ASL 3.0.23 Update PDF Print E-mail
Written by Scott Shinn   
Monday, 14 May 2012 13:46

Release Notes:
This release includes the latest iteration of the Tortix Web Application Firewall (or T-WAF for short). The T-WAF is the next generation of the initial external WAF piloted with the plesk WAF module. It allows for dynamically redirecting local HTTP/HTTPS based traffic directly through the T-WAF module using firewall redirect rules. This is titled as a "local redirect", additionally the T-WAF supports "plesk" mode which replaces the original plesk-waf-setup application. Lastly, the T-WAF supports "remote" which allows the ASL server to act as a reverse proxy for downstream web servers.

As of this release the T-WAF module is considered a beta project and is not enabled by default. Users interested in beta-testing the T-WAF can activate it with:
yum install asl-waf-module

The T-WAF will be licensed separately in a future release.

The 3.0.23 update also includes a beta feature allowing management of the default WAF response policy. Previously web attacks were handled as block inline, this update allows for the "redirect" response to a user defined URL. This URL can be used to pass information on the nature of the blocked attack including rule id, src ip, and internal event id.


Changelog:

  • Add Tortix WAF (T-WAF)
  • Retire plesk-waf-setup (replaced by T-WAF)
  • Update, Add UNSUPPORTED to version info when distribution cannot be identified
  • Update, support for status to the asl-firewall init script
  • Update, ASL Web Corrects corrupt serialized data error
  • Update to asl_db_rotate, TODO what is token here for archive on/off?
  • Update, Changed default behavior of database setup to yes when selecting database installs
  • Update, create a common asl firewall rule clearing function, used by the global asl-firewall init script
  • Update, ASL Web, categories are now sorted alphabetically
  • Update, Add check for /etc/asl/waf-config on permissions check
  • Update, Ignore /usr/local/psa/var/cgitory by default in integrity checks
  • Feature Request #425, add support for the Spamhaus lasso blacklist
  • Feature Request #442, add blacklit support for TOR exit nodes. Adds new config token, FW_TOR
  • Feature Request #785, add support for the Dshield blacklist of top attacking networks.
  • Feature Request #792, add syn-flood protection. New config token: FW_SYN_COOKIES
  • Feature request #814, HIDS limit email notifications to alrts greater than level X
  • Feature Request #820, WAF deny & redirect management subsystem. Adds the config tokens WAF_DEFAULT_ACTION, and WAF_REDIRECT_URL
  • Feature Request #XXX, add port tracking field for "embedded" waf type
  • Feature Request #XXX, automated update times are now randomized to between +1-15 minutes
  • Bugfix #XXX, change from reload to graceful restarts with tortixd. This should fix blank asl -u windows in ASL Web
  • Bugfix #XXX, installer will now store network info to / instead of /tmp.
  • Bugfix #XXX, Fix for remote database support
  • Bugfix #XXX, Fix for continue y/n prompt in database setup
  • Bugfix #XXX, Remove a mod_security binary if its already there before installing a new one. This corrects a really wierd condition when it already exists on source/anarchy installs.

To upgrade:
/var/asl/bin/asl -u

or

yum upgrade asl asl-web
 

Add comment


Security code
Refresh