. It excels as a tool for HTTP traffic > monitoring and just-in-time patching. > > ModSecurity is dual-licensed. It can be used at no cost under the > terms of GPL v2. Support and commercial licences (for end-users > and OEM distributors) can be obtained from Thinking Stone > (http://www.thinkingstone.com). > > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > |
|
From: Michael F. <mfl...@en...> - 2006-01-18 04:48:41
|
Ivan Ristic writes: > > ModSecurity 1.9.2 has been released. It is available for > immediate download from: > > http://www.modsecurity.org/download/ > For users of Fedora Core (3,4 and rawhide, which will soon be FC5) I have updated the FC Extras RPM (mod_security) to this version. It should be pushed out to the FE mirrors in the next day or so (whenever their build system pushes newly built packages..) Cheers, Michael Fleming (modsecurity package maintainer for Fedora Extras) |
|
From: Ivan R. <iv...@we...> - 2006-01-18 11:29:42
|
Michael Fleming wrote: > Ivan Ristic writes: > >> >> ModSecurity 1.9.2 has been released. It is available for >> immediate download from: >> >> http://www.modsecurity.org/download/ >> > > For users of Fedora Core (3,4 and rawhide, which will soon be FC5) I > have updated the FC Extras RPM (mod_security) to this version. It should > be pushed out to the FE mirrors in the next day or so (whenever their > build system pushes newly built packages..) Is there a page I could link to from modsecurity.org? Is this it: http://fedoraproject.org/wiki/Extras ? Thanks! -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
|
From: Alberto G. I. <ag...@in...> - 2006-01-18 09:09:10
|
On Tue, Jan 17, 2006 at 04:03:03PM +0000, Ivan Ristic wrote: >=20 > ModSecurity 1.9.2 has been released. It is available for > immediate download from: >=20 > http://www.modsecurity.org/download/ >=20 > ModSecurity 1.9.2 is primarily a bug-fix release, but it > includes a few interesting new features. >=20 Due to incompatibility issues with the GPL and the Apache license, ModSecurity packages will be removed from the official Debian archive soon. I'll continue to maintain those packages on my site. 1.9.2-pre3 are already there, 1.9.2 will be real soon. You may add this line to /etc/apt/sources.list to install them via apt: deb http://etc.inittab.org/~agi/debian/libapache-mod-security ./ --=20 Alberto Gonzalez Iniesta | Formaci=F3n, consultor=EDa y soporte t=E9cn= ico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint =3D 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 |
|
From: Ivan R. <iv...@we...> - 2006-01-18 11:26:27
|
Alberto Gonzalez Iniesta wrote: > On Tue, Jan 17, 2006 at 04:03:03PM +0000, Ivan Ristic wrote: >> ModSecurity 1.9.2 has been released. It is available for >> immediate download from: >> >> http://www.modsecurity.org/download/ >> >> ModSecurity 1.9.2 is primarily a bug-fix release, but it >> includes a few interesting new features. >> > > Due to incompatibility issues with the GPL and the Apache license, > ModSecurity packages will be removed from the official Debian archive > soon. I'll continue to maintain those packages on my site. 1.9.2-pre3 are > already there, 1.9.2 will be real soon. You may add this line to > /etc/apt/sources.list to install them via apt: > > deb http://etc.inittab.org/~agi/debian/libapache-mod-security ./ I'll upload this information to modsecurity.org when the binaries for 1.9.2 appear. Thanks! -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
Thanks for helping keep SourceForge clean.
X