« PHP Worm in the Wild | Main | OWASP vs WASC »

ModSecurity 1.9 FINAL has been released

Ivan Ristic Writes "ModSecurity 1.9 FINAL has been released. It is available for immediate download from:


After more than a year in development, ModSecurity 1.9 introduces a number of changes that further increase usefulness of this web application security tool.

Changes (since 1.8)

Major enhancements include:
* A brand new audit logging subsystem aimed at supporting real time aggregation of the forensic logs. It is now possible to fine-tune forensic logging and even log complete responses.

* Significant rule engine enhancements that increase flexibility, introduce meta-data facilities, and allow for safe inclu sion of third-party produced rule databases.

* A new stateful request monitoring mechanism, which includes tools for defence against Denial of Service attacks.

* Many smaller improvements throughout, including: performance measurement, ten new actions, seventeen new variables, outp ut status filtering, performance improvements, support for methods other than GET and POST, ClamAV integration, and so on.

For a list with more details please visit:

http://www.modsecurity.org/blog/archives/2005/09/whats_new_in_mo.html "


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!