ModSecurity Open Source Web Application Firewall
ModSecurity(TM) is an open source intrusion detection and prevention
engine for web applications (or a web application firewall). Operating
as an Apache Web server module or standalone, the purpose of
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.
- Links to DISCONTIN...USE:11.2 / apache2-m...ecurity2
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Evergreen:11.2:Test/apache2-mod_security2 && cd $_ - Create Badge
Refresh
Refresh
Source Files (show unmerged sources)
| Filename | Size | Changed |
|---|---|---|
|
ModSecurity-Frequently-Asked-Questions-FAQ.html.bz |
0000011838 11.6 KB | |
| README-SUSE-mod_security2.txt | 0000000321 321 Bytes | |
| Reference-Manual.html.bz2 | 0000060381 59 KB | |
|
SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb. |
0000279879 273 KB | |
| apache2-mod_security2.changes | 0000005483 5.35 KB | |
| apache2-mod_security2.spec | 0000005237 5.11 KB | |
| mod_security2.conf | 0000010852 10.6 KB | |
| modsecurity-apache_2.7.5-build_fix_pcre.diff | 0000009233 9.02 KB | |
| modsecurity-apache_2.7.5.tar.gz | 0001045387 1020 KB | |
| modsecurity_diagram_apache_request_cycle.jpg | 0000046799 45.7 KB |
Latest Revision
Stefan Lijewski (lijews)
accepted
request 185604
from
Roman Drahtmueller (draht)
(revision 2)
- complete overhaul of this package, with update to 2.7.5.
- ruleset update to 2.2.8-0-g0f07cbb.
- new configuration framework private to mod_security2:
/etc/apache2/conf.d/mod_security2.conf loads
/usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
then /etc/apache2/mod_security2.d/*.conf , as set up based on
advice in /etc/apache2/conf.d/mod_security2.conf
Your configuration starting point is
/etc/apache2/conf.d/mod_security2.conf
- !!! Please note that mod_unique_id is needed for mod_security2 to run!
- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
linker parameter, preventing rpath in shared object.
- fixes contained for the following bugs:
* CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
* [bnc#768293] multi-part bypass, minor threat
* CVE-2013-1915 [bnc#813190] XML external entity vulnerability
* CVE-2012-4528 [bnc#789393] rule bypass
* CVE-2013-2765 [bnc#822664] null pointer dereference crash
- new from 2.5.9 to 2.7.5, only major changes:
* GPLv2 replaced by Apache License v2
* rules are not part of the source tarball any longer, but
maintaned upstream externally, and included in this package.
* documentation was externalized to a wiki. Package contains
the FAQ and the reference manual in html form.
* renamed the term "Encryption" in directives that actually refer
to hashes. See CHANGES file for more details.
* new directive SecXmlExternalEntity, default off
* byte conversion issues on s390x when logging fixed.
* many small issues fixed that were discovered by a Coverity scanner
* updated reference manual
Comments 0