ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. It can also monitor the HTTP traffic in real time in order to detect attacks. In this case ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems.
ModSecurity 2.8.0 includes many new features including:
- Status Reporting
- JSON request body parser
- support for white list on connection limits
- @detectXSS operator
- FULL_REQUEST and FULL_REQUEST_LENGTH variables.
In addition to new functionality, developers have also improved the following:
- Debug and Troubleshooting Documentation
- Testing Platforms
- Project Development Metrics.
Many other bug fixes were also included:
- Correctly handling inet_pton in IIS version
- Nginx was missing a terminator while the charset string was mounted
- Added mod_extract_forwarded.c to run before mod_security2.c
- Added missing environment variables to regression tests
- Build system is now more flexible by looking at liblua at: /usr/local/lib
- Fixed typo in README file
- Removed the non standard compliant HTTP response status code 44 from modsecurity recommended file
- Fixed segmentation fault if it fails to write on the audit log
- Not rejecting a larger request with ProcessPartial. Regression tests were also added
- Fixed UF8 to unicode conversion. Regression tests were also added
- Avoiding segmentation fault by checking if a structure is null before access its members
- Removed double charset-header that used to happen due a hardcoded charset in Nginx implementation Now alerting the users that there is no memory to proceed loading the configuration instead of just die
- If SecRuleEngine is set to Off and SecRequestBodyAccess On Nginx returns error 500. Standalone is now capable to identify whenever ModSecurity is enabled or disabled, independently of ModSecurity core
- Fixed missing headers on Nginx whenever SecResponseBodyAccess was set to On and happens to be a filter on phase equals or over 3.
- IIS is now picking the correct version of AppCmd while uninstalling or installing ModSecurityISS.