In association with heise online

14 February 2011, 15:41

Two open source web application firewalls announced

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IronBee logo At the RSA Conference, two companies, Qualys and art of defence, have each announced their own open source, cloud-based web application firewalls (WAF). WAFs examine http traffic rather than the traditional IP packets, in order to evaluate the movement of data and code. This could trap, for example, cross site scripting attacks, embedded JavaScript based attacks or request forgery; a WAF could then either block or modify the traffic to neutralise the threat.

Qualys announced IronBee, which has been created by the team that developed the open source WAF modsecurity. Qualys is collaborating with content delivery specialists Akamai in the development of IronBee. The project will actually have two components, IronBee itself and a library, LibHTP, designed for the parsing of HTTP content with security in mind. The developers are currently looking for early adopters to play a part in future development plans. Source code is already available, IronBee is published under the Apache Licence version 2 and there are no copyright assignment requirements. A white paperPDF on IronBee is also available

OpenWAF logo Art of defence has also announced an open source WAF, OpenWAF, but at the time of writing, it has not released any source code saying this "will be released soon after some necessary rework on code licensed from a third party" and then released in "waves". OpenWAF will also be licensed under the Apache Licence version 2. The web site offers nightly built binaries for download for CentoS 4,/5/5.4/5.5, Debian 4/5/6, Fedora Core 14, Gentoo, RHEL 3/4/5/5.4, Solaris 10, Ubuntu 8.04/9.10/10.04/10.10 and Windows. A quick start guide is also available.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit