WebApp Sec mailing list archives
[ANNOUNCE] ModSecurity 1.9RC1 has been released
From: Ivan Ristic <ivanr () webkreator com>
Date: Thu, 06 Oct 2005 11:53:50 +0100
ModSecurity 1.9RC1 has been released. It is available for immediate download from: http://www.modsecurity.org/download/ This is the first release candidate in the 1.9.x branch. A stable release is expected on Monday, October 31. Users are encouraged to test this release thoroughly to catch any potentially remaining problems. Changes (since 1.9dev4) ----------------------- A new SecFilterSignatureAction directive was added to allow for the separation of policy and rule metadata. It allows rules that have custom action lists to use the list defined with this directive as a template. Improvements were made to the multipart parser, which is now more robust and more strict in what it accepts. Several bugs were fixed. Code clean-ups were made and a new regression testing tool was added. To see a list of improvements since 1.8 visit: http://www.modsecurity.org/blog/archives/2005/09/whats_new_in_mo.html About ModSecurity ----------------- ModSecurity is a web application firewall, designed to protect vulnerable applications and reject manual and automated attacks. It is an open source intrusion detection and prevention system. It can work embedded in Apache, or as a standalone security device when configured to work as part of an Apache-based reverse proxy. Optionally, ModSecurity creates application audit logs, which contain the full request body in addition to all other details. Requests are filtered using regular expressions. Some of the things possible are: * Apply filters against any part of the request (URI, headers, either GET or POST) * Apply filters against individual parameters * Reject SQL injection attacks * Reject Cross site scripting attacks * Store the files uploaded through the web server, and have them checked by external scripts With few general rules ModSecurity can protect from both known and unknown vulnerabilities. A Java version is also available, which works with any Servlet 2.3 compatible web server. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org
Current thread:
- [ANNOUNCE] ModSecurity 1.9RC1 has been released Ivan Ristic (Oct 06)