ModSecurity Breach

ModSecurity v2.5 is now available. Some of the new features include: parallel text matching, Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting, as well as many others.
More Info



News and Updates

ModSecurity v2.5.5
(June 6, 2008)
ModSecurity v2.5.5 is a maintenance release, which fixes a few bugs and compatibility problems (e.g. the WordPress upload issue).

ModSecurity v2.5.4
(May 8, 2008)
ModSecurity v2.5.4 is a maintenance release, which fixes an issue with transformation caching that would, in some cases, cause targets to be incorrectly transformed.

ModSecurity Console v1.0.5
(May 7, 2008)
ModSecurity Console v1.0.5 fixes a small bug when displaying multipart requests.

ModSecurity v2.5.3
(April 25, 2008)
ModSecurity v2.5.3 is a maintenance release, which fixes a few small defects in the code and in the rules. This version also allows macros to be expanded in the expirevar and deprecatevar actions.

ModSecurity Console v1.0.4
(April 25, 2008)
ModSecurity Console v1.0.4 fixes a small regression introduced in v1.0.3.

ModSecurity Console v1.0.3
(April 15, 2008)
ModSecurity Console v1.0.3 brings performance improvements, SSL mode by default, and support for the new K part of the audit log (available since ModSecurity v2.5).

ModSecurity v2.1.7 and v2.5.2
(April 3, 2008)
ModSecurity v2.1.7 and v2.5.2 are maintenance releases, which fix a few small issues.


What Is ModSecurity?

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

It is also an open source project that aims to make the web application firewall technology available to everyone.

Books

Apache Security cover

Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O'Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.

Preventing Web Attacks with Apache cover

Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.

Breach

Support/Mailing lists

Community support is available on the mod-security-users/lists.sourceforge.net mailing list. You must subscribe first (by clicking here) in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

Commercial support and appliances based on ModSecurity can be obtained from Breach Security.

Getting Started

 ModSecurity FAQ
Web Intrusion Detection with ModSecurity (ApacheCon Europe 2008)
Introducing ModSecurity
Introducing Core Rules
ModSecurity 2 Deployment
ModSecurity 2 Rule Language
Securing Web Services with ModSecurity 2
Ajax Fingerprinting and Filtering with ModSecurity 2

External Links

ModSecurity 2.0 with Ivan Ristic
ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time patching for closed source applications.

Web Application Firewalls Primer
Introduction to Web Application Firewalls, published in INSECURE Magazine 1.5.

Talks

Our talks are available for download following the links below:

Web Application Firewalls:
When Are They Useful?
(May 31, 2006)
ModSecurity Elevator Pitch
(February 20, 2006)
Threat Modelling for Web Applications
(January 27, 2006)
Apache Security Training
(October 27, 2005)
Web Intrusion Detection with ModSecurity
(October 27, 2005)
ModSecurity Status
Stable: 2.5.5 (6 June 2008)
Older-Stable: 2.1.7 (3 Apr 2008)

ModSecurity Blog

Jul 15, 2008
Enough With Default Allow in Web Applications!
The title of this blog post is also the title of a research paper we are currently working on. Although the paper is still in draft form, we've decided to circulate it widely (download here) because we believe a public...

Jul 10, 2008
Web Application Firewall Use Cases Update
My list of web application firewall use cases continues to involve. I've decided to shuffle things somewhat: I am going to remove the "Network building blocks" use case because that is really a feature of reverse proxies. If a WAF...

Jul 8, 2008
XSS Defense HOWTO
We all agree that cross-site scripting is a serious problem, but what continues to amaze me is the lack of good documentation on the subject. It is easy to find instructions how to execute attacks against applications vulnerable to XSS,...

Jul 3, 2008
ModSecurity In HP-UX Internet Express
We receive questions about ModSecurity running on HP-UX from time to time, but since we don't have access to the platform there is very little we can do to help. Fortunately, most questions fall into the "Does it run?" category....