logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: ModSecurity 1.9.4 released
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2783
Location: Hilversum, NL, EU

PostPosted: Mon 15 May '06 19:32    Post subject: ModSecurity 1.9.4 released Reply with quote

ModSecurity 1.9.4 has been released. The Win32 binary is available for immediate download from the Apache Lounge

Changes since 1.9.3:

* Request headers that are analysed are now fetched from the header cache. This prevents the potential headers table (the real one) being changed on a rule match - which is only an issue in detection-only mode.

* Enhanced memory utilisation. Plus, the memory for the request body is now allocated from the OS directly so that it can be released back to it faster (Apache keeps the memory for itself even after it is freed.)

* Added an one-liner to deal with weird IE multipart/form-data behaviour.


Steffen
Back to top
dynmosaic



Joined: 15 Dec 2005
Posts: 10

PostPosted: Sun 21 May '06 6:35    Post subject: Have problem with ModSecurity_1.9.4 Reply with quote

Stephen,

After I just updated to ModSecurity_1.9.4 from 1.9.3, when I was updating my website, using MamboServer 4.5.3h stable, MySQL 5.0.21, my web server version is Apache/2.2.2 (Win32) mod_ssl/2.2.2 OpenSSL/0.9.8a PHP/5.1.4

I got hit an access denied message, here is the info from sec_audit.log file:

mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "update.+set.+=" at POST_PAYLOAD [msg "SQL Injection attack"] [severity "EMERGENCY"]

I temporarly took this out in the conf, eveything is fine. However, I would like to ask you why this is causing trouble, is this an enhancement in 1.9.4 which does not exist in 1.9.3?

Could you also explain to me this line in the conf, as I don't understand it very well and just followed your (or someone else') advice in using it

SecFilterSelective ARGS "update.+set.+="

Thanks,

Dyn
Back to top


Reply to topic   Topic: ModSecurity 1.9.4 released View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules