Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

ModSecurity Cookie and Link Protection Patch

A significant event occurred on the mod-security-users mailing list in July: a large code contribution was made by Daniel Fernndez Bleda and Carles Bonamusa Prez from Internet Security Auditors. The patch, made against ModSecurity 1.9.4, adds cookie and link protection using hashing and encryption. The patch is now available for download from the ModSecurity web site. Please note that the code is not yet production ready and that you should use it for testing purposes only. I expect to merge this code into the official code base soon (targeting the next stable release after 2.0.0).