ModSecurity 2.7.0-RC3 Candidate Released - Web application firewall

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.


XX NNN 2012 - 2.7.0-rc3 release log 

 * Fixed requests bigger than SecRequestBodyNoFilesLimit were truncated even engine mode was detection only.
 * Fixed double close() for multipart temporary files (Thanks Seema Deepak).
 * Fixed many small issues reported by Coverity Scanner (Thanks Peter Vrabek).
 * Fixed format string issue in ngnix experimental code. (Thanks Eldar Zaitov).
 * Added ctl:ruleRemoveTargetById/Tag/Msg and removed ctl:ruleUpdateTargetById/Tag/Msg.
 * Added IIS and Ngnix platform code.
 * Added new transformation utf8toUnicode.

Download other versions -

Documentation
Live Wiki Documentation
The Wiki Documentation will always be the most up-to-date.
Reference Manual
FAQ
Migration Matrix
Log Data Format Documentation
Roadmap


Visit website -

http://www.modsecurity.org/
Stable Releases

ModSecurity is an open source product licensed under ASLv2. It comes with full source code and documentation. Older releases are signed by Ivan Ristic or Brian Rectanus. Newer releases are signed by Breno Silva. These public keys are available via most PGP key server mirrors.
modsecurity-apache_2.6.7.tar.gz (PGP MD5)

NOTE: Direct downloads are handled by the SourceForge.net project page. More downloads are available there than listed on this page.
Snapshot/Candidate Releases

As part of an ongoing effort to improve the overall release process, these snapshots will be very similar to full releases, except that they might also have some small issue to solve before release a stable version.
ModSecurity v2.7.0 modsecurity-apache_2.7.0-rc3.tar.gz (v2.7.0-RC3) (CHANGES)

ModSecurity for IIS v2.7.0 ModSecurityIIS_2.7.0-rc3.msi

Development Releases

If you would like to test out new features that are available in development releases, just follow these steps to sync with the SourceForge SVN repository:

  1. Create a directory to clone the code:
    mkdir /path/to/home/svn/modsecurity
    cd /path/to/home/svn
  2. Clone the source code:
    SVN:
    svn co https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk modsecurity
    GIT:
    git svn clone --prefix=svn/ https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk modsecurity
Community-Produced Binary packages
There are no binary packages on modsecurity.org. Below is a list of third-party sites that sometimes have an up-to-date binary version of ModSecurity:
RHEL/CentOS Yum Repository (Jason Litka)
http://www.jasonlitka.com/yum-repository/

Debian (Alberto Gonzalez Iniesta):
http://packages.debian.org/search?searchon=sourcenames&keywords=modsecurity-apache

Fedora Core (Michael Fleming):
http://fedoraproject.org/wiki/EPEL
FreeBSD (Alex Dupre):
http://www.freebsd.org/cgi/ports.cgi?query=mod_security&stype=all
Gentoo:
http://www.gentoo-portage.com/www-apache/mod_security
Apache 2.x on Windows (Steffen):
http://www.apachelounge.com/
HP-UX (Internet Express):
http://h20338.www2.hp.com/hpux11i/cache/324414-0-0-0-121.html
Netware, Windows (Guenter Knauf):
http://www.gknw.at/development/apache/


Resources
[1]   ModSecurity home page: http://www.modsecurity.org/

Previous post regarding ModSecurity -
http://santoshdudhade.blogspot.in/2012/04/what-ismodsecurity-or-modsecurity.html
http://santoshdudhade.blogspot.in/2012/04/secure-apache-2x-web-server-with.html
http://santoshdudhade.blogspot.in/2012/07/mod-security-v267.html