mod_security ( the web application firewall ) continues to impress as it takes a beating from ( mostly ) automated bots and hacks scannning for web server vulnerabilities – this is a must for anyone running a publicly accessible web server. Version 2 rc2 is out and features significant improvements in areas like data persistence, XML support and session id’s. Here is an example from my log:
[Thu Jul 20 10:30:36 2006] [error] [client 67.161.47.169] mod_security: Access denied with code 403. Pattern match “!(^application/x-www-form-urlencoded$|^multipart/form-data;)” at HEADER(“Content-Type”) [severity “EMERGENCY”] [uri “”] [unique_id “Ma5vu8CoAQEAABXdxLYAAAAA”]
In other news, WordPress have released bugfix version 2.0.4.