ModSecurity Breach

ModSecurity v2.5 is now available. Some of the new features include: parallel text matching, Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting, as well as many others.
More Info



News and Updates

ModSecurity v2.5.5
(June 6, 2008)
ModSecurity v2.5.5 is a maintenance release, which fixes a few bugs and compatibility problems (e.g. the WordPress upload issue).

ModSecurity v2.5.4
(May 8, 2008)
ModSecurity v2.5.4 is a maintenance release, which fixes an issue with transformation caching that would, in some cases, cause targets to be incorrectly transformed.

ModSecurity Console v1.0.5
(May 7, 2008)
ModSecurity Console v1.0.5 fixes a small bug when displaying multipart requests.

ModSecurity v2.5.3
(April 25, 2008)
ModSecurity v2.5.3 is a maintenance release, which fixes a few small defects in the code and in the rules. This version also allows macros to be expanded in the expirevar and deprecatevar actions.

ModSecurity Console v1.0.4
(April 25, 2008)
ModSecurity Console v1.0.4 fixes a small regression introduced in v1.0.3.

ModSecurity Console v1.0.3
(April 15, 2008)
ModSecurity Console v1.0.3 brings performance improvements, SSL mode by default, and support for the new K part of the audit log (available since ModSecurity v2.5).

ModSecurity v2.1.7 and v2.5.2
(April 3, 2008)
ModSecurity v2.1.7 and v2.5.2 are maintenance releases, which fix a few small issues.


What Is ModSecurity?

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

It is also an open source project that aims to make the web application firewall technology available to everyone.

Books

Apache Security cover

Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O'Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.

Preventing Web Attacks with Apache cover

Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.

Breach

Support/Mailing lists

Community support is available on the mod-security-users/lists.sourceforge.net mailing list. You must subscribe first (by clicking here) in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

Commercial support and appliances based on ModSecurity can be obtained from Breach Security.

Getting Started

 ModSecurity FAQ
Web Intrusion Detection with ModSecurity (ApacheCon Europe 2008)
Introducing ModSecurity
Introducing Core Rules
ModSecurity 2 Deployment
ModSecurity 2 Rule Language
Securing Web Services with ModSecurity 2
Ajax Fingerprinting and Filtering with ModSecurity 2

External Links

ModSecurity 2.0 with Ivan Ristic
ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time patching for closed source applications.

Web Application Firewalls Primer
Introduction to Web Application Firewalls, published in INSECURE Magazine 1.5.

Talks

Our talks are available for download following the links below:

Web Application Firewalls:
When Are They Useful?
(May 31, 2006)
ModSecurity Elevator Pitch
(February 20, 2006)
Threat Modelling for Web Applications
(January 27, 2006)
Apache Security Training
(October 27, 2005)
Web Intrusion Detection with ModSecurity
(October 27, 2005)
ModSecurity Status
Stable: 2.5.5 (6 June 2008)
Older-Stable: 2.1.7 (3 Apr 2008)

ModSecurity Blog

Jul 3, 2008
ModSecurity In HP-UX Internet Express
We receive questions about ModSecurity running on HP-UX from time to time, but since we don't have access to the platform there is very little we can do to help. Fortunately, most questions fall into the "Does it run?" category....

Jun 18, 2008
ModSecurity Licensing Exception Draft Is Ready
As you may know, ModSecurity is licensed under GPL version 2. This licence has served us reasonably well, but there’s been one problem that has been following us for a long time. I chose to use the GPLv2 for ModSecurity,...

Jun 6, 2008
Integrating Vulnerability Scanners and Web Application Firewalls
In case you missed it, Breach Security has teamed up with WhiteHat Security so that their Sentinel scanning service will automatically create custom ModSecurity rules for certain classes of vulnerabilities that they find in your web applications. This works with...

Jun 5, 2008
ModSecurity Is Blooming
OWASP AppSec Europe 2008 in Ghent, which I wrote about in a previous post, indeed felt like a ModSecurity user meeting. We kicked-off the conference with 2 days of ModSecurity training, with 8 people attending. Eight is not only the...