Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews


LINUX CATEGORIES:



GLOBAL PAGES >>
NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
WEEK'S BEST
  • Linux Kernel 3.9.6 / 3....
  • Linux Kernel 3.0.82 LTS...
  • KDE Software Compilatio...
  • PulseAudio 4.0
  • Wireshark 1.10.0
  • NetworkManager 0.9.8.2
  • LibreOffice 3.6.6 / 4.0...
  • SystemRescueCd 3.7.0
  • Linux Kernel 3.10 RC6
  • Ubuntu Tweak 0.8.5
    		•
    Home > Linux > Internet > HTTP (WWW)

    ModSecurity 2.6.2 / 2.6.3 RC1
    Download button

    No screenshots available
    Downloads: 1,333  View global page NEW!  Tell us about an update
    User Rating:
    Rated by:    		 Good (3.1/5)
    29 user(s)
    Developer:

    License / Price:

    Last Updated:

    Category:         		Ivan Ristic | More programs
    GPL / FREE
    December 7th, 2011, 12:11 GMT [view history]
    ROOT / Internet / HTTP (WWW)

     Read user reviews (0)  Refer to a friend  Subscribe

    ModSecurity description

    ModSecurity is an intrusion detection and prevention module for the Apache Web server.

    ModSecurity is an FREE and GPL lincesed software for intrusion detection and prevention engine for web applications.

    Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.


    Product's homepage

    What's New in This Release: [ read full changelog ]

    · Fixed SecUploadFileMode to set the correct mode.
    · Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions.
    · Added additional file info definitions introduced in APR 0.9.5 so that build will work with older APRs (IBM HTTP Server v6).
    · Added SecUploadFileLimit to limit the number of uploaded file parts that will be processed in a multipart POST. The default is 100.
    · Fixed path normalization to better handle backreferences that extend above root directories. Reported by Sogeti/ESEC R&D.
    · Trim whitespace around phrases used with @pmFromFile and allow for both LF and CRLF terminated lines.
    · Allow for more robust parsing for multipart header folding. Reported by Sogeti/ESEC R&D.
    · Fixed failure to match internally set TX variables with regex (TX:/.../) syntax.
    · Fixed failure to log full internal TX variable names and populate MATCHED_VAR* vars.
    · Enabled PCRE "studying" by default. This is now a configure-time option.
    · Added PCRE match limits (SecPcreMatchLimit/SecPcreMatchLimitRecursion) to aide in REDoS type attacks. A rule that goes over the limits will set TX:MSC_PCRE_LIMITS_EXCEEDED. It is intended that the next major release of ModSecurity (2.6.x) will move these flags to a dedicated collection.
    · Reduced default PCRE match limits reducing impact of REDoS on poorly written regex rules. Reported by Sogeti/ESEC R&D.
    · Fixed memory leak in v1 cookie parser. Reported by Sogeti/ESEC R&D.
    · Now support macro expansion in numeric operators (@eq, @ge, @lt, etc.)
    · Update copyright to 2010.
    · Reserved 700,000-799,999 IDs for Ivan Ristic.
    · Fixed SecAction not working when CONNECT request method is used (MODSEC-110). [Ivan Ristic]
    · Do not escape quotes in macro resolution and only escape NUL in setenv values.

      


    TAGS:

    		 intrusion detection | prevention module | apache intrusion detection | ModSecurity | apache | prevention

    Go to top

    WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

    SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
    © 2001 - 2013 Softpedia. All rights reserved.
    Softpedia® and the Softpedia® logo are
    registered trademarks of SoftNews NET SRL.    		 Copyright Information | Privacy Policy | Terms of Use