Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: ModSecurity 1.9.4 released |
|
Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Mon 15 May '06 19:32 Post subject: ModSecurity 1.9.4 released |
|
|
ModSecurity 1.9.4 has been released. The Win32 binary is available for immediate download from the Apache Lounge
Changes since 1.9.3:
* Request headers that are analysed are now fetched from the header cache. This prevents the potential headers table (the real one) being changed on a rule match - which is only an issue in detection-only mode.
* Enhanced memory utilisation. Plus, the memory for the request body is now allocated from the OS directly so that it can be released back to it faster (Apache keeps the memory for itself even after it is freed.)
* Added an one-liner to deal with weird IE multipart/form-data behaviour.
Steffen |
|
Back to top |
|
dynmosaic
Joined: 15 Dec 2005 Posts: 10
|
Posted: Sun 21 May '06 6:35 Post subject: Have problem with ModSecurity_1.9.4 |
|
|
Stephen,
After I just updated to ModSecurity_1.9.4 from 1.9.3, when I was updating my website, using MamboServer 4.5.3h stable, MySQL 5.0.21, my web server version is Apache/2.2.2 (Win32) mod_ssl/2.2.2 OpenSSL/0.9.8a PHP/5.1.4
I got hit an access denied message, here is the info from sec_audit.log file:
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "update.+set.+=" at POST_PAYLOAD [msg "SQL Injection attack"] [severity "EMERGENCY"]
I temporarly took this out in the conf, eveything is fine. However, I would like to ask you why this is causing trouble, is this an enhancement in 1.9.4 which does not exist in 1.9.3?
Could you also explain to me this line in the conf, as I don't understand it very well and just followed your (or someone else') advice in using it
SecFilterSelective ARGS "update.+set.+="
Thanks,
Dyn |
|
Back to top |
|
|
|
|
|
|