Ivan Ristic Writes "ModSecurity 1.9 FINAL has been released. It is available for immediate download from:
After more than a year in development, ModSecurity 1.9 introduces a number of changes that further increase usefulness of this web application security tool.
Changes (since 1.8)
Major enhancements include:
* A brand new audit logging subsystem aimed at supporting real time aggregation of the forensic logs. It is now possible to fine-tune forensic logging and even log complete responses.
* Significant rule engine enhancements that increase flexibility, introduce meta-data facilities, and allow for safe inclu sion of third-party produced rule databases.
* A new stateful request monitoring mechanism, which includes tools for defence against Denial of Service attacks.
* Many smaller improvements throughout, including: performance measurement, ten new actions, seventeen new variables, outp ut status filtering, performance improvements, support for methods other than GET and POST, ClamAV integration, and so on.
For a list with more details please visit: