Wubi Posted July 24, 2012 Report Posted July 24, 2012 July 24, 2012 By Mayuresh Our first post regarding ModSecurity can be found here. A few hours ago, an update – ModSecurity version 2.6.7 - was released.“ModSecurity is an open source, free web application firewall (WAF) Apache module, that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity employs the following security models:Negative Security Model – looks for known bad, malicious requests. This method is effective at blocking a large number of automated attacks, however it is not the best approach for identifying new attack vectors. Using too many negative rules may also negatively impact performance.Positive Security Model – When positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This approach works best with applications that are heavily used but rarely updated.Virtual Patching – Its rule language makes ModSecurity an ideal external patching tool. External patching is all about reducing the window of opportunity. Time needed to patch application vulnerabilities often runs to weeks in many organizations. With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is produced.Extrusion Detection Model – ModSecurity can also monitor outbound data and identify and block information disclosure issues such as leaking detailed error messages or Social Security Numbers or Credit Card Numers.”Official ModSecurity 2.6.7 change log:Fixed Perl Compatible Regular Expressions (PCRE) mismtach version warning message (Thanks Victor Julien).Fixed explicit target replacement using SecUpdateTargetById was broken.The ctl:ruleUpdateTargetById is deprecated and will be removed for future versions since there is no safe way to use it per-request.Added ctl:ruleRemoveTargetById that can be used to exclude targets to be processed per-request.Download ModSecurity:ModSecurity 2.6.7 – modsecurity-apache_2.6.7.tar.gzSursa: PenTestIT — Your source for Information Security Related information! Quote
