Package apache2-mod_security: Information

    Source package: apache2-mod_security
    Version: 2.5.9-alt1
    Build time:  Mar 31, 2009, 03:22 AM
    Category: System/Servers
    Report package bug
    License: GPLv2
    Summary: Tighten web applications security for Apache 2.x
    Description: 
    ModSecurity is an Apache 1.x/2.x module whose purpose is to tighten the Web
    application security. Effectively, it is an intrusion detection and prevention
    system for the web server.
    
    At the moment its main features are:
    * Audit log; store full request details in a separate file, including POST
    payloads.
    * Request filtering; incoming requests can be analysed and offensive requests
    can be rejected (or simply logged, if that is what you want). This feature
    can be used to prevent many types of attacks (e.g. XSS attacks, SQL
    injection, ...) and even allow you to run insecure applications on your
    servers (if you have no other choice, of course).

    List of rpms provided by this srpm:
    apache2-mod_security (x86_64, i586)
    apache2-mod_security-doc (noarch)

    Maintainer: Nikolay A. Fetisov



      1. libaprutil1-devel
      2. rpm-build-licenses
      3. gcc-c++
      4. libpcre-devel
      5. libcurl-devel
      6. apache2-devel >= 2.2.5
      7. apache2-httpd-prefork
      8. libxml2-devel

    Last changed


    March 30, 2009 Nikolay A. Fetisov 2.5.9-alt1
    - New version:
      + Security fix: remote DoS when parsing multipart content with 
        a missing part header name
      + Security fix: potential DoS when PDF XSS protection is enabled
    - Fix default configuration
    Feb. 22, 2009 Nikolay A. Fetisov 2.5.7-alt3
    - Fix default configuration
    Dec. 14, 2008 Nikolay A. Fetisov 2.5.7-alt2
    - Move filtering rules to the /etc/mod_security2
    - Build documentation sub-package as noarch