It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:
- Transaction scoring.
- IP address tracking and blacklisting.
- IP address scoring.
- RPC API.
- Functions (e.g. you are no longer confined to using only regular expressions in rules).
- Real-time Black List (RBL) support.
- Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.
The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.
P.S. There is no support for Apache 1.x in this development release.