News and updates
29.7.2004 - mod_security 1.8.4
This is a maintenance release, which fixes the minor problems found in v1.8.3.
7.7.2004 - mod_security 1.8.3
This is a maintenance release, which fixes the minor problems found in previous versions.
22.6.2004 - mod_security 1.8.2
This is a maintenance release, which fixes all the known issues in 1.8.
15.6.2004 - mod_security 1.8
After more than six months of development, resulting in a 40% larger code base, a stable version of the 1.8 branch is available.
11.6.2004 - mod_security 1.8RC2
The second release candidate fixes a few small bugs and greatly enhances the way events are logged into the error log.
26.5.2004 - mod_security 1.8RC1
A step closer to a stable release, 1.8RC1 includes many small improvements and fixes, and compiles under Windows and Netware. Users are encouraged to test this version and prepare for the final 1.8 release.
12.5.2004 - Anouncement: Apache Security, the book
I am happy to announce I have been commissioned to write Apache Security for O'Reilly. This book will be one comprehensive resource for all Apache security-related matters, covering traditional administration and web application security at the same time. All the information you need to maintain a solid and secure Apache installation will be provided in one package. The book is scheduled for release in late 2004.
ModSecurity/Java is an implementation of the ModSecurity concepts for Java Web servers. A prototype implementation is available for download.
The purpose of this release is to gauge the interest for the full version of ModSecurity for Java Web servers. Therefore if you like it, want it, and otherwise think of it as a very good idea - be sure to let me know.
Running public web applications may seem like playing Russian roulette. Although achieving robust security on the Web is possible in theory, there's always a weak link in real life. It only takes one slip of the code to allow attackers unrestricted access to your data.
Web Security Appliance with Apache and mod_security
As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. This article will demonstrate how you can build your own application gateway with little effort, using open source components that are widely available.