Breach Security announced the latest version of its open source ModSecurity web application firewall. The latest release, ModSecurity v2.5, offers a significant improvement in performance using set-based parallel text matching, as well as automated rule update capabilities, and a robust scripting language interface. New features include detection of credit card numbers and the ability to set policy based on the geography of an attacker.
Using set-based parallel matching, ModSecurity now processes requests much faster while using fewer resources. With ModSecurity v2.5, users can incorporate large lists of patterns, such as spam keywords and black-listed IP addresses into ModSecurity with very little effort and without impacting performance.
In addition to performance enhancements, the new version also features an automated rule updates capability. ModSecurity deployments frequently rely on rule sets obtained from third-party developers, for example, Breach Security distributes ModSecurity Core Rules freely under GPLv2. While the installation of these rule sets is quick and easy, maintenance can be difficult and time consuming. Because changes and new discoveries are frequent in the dynamic field of web application security, the high cost of rule set maintenance is effectively reducing the usefulness of web application firewalls. To help address this problem, ModSecurity v2.5 includes a tool that can be used to periodically check a ModSecurity Rules server to ensure that rules are up-to-date.
ModSecurity v2.5 also includes LUA, a high-speed scripting language commonly used in the gaming world. By incorporating a full-blown scripting language, ModSecurity provides more flexibility to rules writers. LUA can be used to add custom anti-evasion transformations specific to the protected application, perform complex logic between conditions and apply mathematical expressions to parameters before validating them.