ModSecurity Breach

ModSecurity v2.5 is now available. Some of the new features include: parallel text matching, Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting, as well as many others.
More Info



News and Updates

ModSecurity v2.5.6
(July 31, 2008)
ModSecurity v2.5.6 is a maintenance release, which fixes the stability and evasion issues in the transformation cache subsystem. Furthermore, transformation caching is now deprecated, and you are advised to turn it off in your configuration. This is also the first version of ModSecurity to use a licensing exception to make mixing with other open source projects possible.

ModSecurity v2.5.5
(June 6, 2008)
ModSecurity v2.5.5 is a maintenance release, which fixes a few bugs and compatibility problems (e.g. the WordPress upload issue).

ModSecurity v2.5.4
(May 8, 2008)
ModSecurity v2.5.4 is a maintenance release, which fixes an issue with transformation caching that would, in some cases, cause targets to be incorrectly transformed.

ModSecurity Console v1.0.5
(May 7, 2008)
ModSecurity Console v1.0.5 fixes a small bug when displaying multipart requests.

ModSecurity v2.5.3
(April 25, 2008)
ModSecurity v2.5.3 is a maintenance release, which fixes a few small defects in the code and in the rules. This version also allows macros to be expanded in the expirevar and deprecatevar actions.


What Is ModSecurity?

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

It is also an open source project that aims to make the web application firewall technology available to everyone.

Books

Apache Security cover

Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O'Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.

Preventing Web Attacks with Apache cover

Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.

Breach

Support/Mailing lists

Community support is available on the mod-security-users/lists.sourceforge.net mailing list. You must subscribe first (by clicking here) in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

Commercial support and appliances based on ModSecurity can be obtained from Breach Security.

Getting Started

 ModSecurity FAQ
Web Intrusion Detection with ModSecurity (ApacheCon Europe 2008)
Introducing ModSecurity
Introducing Core Rules
ModSecurity 2 Deployment
ModSecurity 2 Rule Language
Securing Web Services with ModSecurity 2
Ajax Fingerprinting and Filtering with ModSecurity 2

External Links

ModSecurity 2.0 with Ivan Ristic
ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time patching for closed source applications.

Web Application Firewalls Primer
Introduction to Web Application Firewalls, published in INSECURE Magazine 1.5.

Talks

Our talks are available for download following the links below:

Web Application Firewalls:
When Are They Useful?
(May 31, 2006)
ModSecurity Elevator Pitch
(February 20, 2006)
Threat Modelling for Web Applications
(January 27, 2006)
Apache Security Training
(October 27, 2005)
Web Intrusion Detection with ModSecurity
(October 27, 2005)
ModSecurity Status
Stable: 2.5.6 (31 July 2008)
Development: --

ModSecurity Blog

Aug 6, 2008
Microsoft and Oracle Helping "Time-to-Fix" Problems
Before I talk to the title of this post, I have to provide a little back story. I have had an ongoing DRAFT blog post whose subject was basically a rant against many vendors who were unwilling to offer vulnerability...

Aug 4, 2008
ModSecurity 2.5.6 and Mlogc
The ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log data to a console or Breach Security appliance. The final packaged release of ModSecurity 2.5.6 did not contain the mlogc source as it should have. This means that...

Aug 4, 2008
ModSecurity Party at Black Hat
Breach Security (also known as the company behind ModSecurity) is organising an OWASP/WASC party at Black Hat US again this year, but if you are a ModSecurity user we are going to call it a ModSecurity party. See below for...

Aug 1, 2008
Transformation Caching Unstable, Fixed, But Deprecated
We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the subsystem is unstable, can crash your server server, and is even susceptible to evasion in certain circumstances. Although the issues have all been fixed in 2.5.6...

Jul 29, 2008
ModSecurity In Solaris
Although Solaris has been supported as a platform for ModSecurity since the very beginning, it has now become part of Sun's Cool Stack: Cool Stack is a collection of some of the most commonly used open source applications optimized for...