Today the WAF-FLE Project is proud to release a new version of WAF-FLE: 0.6.0-RC1 (Release Candidate 1). This is a major release, with many new features, improvements and bug fixes (see ChangeLog for a complete list of changes).
The more relevant features in this version are:
- Filter enabled Dashboard: Now you can use the filter in dashboard, all charts and tables are clickable, enabling the drill-down data on dashboard, updating the charts and tables to reflect the filter.
- Delete events by filter: now you can use the filter to delete events at once, turning much more easier, for example exclude false positive events.
- Compression of full events: You can choice if you want to compress full events (used to download raw events), make a huge difference in disk space used by database (saving around 60% of space).
- You can define a if WAF-FLE should use a header like X-Forwarded-For or X-Real-IP like source of source address in events. Very useful when you have a reverse proxy in front of ModSecurity. You can customize wich header should be used.
- Support to ModSecurity 2.7 Engine-Mode variable, to let you know if an event has allowed (but logged) or if the sensor are in detection-only mode.
- GeoIP support in dashboard, event and filter.
- Setup script: to help in dependencies check, database creation/migration, making much more quick a setup in platforms where installation dependencies are not easily known.
- mlog2waffle: a daemon to work as a replacement to mlogc. It is written in perl, and can work as service feeding events to WAF-FLE in real time or scheduled in crontab. It must to be considered in beta stage, but seen to be reliable and fast.
- Sensors and users management interface much improved, with more information and options.
- Improved ModSecurity events parsing, supporting some new fields like stopwatch2.
You can download it in http://www.waf-fle.org/download/
You can access WAF-FLE demo in http://www.waf-fle.org/demo/
Any issue in this release can be filled http://www.waf-fle.org/support/ (issue tracker or mailinglist)
Best regards and good waf-fling,
The WAF-FLE Project