Two open source web application firewalls announced
Qualys announced IronBee, which has been created by the team that developed the open source WAF modsecurity. Qualys is collaborating with content delivery specialists Akamai in the development of IronBee. The project will actually have two components, IronBee itself and a library, LibHTP, designed for the parsing of HTTP content with security in mind. The developers are currently looking for early adopters to play a part in future development plans. Source code is already available, IronBee is published under the Apache Licence version 2 and there are no copyright assignment requirements. A white paper on IronBee is also available
Art of defence has also announced an open source WAF, OpenWAF, but at the time of writing, it has not released any source code saying this "will be released soon after some necessary rework on code licensed from a third party" and then released in "waves". OpenWAF will also be licensed under the Apache Licence version 2. The OpenWAF.org web site offers nightly built binaries for download for CentoS 4,/5/5.4/5.5, Debian 4/5/6, Fedora Core 14, Gentoo, RHEL 3/4/5/5.4, Solaris 10, Ubuntu 8.04/9.10/10.04/10.10 and Windows. A quick start guide is also available.