WAF-FLE: Deployment Guide, now available

Deployment Guide

I just publish the “WAF-FLE: Deployment Guide” (on the Documentation page), is an extensive and step-by-step guide (but I know, is incomplete, at least in this first release). Is the first of an endless writing and editing.

It is directed to both new and current WAF-FLE users.

The topics covered range from Deployment scenarios, WAF-FLE installation and upgrade, Sensor Setup and Definition, using Event Feeder Configuration to help sensor side configuration (mlog2waffle and mlogc), and has Quick How-To for CentOS/RedHat, Debian/Ubuntu and FreeBSD . Finishing with some tips for Sizing and MySQL Tunning.

Comments, corrections and additions are very welcome and can be sent as a new issue ticket.

WAF-FLE Code in GitHub

The development of WAF-FLE now happens on GitHub, and can be checked in: https://github.com/klaubert/waf-fle/

Submit your code, enhancement and fix. Make the WAF-FLE yet better.

By now, checkout the code from branch 0.7.0-devel (where current fix and development are happening), make your pull request to this branch too.

Klaubert Herr
The WAF-FLE Project

Version 0.6.3

Today I release WAF-FLE 0.6.3, it include many fixes reported by users. See ChangeLog for more details.

  • Better delete of events when using filters;
  • Better handling of events from bad formed requests;
  • fixed version of mlog2waffle, working better in batch mode;
  • mlog2wafle now support send events to waf-fle in SSL with self-signed certificate;
  • improved setup for permission of non localhost database;

You can download it in download page, or directly in waf-fle-0.6.3.tar.gz 

The WAF-FLE Project.

WAF-FLE 0.6.0 final(ly)

Dear WAF-FLE users,

after a long time working in many things no waf-fle related (time still short), and with the help of many valuable users, I’m releasing the version 0.6.0 (final) of WAF-FLE (download: waf-fle_0.6.0.tar.gz)

This version keeps all features and improvements from of 0.6.0-rc, and making room for new features in next version. I’d like to say a thank you to all users that had submitted bug reports and helped to improve this version.

All users should considering upgrade to this version once it corrected many bugs (from version 0.5.x and 0.6.0-rcX).

The most important change was a better parsing of logs.

Read the ChangeLog file a complete list of bug fixed.

Good WAF-FLing,

Klaubert Herr
WAF-FLE Project

Version 0.6.0-rc1 available

Today the WAF-FLE Project is proud to release a new version of WAF-FLE: 0.6.0-RC1 (Release Candidate 1). This is a major release, with many new features, improvements and bug fixes (see ChangeLog for a complete list of changes).

The more relevant features in this version are:

  • Filter enabled Dashboard: Now you can use the filter in dashboard, all charts and tables are clickable, enabling the drill-down data on dashboard, updating the charts and tables to reflect the filter.
  • Delete events by filter: now you can use the filter to delete events at once, turning much more easier, for example exclude false positive events.
  • Compression of full events: You can choice if you want to compress full events (used to download raw events), make a huge difference in disk space used by database (saving around 60% of space).
  • You can define if WAF-FLE should use a header like X-Forwarded-For or X-Real-IP like source of source address in events. Very useful when you have a reverse proxy in front of ModSecurity. You can customize wich header should be used.
  • Support to ModSecurity 2.7 Engine-Mode variable, to let you know if an event has allowed (but logged) or if the sensor are in detection-only mode.
  • GeoIP support in dashboard, event and filter.
  • Setup script: to help in dependencies check, database creation/migration, making much more quick a setup in platforms where installation dependencies are not easily known.
  • mlog2waffle: a daemon to work as a replacement to mlogc. It is written in perl, and can work as service feeding events to WAF-FLE in real-time or scheduled in crontab. It must to be considered in beta stage, but seen to be reliable and fast.
  • Sensors and users management interface much improved, with more information and options.
  • Improved ModSecurity events parsing, supporting some new fields like stopwatch2.

You can download it in http://www.waf-fle.org/download/

You can access WAF-FLE demo in http://www.waf-fle.org/demo/

Any issue in this release can be filled http://www.waf-fle.org/support/ (issue tracker or mailinglist)

Best regards and good waf-fling,

Klaubert Herr
The WAF-FLE Project

Version 0.5.1 available

I just release the version 0.5.1 of WAF-FLE as a bugfix.
The main fix was a mistake in timezone treatment (for events reception) for countries ahead of UTC ( ie, +0200), along other minor bug fix and code cleanup.

To download check the Download page

WAF-FLE Screeshots

As requested by some modsecurity users, we have now a page where you can see the WAF-FLE screenshots.

As the version will evolve, I’ll update it.

WAF-FLE Discussion list

To help on user support we have created a discussion list where you will can solve your doubts about WAF-FLE usage and configuration, and you can share experience. To start now on discussion list check out Support page.