logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.




ModSecurity 1.9.4 released

 
Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2662
Location: Hilversum, NL, EU

PostPosted: Mon 15 May '06 19:32    Post subject: ModSecurity 1.9.4 released Reply with quote

ModSecurity 1.9.4 has been released. The Win32 binary is available for immediate download from the Apache Lounge

Changes since 1.9.3:

* Request headers that are analysed are now fetched from the header cache. This prevents the potential headers table (the real one) being changed on a rule match - which is only an issue in detection-only mode.

* Enhanced memory utilisation. Plus, the memory for the request body is now allocated from the OS directly so that it can be released back to it faster (Apache keeps the memory for itself even after it is freed.)

* Added an one-liner to deal with weird IE multipart/form-data behaviour.


Steffen
Back to top
dynmosaic



Joined: 15 Dec 2005
Posts: 10

PostPosted: Sun 21 May '06 6:35    Post subject: Have problem with ModSecurity_1.9.4 Reply with quote

Stephen,

After I just updated to ModSecurity_1.9.4 from 1.9.3, when I was updating my website, using MamboServer 4.5.3h stable, MySQL 5.0.21, my web server version is Apache/2.2.2 (Win32) mod_ssl/2.2.2 OpenSSL/0.9.8a PHP/5.1.4

I got hit an access denied message, here is the info from sec_audit.log file:

mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "update.+set.+=" at POST_PAYLOAD [msg "SQL Injection attack"] [severity "EMERGENCY"]

I temporarly took this out in the conf, eveything is fine. However, I would like to ask you why this is causing trouble, is this an enhancement in 1.9.4 which does not exist in 1.9.3?

Could you also explain to me this line in the conf, as I don't understand it very well and just followed your (or someone else') advice in using it

SecFilterSelective ARGS "update.+set.+="

Thanks,

Dyn
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules
Page 1 of 1