First development release of ModSecurity 2.x

It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:

  • Transaction scoring.
  • IP address tracking and blacklisting.
  • IP address scoring.
  • RPC API.
  • Functions (e.g. you are no longer confined to using only regular expressions in rules).
  • Real-time Black List (RBL) support.
  • Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.

The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.

P.S. There is no support for Apache 1.x in this development release.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.