ModSecurity Open Source Web Application Firewall
ModSecurity(TM) is an open source intrusion detection and prevention
engine for web applications (or a web application firewall). Operating
as an Apache Web server module or standalone, the purpose of
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.
- Links to DISCONTIN...USE:11.2 / apache2-m...ecurity2
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Evergreen:11.2:Test/apache2-mod_security2 && cd $_
- Create Badge
Refresh
Refresh
Source Files (show unmerged sources)
Filename | Size | Changed |
---|---|---|
ModSecurity-Frequently-Asked-Questions-FAQ.html.bz |
0000011838 11.6 KB | |
README-SUSE-mod_security2.txt | 0000000321 321 Bytes | |
Reference-Manual.html.bz2 | 0000060381 59 KB | |
SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb. |
0000279879 273 KB | |
apache2-mod_security2.changes | 0000005483 5.35 KB | |
apache2-mod_security2.spec | 0000005237 5.11 KB | |
mod_security2.conf | 0000010852 10.6 KB | |
modsecurity-apache_2.7.5-build_fix_pcre.diff | 0000009233 9.02 KB | |
modsecurity-apache_2.7.5.tar.gz | 0001045387 1020 KB | |
modsecurity_diagram_apache_request_cycle.jpg | 0000046799 45.7 KB |
Latest Revision
Stefan Lijewski (lijews)
accepted
request 185604
from
Roman Drahtmueller (draht)
(revision 2)
- complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs: * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling * [bnc#768293] multi-part bypass, minor threat * CVE-2013-1915 [bnc#813190] XML external entity vulnerability * CVE-2012-4528 [bnc#789393] rule bypass * CVE-2013-2765 [bnc#822664] null pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes: * GPLv2 replaced by Apache License v2 * rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. * documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. * renamed the term "Encryption" in directives that actually refer to hashes. See CHANGES file for more details. * new directive SecXmlExternalEntity, default off * byte conversion issues on s390x when logging fixed. * many small issues fixed that were discovered by a Coverity scanner * updated reference manual
Comments 0