Topic: ModSecurity 1.9.4 released

[Steffen]

ModSecurity 1.9.4 has been released. The Win32 binary is available for immediate download from the Apache Lounge

Changes since 1.9.3:

* Request headers that are analysed are now fetched from the header cache. This prevents the potential headers table (the real one) being changed on a rule match - which is only an issue in detection-only mode.

* Enhanced memory utilisation. Plus, the memory for the request body is now allocated from the OS directly so that it can be released back to it faster (Apache keeps the memory for itself even after it is freed.)

* Added an one-liner to deal with weird IE multipart/form-data behaviour.


Steffen

[dynmosaic]

Stephen,

After I just updated to ModSecurity_1.9.4 from 1.9.3, when I was updating my website, using MamboServer 4.5.3h stable, MySQL 5.0.21, my web server version is Apache/2.2.2 (Win32) mod_ssl/2.2.2 OpenSSL/0.9.8a PHP/5.1.4

I got hit an access denied message, here is the info from sec_audit.log file:

mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "update.+set.+=" at POST_PAYLOAD [msg "SQL Injection attack"] [severity "EMERGENCY"]

I temporarly took this out in the conf, eveything is fine. However, I would like to ask you why this is causing trouble, is this an enhancement in 1.9.4 which does not exist in 1.9.3?

Could you also explain to me this line in the conf, as I don't understand it very well and just followed your (or someone else') advice in using it

SecFilterSelective ARGS "update.+set.+="

Thanks,

Dyn