Version 0.6.0-rc1 available

Today the WAF-FLE Project is proud to release a new version of WAF-FLE: 0.6.0-RC1 (Release Candidate 1). This is a major release, with many new features, improvements and bug fixes (see ChangeLog for a complete list of changes).

The more relevant features in this version are:

  • Filter enabled Dashboard: Now you can use the filter in dashboard, all charts and tables are clickable, enabling the drill-down data on dashboard, updating the charts and tables to reflect the filter.
  • Delete events by filter: now you can use the filter to delete events at once, turning much more easier, for example exclude false positive events.
  • Compression of full events: You can choice if you want to compress full events (used to download raw events), make a huge difference in disk space used by database (saving around 60% of space).
  • You can define if WAF-FLE should use a header like X-Forwarded-For or X-Real-IP like source of source address in events. Very useful when you have a reverse proxy in front of ModSecurity. You can customize wich header should be used.
  • Support to ModSecurity 2.7 Engine-Mode variable, to let you know if an event has allowed (but logged) or if the sensor are in detection-only mode.
  • GeoIP support in dashboard, event and filter.
  • Setup script: to help in dependencies check, database creation/migration, making much more quick a setup in platforms where installation dependencies are not easily known.
  • mlog2waffle: a daemon to work as a replacement to mlogc. It is written in perl, and can work as service feeding events to WAF-FLE in real-time or scheduled in crontab. It must to be considered in beta stage, but seen to be reliable and fast.
  • Sensors and users management interface much improved, with more information and options.
  • Improved ModSecurity events parsing, supporting some new fields like stopwatch2.

You can download it in

You can access WAF-FLE demo in

Any issue in this release can be filled (issue tracker or mailinglist)

Best regards and good waf-fling,

Klaubert Herr
The WAF-FLE Project

WAF-FLE 0.5, initial release

WAF-FLE logoToday I’m happy to release, the first version of WAF-FLE (version 0.5), at OWASP AppSec’11 Latam, a new console for Modsecurity , that fills the gap for a OpenSource console for modsecurity.

The code is (as probably all initial releases) subject to bugs, and should be used with care, but my own use shows that it can handle lots of events even in an old  server. Supporting peaks of 180 events per second, keeping more than 10 million events  in the database (with tittle performance degradation).

I believe that the Filter (used to drill down events) is the most significant feature in this release, once it allows the user to quickly find an event or filter out what he doesn’t want.

Your feedback is very important to improve its quality.

Klaubert Herr
The WAF-FLE Project

Recent Entries »