Over the weekend I worked on adding the multipart/form-data support to mod_security. As a result, the Apache 1.x version in CVS now supports it. It still needs to be polished, of course, but this feature opens a door for other interesting features, such as intercepting file uploads. For every uploaded file you will be able to invoke a script to verify it (grep, anti-virus, whatever...), or to store the file for analysis later. This is the last large chunk of functionality I wanted to have before labeling mod_security v2.0 and I am glad it is getting closer.
Blogs & Stories
Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.