ModSecurity Cookie and Link Protection Patch
A significant event occurred on the mod-security-users mailing list in July: a large code ...
Read MoreModSecurity Performance Tip
I was asked recently to investigate performance of an ModSecurity installation in order to see if ...
Read MoreApache Reverse Proxy Memory Consumption Observations
Last week I spent some time stress-testing Apache 2.2.3 configured to work as a reverse proxy. I ...
Read MoreModSecurity 1.9.x Performance Testing
You can tell that I am too busy when I take almost three months to blog about something interesting ...
Read MoreForrester Research Q2 2006 Web Application Firewall Evaluation
Back in March 2006 I was approached by Forrester Research and invited to participate in their Q2 ...
Read MoreYahoo Small Business offers 'ModSecurity-like' functionality
I just came across this and can't help but make a note about it: A web hosting package offered by ...
Read MoreModSecurity 2: Variables, Collections and Transaction Scoring
Variables and collections are concepts new to ModSecurity 2. ModSecurity 1.x does allow you to use ...
Read MoreModSecurity Console Now Available
I love the command line, I do. But there are some tasks where this type of user interface is simply ...
Read MoreModSecurity 2: Explicit Normalisation Options
One of the things I realy dislike in ModSecurity 1.x is that its anti-evasion features are ...
Read MoreSecure Browsing Mode Proposal
It's very well known (and even widely accepted) that our current web application deployment model ...
Read MoreJailing Apache On Windows
Yury Zaytsev wrote to me recently to tell me about his experiences in jailing Apache on Windows. ...
Read MoreEmbeddable Web Application Firewalls and Impedance Mismatch
Some of you may remember I wrote about impedance mismatch that occurs between security layers. Ryan ...
Read MoreModSecurity for Apache 2.0.0-beta-3 now available!
I have been awfully quiet recently, having made my last post to this blog in late March. I have a ...
Read MoreApache suEXEC chroot patch
I was recently involved with a project where we needed to configure an Apache server that was ...
Read MoreFirst development release of ModSecurity 2.x
It's that time of year again, when I get to work on new features (instead of supporting the old ...
Read MoreSmall but important improvements in ModSecurity 1.9.3
I have just released ModSecurity for Apache 1.9.3-rc1, a release candidate, as I always do when ...
Read MoreModSecurity Elevator Pitch at EUSecWest
I spent some time this week at the EUSecWest conference here in London. EUSecWest is a ...
Read MoreWeb application firewalls primer
(IN)SECURE Magazine Issue 1.5 has just been published. I wrote the cover story, titled "Web ...
Read MoreModSecurity Rules subproject added
If you are a ModSecurity user you may have noticed that I am distributing ModSecurity without any ...
Read MoreMassive performance improvements for Apache 1.x users in ModSecurity 1.9.2-rc2
Some ModSecurity users like to run really large rule sets, where the number of rules runs into ...
Read MoreModSecurity 1.9 article on O'Reilly Network
My article ("What's New in ModSecurity"), which describes the most important improvements in 1.9, ...
Read MorePositive security model in ModSecurity
One of the major improvements in the next release of ModSecurity (v2.0) will be the support for a ...
Read MoreModSecurity for Apache 1.9 has been released!
Finally. I already wrote about many new features available in this release. Relieved from the ...
Read MoreDraft from the Web Application Firewall Evaluation Criteria project
The web application firewall (WAF) market is a bit confusing at the moment since it is not clear ...
Read MoreA few more features made it into ModSecurity 1.9
A small number of new features made it into 1.9 at the very last minute. Initially I intended to ...
Read MoreApache 2.1.7 beta released
A new beta version of the Apache web server has been released. This release is important because it ...
Read MoreWhat's new in ModSecurity 1.9
You may have noticed it's been a while since ModSecurity has had a major release. This does not ...
Read MoreMajor updates to ModSecurity in 1.9dev3
This version implements the final batch of major improvements to the 1.9.x series. These include a ...
Read More