Dear WAF-FLE users,
after a long time working in many things no waf-fle related (time still short), and with the help of many valuable users, I’m releasing the version 0.6.0 (final) of WAF-FLE (download: waf-fle_0.6.0.tar.gz)
This version keep all features and improvements from of 0.6.0-rc, and making room for new features in next version. I’d like to say a thank you to all users that had submitted bug reports and helped to improve this version.
All users should considering upgrade to this version once it corrected many bugs (from version 0.5.x and 0.6.0-rcX).
The mosts important change was a better parsing of logs.
Read the ChangeLog file a complete list of bug fixed.
A new release 0.6.0-rc2 is available. A issue prevent user to create a new sensor, something essential do WAF-FLE usage.
To use just replace the old files with all included in this package.
Today the WAF-FLE Project is proud to release a new version of WAF-FLE: 0.6.0-RC1 (Release Candidate 1). This is a major release, with many new features, improvements and bug fixes (see ChangeLog for a complete list of changes).
The more relevant features in this version are:
- Filter enabled Dashboard: Now you can use the filter in dashboard, all charts and tables are clickable, enabling the drill-down data on dashboard, updating the charts and tables to reflect the filter.
- Delete events by filter: now you can use the filter to delete events at once, turning much more easier, for example exclude false positive events.
- Compression of full events: You can choice if you want to compress full events (used to download raw events), make a huge difference in disk space used by database (saving around 60% of space).
- You can define a if WAF-FLE should use a header like X-Forwarded-For or X-Real-IP like source of source address in events. Very useful when you have a reverse proxy in front of ModSecurity. You can customize wich header should be used.
- Support to ModSecurity 2.7 Engine-Mode variable, to let you know if an event has allowed (but logged) or if the sensor are in detection-only mode.
- GeoIP support in dashboard, event and filter.
- Setup script: to help in dependencies check, database creation/migration, making much more quick a setup in platforms where installation dependencies are not easily known.
- mlog2waffle: a daemon to work as a replacement to mlogc. It is written in perl, and can work as service feeding events to WAF-FLE in real time or scheduled in crontab. It must to be considered in beta stage, but seen to be reliable and fast.
- Sensors and users management interface much improved, with more information and options.
- Improved ModSecurity events parsing, supporting some new fields like stopwatch2.
You can download it in http://www.waf-fle.org/download/
You can access WAF-FLE demo in http://www.waf-fle.org/demo/
Any issue in this release can be filled http://www.waf-fle.org/support/ (issue tracker or mailinglist)
Best regards and good waf-fling,
The WAF-FLE Project
I just release the version 0.5.1 of WAF-FLE as a bugfix.
The main fix was a mistake in timezone treatment (for events reception) for countries ahead of UTC ( ie, +0200), along other minor bug fix and code cleanup.
To download check the Download page
As requested by some modsecurity users, we have now a page where you can see the WAF-FLE screenshots.
As the version will evolve, I’ll update it.
To help on user support we have created an discussion list where you will can solve your doubts about WAF-FLE usage and configuration, and you can share experience. To start now on discussion list check out Support page.
For those that are needing report a bug or even make a feature request, is available now the Issue Tracking, hosted at Google Code.
You can use: http://code.google.com/p/waf-fle/issues/list
Today I’m happy to release, the first version of WAF-FLE (version 0.5), at OWASP AppSec’11 Latam, a new console for Modsecurity , that fills the gap for a OpenSource console for modsecurity.
The code is (as probably all initial releases) subject to bugs, and should be used with care, but my own use shows that it can handle lots of events even in an old server. Supporting peaks of 180 events per second, keeping more than 10 million events in the database (with tittle performance degradation).
I believe that the Filter (used to drill down events) is the most significant feature in this release, once it allows the user to quickly find an event or filter out what he doesn’t want.
Your feedback is very important to improve its quality.
The WAF-FLE Project