Ivan Ristic Writes "ModSecurity 1.9 FINAL has been released. It is available for immediate download from:
http://www.modsecurity.org/download/
After more than a year in development, ModSecurity 1.9 introduces a number of changes that further increase usefulness of
this web application security tool.
Changes (since 1.8)
——————-
Major enhancements include:
* A brand new audit logging subsystem aimed at supporting real time aggregation of the forensic logs. It is now possible
to fine-tune forensic logging and even log complete responses.
* Significant rule engine enhancements that increase flexibility, introduce meta-data facilities, and allow for safe inclu
sion of third-party produced rule databases.
* A new stateful request monitoring mechanism, which includes tools for defence against Denial of Service attacks.
* Many smaller improvements throughout, including: performance measurement, ten new actions, seventeen new variables, outp
ut status filtering, performance improvements, support for methods other than GET and POST, ClamAV integration, and so on.
For a list with more details please visit:
http://www.modsecurity.org/blog/archives/2005/09/whats_new_in_mo.html "
