Book Review : ModSecurity 2.5

In my previous post, I wrote about ModSecurity book that will be published by Packt Publishing. In November 24, 2009, I received the book in PDF format.

The book is titled “ModSecurity 2.5:Securing your Apache installation and web applications” and authored by Magnus Mischel. It contains nine chapters and covers the topic from the installation to deployment of ModSecurity.

Continue Reading »

Book Info : ModSecurity 2.5 Book

Currently there is no specific book yet on ModSecurity although it has become a popular open source web application firewall.

Fortunately, last week I got information that Packt Publishing will publish a ModSecurity 2.5 book in November 2009. The book is authored by Magnus Mischel, the founder and director of Mischel Internet Security.

Reading through the book website, it  seems very promising to help the reader in setting up and configuring ModSecurity to secure their web applications. Let’s hope the book will fulfill all of it’s goals.

I am looking forward to read and review this book.

ModSecurity 2.5.11

ModSecurity version 2.5.11 has been released.

Here are several changes in this release according to the CHANGES file included in the tarball.

• Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be set true if any invalid quoting is found during multipart parsing.
• Fixed parsing quoted strings in multipart Content-Disposition headers. Discovered by Stefan Esser.
• Cleanup persistence database locking code.
• Added warning during configure if libcurl is found linked against gnutls for SSL.  The openssl lib is recommended as gnutls has proven to cause issues with mutexes and may crash.
• Cleanup some mlogc (over)logging.
• Do not log output filter errors in the error log.
• Moved output filter to run before other stock filters (mod_deflate, mod_cache, mod_expires, mod_filter) to avoid analyzing modified data in the response.  Patch originally submitted by Ivan Ristic.

I’ve also updated my RPM spec file (for OpenSUSE 11.x).