Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Major updates to ModSecurity in 1.9dev3

This version implements the final batch of major improvements to the 1.9.x series. These include a completely new audit logging subsystem intended for real-time audit log aggregation, audit logging based on response status code, support for PUT uploads, stateful denial of service defence through httpd-guardian (an external monitoring process), significantly improved support for rule inheritance (import from parent context, remove from current context, mandatory inheritance, etc.), and many smaller improvements.

The new version is available for immediate download. I'll follow up soon with in-depth explanations of a few of the more exciting features.