Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Small but important improvements in ModSecurity 1.9.3

I have just released ModSecurity for Apache 1.9.3-rc1, a release candidate, as I always do when there are less than trivial changes in a release. I normally do not add new features to a stable branch, but I was recently testing ModSecurity Console and realised a few small changes could yield significant improvements to the users. It's not a problem for me since I'm always running the development version anyway but I expect people will be using 1.9.x for months to come. Adding the improvements to the development branch (2.x) was out of the question. The improvements are as follows:

  • New action, logparts, can be used to change what is logged to the audit log on the per-request basis. This is pretty exciting as it allows you, for example, to not log the response bodies by default, but to do log them for transactions where the bodies contain suspicios content.
  • New variables, SCRIPT_BASENAME and REQUEST_BASENAME, make it easier to look at the filenames and, especially, at their extensions. This makes it easier to ignore certain transactions (e.g. static files) and focus on the important stuff.
  • Multiple messages are now supported per transaction (in the audit log). Yay! This is great for people that wish to use ModSecurity as an intrusion detection tool only.