Apache firewall ModSecurity 2.0 completely rewritten
Version 2.0 of the application firewall ModSecurity for the Apache web server has been released and represents a complete rewrite. Ivan Ristic, the project's lead developer, discussed the main changes in an interview with SecurityFocus. For example, five processing phases, rather than the two used previously, permit fine-grained control of the time point at which a filter rule is applied. There are also many new functions for modifying HTTP queries and responses.
The newly created ability to pass or receive data between the individual filter instances should also have far-reaching consequences. It permits, for example, the monitoring of a complete session or dynamic filtering of suspicious IP addresses or vandalising users. Ristic stresses that version 2.0 has been developed from top to bottom with a modular structure. He expects that the improved portability will see versions of ModSecurity for other platforms such as Microsoft IIS in the near future.
ModSecurity 2.0 remains GPL software, with source code and binary packages available for download from the website, including for Debian, Fedora and FreeBSD. With ModSecurity Console Breach Security is also offering a commercial front end for the application firewall, to facilitate configuration and assessment of results. Use is free for private users. Breach Security acquired the rights to ModSecurity just two months ago in their takeover of Thinking Stone from Ristic.
- Ivan Ristic on the new features in ModSecurity 2.0, interview on SecurityFocus