ModSecurity for Apache 1.9 has been released!
Finally. I already wrote about many new features available in this release. Relieved from the pressure caused by a long delay between stable releases I can now go and add more features. (Goes away and looks at the TODO list.) Some of the things that are likely to find their way into ModSecurity in the near future are:
- Positive security model, backed by automatically generated rules.
- Per-rule configuration of normalisation techniques.
- Request rating.
- Stateful operation and session rating.
Hmmm, I wonder which of these I should do first. Have your say!