ModSecurity is an intrusion detection andprevention engine for Web applications (sometimes called a Web application firewall). Operating embedded or as part of an Apache reverse proxy, it increases Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure. It monitors HTTP traffic (including POST payloads), detects or prevents attacks, enhances logging, performs anti-evasion, and allows administrators to create custom rules to suit their specific needs. It excels in HTTP traffic monitoring and just-in-time vulnerability patching.
License: GNU General Public License v2
Changes:
This version includes an updated Core Ruleset (version 1.5.1). Phase 5 rules can now be removed via SecRuleRemoveBy* directives, and an issue is fixed where only the first phase 5 rule would run when the request was intercepted in an earlier phase. The escapeSeqDecode transformation now better follows ANSI C escapes, and a minor configuration parsing issue is fixed so that disruptive actions, meta actions, and phases are no longer allowed in a chained rule (as originally intended).
More...