This release includes the latest iteration of the Tortix Web Application Firewall (or T-WAF for short). The T-WAF is the next generation of the initial external WAF piloted with the plesk WAF module. It allows for dynamically redirecting local HTTP/HTTPS based traffic directly through the T-WAF module using firewall redirect rules. This is titled as a "local redirect", additionally the T-WAF supports "plesk" mode which replaces the original plesk-waf-setup application. Lastly, the T-WAF supports "remote" which allows the ASL server to act as a reverse proxy for downstream web servers.
As of this release the T-WAF module is considered a beta project and is not enabled by default. Users interested in beta-testing the T-WAF can activate it with:
yum install asl-waf-module
The T-WAF will be licensed separately in a future release.
The 3.0.23 update also includes a beta feature allowing management of the default WAF response policy. Previously web attacks were handled as block inline, this update allows for the "redirect" response to a user defined URL. This URL can be used to pass information on the nature of the blocked attack including rule id, src ip, and internal event id.
- Add Tortix WAF (T-WAF)
- Retire plesk-waf-setup (replaced by T-WAF)
- Update, Add UNSUPPORTED to version info when distribution cannot be identified
- Update, support for status to the asl-firewall init script
- Update, ASL Web Corrects corrupt serialized data error
- Update to asl_db_rotate, TODO what is token here for archive on/off?
- Update, Changed default behavior of database setup to yes when selecting database installs
- Update, create a common asl firewall rule clearing function, used by the global asl-firewall init script
- Update, ASL Web, categories are now sorted alphabetically
- Update, Add check for /etc/asl/waf-config on permissions check
- Update, Ignore /usr/local/psa/var/cgitory by default in integrity checks
- Feature Request #425, add support for the Spamhaus lasso blacklist
- Feature Request #442, add blacklit support for TOR exit nodes. Adds new config token, FW_TOR
- Feature Request #785, add support for the Dshield blacklist of top attacking networks.
- Feature Request #792, add syn-flood protection. New config token: FW_SYN_COOKIES
- Feature request #814, HIDS limit email notifications to alrts greater than level X
- Feature Request #820, WAF deny & redirect management subsystem. Adds the config tokens WAF_DEFAULT_ACTION, and WAF_REDIRECT_URL
- Feature Request #XXX, add port tracking field for "embedded" waf type
- Feature Request #XXX, automatic updates are now randomized between +1-15 minutes after launch time.
- Bugfix #XXX, change from reload to graceful restarts with tortixd. This should fix blank asl -u windows in ASL Web
- Bugfix #XXX, installer will now store network info to / instead of /tmp.
- Bugfix #XXX, Fix for remote database support
- Bugfix #XXX, Fix for continue y/n prompt in database setup
- Bugfix #XXX, Remove a mod_security binary if its already there before installing a new one. This corrects a really wierd condition when it already exists on source/anarchy installs.