WAF-FLE » modsecurity, WAF-FLE

Version 0.6.0-rc1 available

Today the WAF-FLE Project is proud to release a new version of WAF-FLE: 0.6.0-RC1 (Release Candidate 1). This is a major release, with many new features, improvements and bug fixes (see ChangeLog for a complete list of changes).

The more relevant features in this version are:

  • Filter enabled Dashboard: Now you can use the filter in dashboard, all charts and tables are clickable, enabling the drill-down data on dashboard, updating the charts and tables to reflect the filter.
  • Delete events by filter: now you can use the filter to delete events at once, turning much more easier, for example exclude false positive events.
  • Compression of full events: You can choice if you want to compress full events (used to download raw events), make a huge difference in disk space used by database (saving around 60% of space).
  • You can define if WAF-FLE should use a header like X-Forwarded-For or X-Real-IP like source of source address in events. Very useful when you have a reverse proxy in front of ModSecurity. You can customize wich header should be used.
  • Support to ModSecurity 2.7 Engine-Mode variable, to let you know if an event has allowed (but logged) or if the sensor are in detection-only mode.
  • GeoIP support in dashboard, event and filter.
  • Setup script: to help in dependencies check, database creation/migration, making much more quick a setup in platforms where installation dependencies are not easily known.
  • mlog2waffle: a daemon to work as a replacement to mlogc. It is written in perl, and can work as service feeding events to WAF-FLE in real-time or scheduled in crontab. It must to be considered in beta stage, but seen to be reliable and fast.
  • Sensors and users management interface much improved, with more information and options.
  • Improved ModSecurity events parsing, supporting some new fields like stopwatch2.

You can download it in http://www.waf-fle.org/download/

You can access WAF-FLE demo in http://www.waf-fle.org/demo/

Any issue in this release can be filled http://www.waf-fle.org/support/ (issue tracker or mailinglist)

Best regards and good waf-fling,

Klaubert Herr
The WAF-FLE Project

Comments are closed.