Trustwave's SpiderLabs has announced the availability of version 2.8.0 of ModSecurity, the open-source, cross-platform Web application firewall (WAF) engine for IIS, Apache and Nginx.The latest version comes with status reporting, a JSON request body parser and @detectXSS operator. The list of new features also includes FULL_REQUEST and FULL_REQUEST_LENGTH variables, and SecConnReadStateLimit and SecConnWriteStateLimit directives.
The status reporting feature enables the tool’s developers to obtain usage data such as number of users, operating systems, software versions and web server platforms.
With the integration of the JSON parser, ModSecurity will automatically parse request body content when multipart/form-data or www-x-form-urlencoded Content-Type headers are detected.
The @detecXSS operator is used to identify possible cross-site scripting (XSS) attacks by leveraging the most recent libinjection code.
A total of 18 bugs have also been fixed with this release. In the upcoming releases, in addition to new features, SpiderLabs will also integrate Solaris and FreeBSD support on the regression test platform, better documentation on how to build ModSecurity on various platforms, and information on how to contribute to the project.
For additional details on the latest version of ModSecurity, check out the SpiderLabs blog. The full release notes are available on GitHub. You can download ModSecurity from Softpedia’s Scripts section.