„Two years ago, almost to the day, O’Reilly Network published my first article, Introducing ModSecurity. ModSecurity was stable and useful before the article went out, but it was not widely known. The publication of the article marked a new phase in the life of ModSecurity, introducing it to a much wider audience. As I write the second article, I can’t help but feel another phase is about to start. I feel we are entering the phase of maturity.
ModSecurity 1.9 was released in early November 2005, more than a year after the previous stable release, version 1.8. The delay between the two releases was much longer than I had anticipated. Looking back, I really should have released 1.9 back in April, but it so happened that I skipped that release and continued adding new features. This resulted in a release that contains double the features and more than a 40 percent increase of the source code size.
This article describes the most important new features in ModSecurity 1.9. This is somewhat difficult to do, because there are so many of them, but I have decided to group the enhancements into three major areas:
Rule engine enhancements
Real-time audit log aggregation
Stateful request monitoring“