WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

[ANNOUNCE] ModSecurity 1.9RC1 has been released

From: Ivan Ristic <ivanr () webkreator com>
Date: Thu, 06 Oct 2005 11:53:50 +0100

ModSecurity 1.9RC1 has been released. It is available for immediate
download from:

    http://www.modsecurity.org/download/

This is the first release candidate in the 1.9.x branch. A stable
release is expected on Monday, October 31. Users are encouraged to
test this release thoroughly to catch any potentially remaining
problems.


Changes (since 1.9dev4)
-----------------------

A new SecFilterSignatureAction directive was added to allow for the
separation of policy and rule metadata. It allows rules that have
custom action lists to use the list defined with this directive as
a template. Improvements were made to the multipart parser, which
is now more robust and more strict in what it accepts. Several bugs
were fixed. Code clean-ups were made and a new regression testing
tool was added.

To see a list of improvements since 1.8 visit:
http://www.modsecurity.org/blog/archives/2005/09/whats_new_in_mo.html


About ModSecurity
-----------------
ModSecurity is a web application firewall, designed to protect
vulnerable applications and reject manual and automated attacks.
It is an open source intrusion detection and prevention system. It
can work embedded in Apache, or as a standalone security device when
configured to work as part of an Apache-based reverse proxy.

Optionally, ModSecurity creates application audit logs, which contain
the full request body in addition to all other details. Requests are
filtered using regular expressions. Some of the things possible are:

  * Apply filters against any part of the request (URI,
    headers, either GET or POST)
  * Apply filters against individual parameters
  * Reject SQL injection attacks
  * Reject Cross site scripting attacks
  * Store the files uploaded through the web server, and have them
    checked by external scripts

With few general rules ModSecurity can protect from both known
and unknown vulnerabilities. A Java version is also available, which
works with any Servlet 2.3 compatible web server.

--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
Previous By Date Next
Previous By Thread Next

Current thread: