ModSecurity Breach

ModSecurity v2.5 is now available. Some of the new features include: parallel text matching, Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting, as well as many others.
More Info



News and Updates

ModSecurity v2.5.4
(May 8, 2008)
ModSecurity v2.5.4 is a maintenance release, which fixes an issue with transformation caching that would, in some cases, cause targets to be incorrectly transformed.

ModSecurity Console v1.0.5
(May 7, 2008)
ModSecurity Console v1.0.5 fixes a small bug when displaying multipart requests.

ModSecurity v2.5.3
(April 25, 2008)
ModSecurity v2.5.3 is a maintenance release, which fixes a few small defects in the code and in the rules. This version also allows macros to be expanded in the expirevar and deprecatevar actions.

ModSecurity Console v1.0.4
(April 25, 2008)
ModSecurity Console v1.0.4 fixes a small regression introduced in v1.0.3.

ModSecurity Console v1.0.3
(April 15, 2008)
ModSecurity Console v1.0.3 brings performance improvements, SSL mode by default, and support for the new K part of the audit log (available since ModSecurity v2.5).

ModSecurity v2.1.7 and v2.5.2
(April 3, 2008)
ModSecurity v2.1.7 and v2.5.2 are maintenance releases, which fix a few small issues.

ModSecurity v2.5.1
(March 17, 2008)
ModSecurity v2.5.1 release fixes a few minor problems, including one problem in the transformation caching code.

ModSecurity v2.5.0
(February 20, 2008)
ModSecurity v2.5.0 is the first release of the 2.5.x branch, the long awaited next stable version of ModSecurity. It introduces many significant features and improvements.


What Is ModSecurity?

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

It is also an open source project that aims to make the web application firewall technology available to everyone.

Books

Apache Security cover

Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O'Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.

Preventing Web Attacks with Apache cover

Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.

Breach

Support/Mailing lists

Community support is available on the mod-security-users/lists.sourceforge.net mailing list. You must subscribe first (by clicking here) in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

Commercial support and appliances based on ModSecurity can be obtained from Breach Security.

Getting Started

 ModSecurity FAQ
Web Intrusion Detection with ModSecurity (ApacheCon Europe 2008)
Introducing ModSecurity
Introducing Core Rules
ModSecurity 2 Deployment
ModSecurity 2 Rule Language
Securing Web Services with ModSecurity 2
Ajax Fingerprinting and Filtering with ModSecurity 2

External Links

ModSecurity 2.0 with Ivan Ristic
ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time patching for closed source applications.

Web Application Firewalls Primer
Introduction to Web Application Firewalls, published in INSECURE Magazine 1.5.

Talks

Our talks are available for download following the links below:

Web Application Firewalls:
When Are They Useful?
(May 31, 2006)
ModSecurity Elevator Pitch
(February 20, 2006)
Threat Modelling for Web Applications
(January 27, 2006)
Apache Security Training
(October 27, 2005)
Web Intrusion Detection with ModSecurity
(October 27, 2005)
ModSecurity Status
Stable: 2.5.4 (8 May 2008)
Older-Stable: 2.1.7 (3 Apr 2008)

ModSecurity Blog

May 8, 2008
ModSecurity 2.5 Phrase Match Operator Performance
Quite a few people have asked about the performance differences between using the regular expression (@rx) operator and using the phrase match (@pm or @pmFromFile) operator. Lately, I have been working on better methods of gathering performance statistics and want...

May 7, 2008
ModSecurity Party in Ghent on May 20th
In my previous post, in which I was commenting on the OWASP AppSec agenda, I forgot to mention the party. What was I thinking?! Breach Security is throwing a cocktail party on May 20th, which is the last training day...

Apr 30, 2008
Great talks at OWASP AppSec Europe 2008 in Belgium
Judging from the list of talks alone, it looks like OWASP AppSec Europe in Belgium is going to be a great conference, especially if you are interested in web application firewalls and ModSecurity: I will be giving a talk on...

Apr 18, 2008
PCI Council clarifies Requirement 6.6, ends ambiguities
If you care about the PCI standard, you should head over to my personal blog, where I have published a summary of the clarifications made by the PCI Council regarding Requirement 6.6 (code reviews and application firewalls).

Apr 15, 2008
ModSecurity Community Console v1.0.3 Now Available
I've just released an update to ModSecurity Community Console, our free audit log aggregation solution with support for up to 3 ModSecurity sensors. The focus of this release is the support for part K of the ModSecurity audit log format...