Modsecurity v2.7.0 rc1


ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

changelog 2.7.0-rc1
-----------------------
* Added SecEncryptionEngine. Initial crypt engine support, at the momment it will sign some Html and Response Header options.

* Added SecEncryptionKey to define the a rand or static key for crypt engine.

* Added SecEncryptionParam to define the new parameter name.

* Added SecEncryptionMethodRx used with a regular expression to inspect the html in response body/header and decide what to protect.

* Added SecEncryptionMethodPm used with multiple or single strings to inspect the html in response body/header and decide what to protect.

* Added ctl encryptionEngine as a per transaction version of SecEncryptionEgine diretive.

* Added ctl encryptionEnforcement that will allow the engine to sign the data but the enforcement is disabled.

* Added validateEncryption operator to enforce the signed elements.

* Added rsub operator supports the syntax |hex| allowing users to use special chars like \n \r.

* Added SecRuleUpdateTargetById now supports id range.

* Added SecRuleUpdateTargetByMsg and its ctl version (Thanks Scott Gifford).

* Added SecRuleUpdateTargetByTag and its ctl version (Thanks Scott Gifford).

* Added SecRulePerfTime when greater than zero it will fill rule id's execution time into PERF_RULE and log id=usec information in the new Perf-rule-info: line in part H.

* Added PERF_RULES variable that contains rule execution time.

* Added Engine-mode: section in part H.

* Added ruleRemoveByMsg ctl version.

* Added removeCommentsChar and removeComments now can work with style.

* Added SecArgumentSeparator and SecCookieFormat can be used in different scope locations.

* Added Rules must have ID action and must be numeric.

* Added The use of tfns are deprecated in SecDefaultAction. Should be forbid in the future.

* Added Macro expansion support to the action pause.

* Added IpmatchFromFile/IpmatchF operator.

* Added New setrsc action, the RESOURCE collection used SecWebAppId Name Space

* Added Configure option --enable-cache-lua that allows reuse of Lua VM per transaction.

It will only take any effect when ModSecurity has multiple scripts to run per transaction.

* Added Configure option --enable-pcre-jit that allows ModSecurity regex engine to use PCRE Jit support.

* Added Configure option --enable-request-early that allows ModSecurity run phase 1 in post_read_request hook.

* Added RBL operator now support the httpBl api (http://www.projecthoneypot.org/httpbl_api.php).

* Added SecHttpBlKey to be used with httpBl api.

* Added SecSensorId will specify the modsecurity sensor name into audit log part H.

* Added aliases to phase:2 (phase:request), phase:4 (phase:response) and phase:5 (phase:logging).

* Added USERAGENT_IP variable. Created when Apache24 is used with mod_remoteip to know the real client ip address.

*Added new rule metadata actions ver, maturity and accuracy. Also included into RULE collection.

* Updated Reference manual into doc/ directory.

* Fixed Variable DURATION contains the elapsed time in microseconds for compatible reasons with Apache and other variables.

* Fixed Preserve names/identity of the variables going into MATCHED_VARS.

* Fixed Redirect macro expansion does not work in SecDefaultAction when SecRule uses block action.

* Fixed rsub operator does not work as expect if regex contains parentheses (Thanks Jerome Freilinger).

* Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow anymore the malware database for download.

Download : modsecurity-apache_2.7.0-rc1.tar.gz (811.2 kB)

For more information : http://www.modsecurity.org/