- Apply filters against any part of the request (URI, headers, either GET or POST)
- Apply filters against individual parameters
- Reject SQL injection attacks
- Reject Cross site scripting attacks
- Output filtering has been added to Apache 2.x.
- The ability to filter cookies directly has been added.
- Apache can now pretend to be some other Web server through the SecServerSignature directive.
- Three new actions: "allow" to finish filter processing and let the request through, "chain" to chain several filter together (logical AND), and "skipnext" to skip over filters.
- A new anti-evasion technique to fight null-byte attacks.
- Finally, the module now runs on Netware.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.