Category Archives: WAF-FLE

New version 0.6.4, fixes and improvements

A new version 0.6.4, that brings fixes and improvements is out. The update process is very simple, just copy new files over the old files.

Some enhancements in this version is:

  • Support to rules and mod_security compiled by Atomic Turtle;
  • Performance impact with high number of hostnames in database;
  • Custom tag ID new number, to avoid conflict with already present tag;
  • Better handling of “PCRE limits exceeded”;

And many more, check the ChangeLog file to see all fixes and improvements.

I’d like to say “thank you” to each user that contributed with bug reports, patches and suggestions.

To download check the download page.

Issue Tracking moved to GitHub

The WAF-FLE Issue tracking moved to GitHub to make more clear the relation between an issue and the code that fix it.

WAF-FLE Issue Tracking moved to GitHubThe development code of WAF-FLE was on GitHub for many months, and many users have opened new issues there, while the “official” still the Google Code. To make things easier to all, I think that is better to concentrate this job in only one place, github.

I expect to solve all issues still on Google Code, if possible. While the issue tracking on Google Code is not closed (yet), I don’t expect new issues there.

To open a new issue or see current issues on GitHub, access:





Support WAF-FLE, Make a Donation

Support WAF-FLE, “Make a Donation” is a campaign asking you to engage with project.

WAF-FLE is a project conducted in spare time, with my personal effort, that offer to you a product useful to manage and improve the web application security of your company/organization. You can support this effort, and as some people had asked me how to donate to the project, I have created a PayPal donation button (on right sidebar) to allow those that want to support financially the project can do this in a simple way.

Any contribution is welcome. If the WAF-FLE is useful to your organization, consider make a donation, this will reduce my costs (with time, hosting, etc.), and will make things go faster in development.

Best regards,


Site became multi-language, added Brazilian Portuguese

Language Selection

The WAF-FLE website became multi-language, with addition of Brazilian Portuguese, to better address the Brazilian users community. All site was translated, even old posts (but something may have been overlooked). Try the languages available in right sidebar.

While WAF-FLE itself is available only in english, an effort was made to bring the Deployment Guide to Portuguese as well the website now.

This addition was possible by using a new theme and plugin, that simplify the translation process (while make a double work in site maintenance).

For while, just one mailing-list, so still writing in english there.


WAF-FLE 0.6.0 final(ly)

Dear WAF-FLE users,

after a long time working in many things no waf-fle related (time still short), and with the help of many valuable users, I’m releasing the version 0.6.0 (final) of WAF-FLE (download: waf-fle_0.6.0.tar.gz)

This version keeps all features and improvements from of 0.6.0-rc, and making room for new features in next version. I’d like to say a thank you to all users that had submitted bug reports and helped to improve this version.

All users should considering upgrade to this version once it corrected many bugs (from version 0.5.x and 0.6.0-rcX).

The most important change was a better parsing of logs.

Read the ChangeLog file a complete list of bug fixed.

Good WAF-FLing,

Klaubert Herr
WAF-FLE Project

WAF-FLE: Deployment Guide, now available

Deployment Guide

I just publish the “WAF-FLE: Deployment Guide” (on the Documentation page). Is an extensive and step-by-step guide (but I know, is incomplete, at least in this first release). Is the first of an endless writing and editing.

It is directed to both new and current WAF-FLE users.

The topics covered range from Deployment scenarios, WAF-FLE installation and upgrade, Sensor Setup and Definition, using Event Feeder Configuration to help sensor side configuration (mlog2waffle and mlogc), and has Quick How-To for CentOS/RedHat, Debian/Ubuntu and FreeBSD . Finishing with some tips for Sizing and MySQL Tunning.

Comments, corrections and additions are very welcome and can be sent as a new issue ticket.

Version 0.6.3

Today I release WAF-FLE 0.6.3, it include many fixes reported by users. See ChangeLog for more details. Below the most relevant:

  • Better delete of events when using filters;
  • Better handling of events from bad formed requests;
  • fixed version of mlog2waffle, working better in batch mode;
  • mlog2wafle now support send events to waf-fle in SSL with self-signed certificate;
  • improved setup for permission of non localhost database;

You can download it in download page, or directly in waf-fle-0.6.3.tar.gz 

The WAF-FLE Project.

« Older Entries