search close

Apache


Apache Module Release Notes

=======

1.8.4 2021-07-29

  • Added support for Content-type application/graphql

1.8.3 2021-02-20

  • Added cryptographic signatures to released RPM packages

1.8.2 2021-01-08

  • Added Ubuntu 20.04 (Focal) support
  • Removed support for Apache-2.2 32-bit LSB for Centos 6 (el6)

1.8.1 2020-07-13

  • Added support for setting Location header if agent responds with X-Sigsci-Redirect

1.8.0 2020-06-10

  • Pass OPTIONS and CONNECT requests to the agent
  • Deprecate alternative blocking response codes(SigSciAltResponseCodes). Allow any code received from agent, 300 and above as blocking.
  • Improved socket error handling and logging

1.7.16 2020-03-06

  • Improved handling of headers of larger size returned by agent
  • Improved handling of reading from socket when data not ready

1.7.15 2020-03-02

  • Added support for configurable agent response codes
  • Fixed handling of inspection in Locations

1.7.14 2020-02-24

  • Added support for agent response code 429
  • Added support for Apache-2.2 32-bit LSB for Centos 6 (el6)

1.7.13 2020-02-10

  • Fixed agent response parsing errors to get the response code

1.7.12 2020-02-04

  • Added Debian 10 (buster) support
  • Added CentOS 8 (el8) support

1.7.11 2019-07-02

  • Fixed double send of prerequest to agent

1.7.10 2019-05-07

  • Released apache-2.4 for Windows

1.7.9 2019-04-23

  • Internal tooling updates

1.7.8 2019-03-25

  • Added ServerName field to agent messages

1.7.7 2019-02-15

  • Fixed compiler error for centos6-apache2.4

1.7.6 2018-10-03

  • Allow setting SigSciAgentPostLen to 0 to turn off post body processing

1.7.5 2018-06-07

  • Send request to agent despite missing TLS parameters

1.7.4 2018-05-23

  • Improved error logging when building messages bound for the agent

1.7.3 2018-05-17

  • Improved logging across all modules
  • Enhanced logging of communication with the agent

1.7.2 2018-05-16

  • Added config check for runlist creation
  • Updated directive SigSciAgentInspection to be configured per directory and/or globally

1.7.1 2018-05-08

  • Hardened apache module - ensure complete logging for errors

1.7.0 2018-05-01

  • Added new global directives: SigSciRunBeforeModulesList, SigSciRunAfterModulesList

1.6.1 2018-04-06

  • Standardized release notes
  • Porting fixes for ubuntu 18.04
  • Ubuntu 18.04 packaging

1.6.0 2018-1-30

  • ISSUE-10307: Allow other modules to run before this one. ie. mod_auth_oidc
  •          Improved performance and noise reduction per customer request
    
  •          Added new directive: SigSciEnableFixups
    
  •          Changed Directive names for all existing Directives to contain prefix SigSci
    

1.5.7 2018-01-24

  • Added support for multipart/form-data post

1.5.6 2017-10-23

  • Fixed module version gen script

1.5.5 2017-10-16

  • No code changes
  • Added .tar.gz packages for CentOS

1.5.4 2017-10-12

  • Improved error logs
  • Added debugging for specific customer issue

1.5.3 2017-09-11

  • Standardized defaults across modules and document

1.5.2 2017-09-01

  • Fixed module type

1.5.1 2017-07-24

1.5.0 2017-03-21

  • Redacted

1.4.6 2016-12-02

1.4.5 2016-10-31

  • Fixed error converting timeout from millisecs to microsecs
  • Fixed issue setting socket timeout when >= 1000ms

1.4.4 2016-10-27

  • Added ability to allow post-bodies greater than 128k
  • Increased default timeout time from 5ms to 100ms similar to NGINX

1.4.3 2016-09-15

  • Added support for mod_remoteip over-rides of the client IP address

1.4.2 2016-08-31

  • No change, rebuilt to correct version numbers

1.4.1 2016-08-11

  • No change, rebuilt to support CentOS 6 + Apache 2.4

1.4.0 2016-07-13

  • Switched to SemVer versions
  • Added support for Ubuntu 16.04

0.344 2016-07-12

  • Removed module-level filtering to allow agent features
  • Fixed minor packaging issues

0.340 2016-04-15

  • Added support for Apache 2.4 on RHEL/CentOS 6

0.338 2016-04-10

  • Added support for RHEL/CentOS 5

0.318 2016-03-21

  • Brought all version numbering in sync with the new packages

0.317 2016-02-26

  • Originally HTTP methods that were inspected where explicitly listed (whitelisted, e.g. “GET”, “POST”). The logic is now inverted to allow all methods not on an ignored list (blacklisted, e.g. “OPTIONS”, “CONNECT”). This allows for the detection of invalid or malicious HTTP requests.
  • Added backward compatibility support for using the agent RPCv1 protocol (e.g., with -rpc-version=1)
  • Added the module base address to the startup message to aid debugging. EX: SigSci Apache Module version 0.123 starting (base 7f08e4e86000)
  • Improved log messages when reading the request body
  • Fixed a potential crash if a request times out

0.311 2016-02-03

  • Fixed server crashes as seen in some configurations (so far only in the lab)
  • Updated packaging
  • Improved performance and memory
  • Added support for inspecting HEAD requests

0.241 2015-08-24

  • Fixed sending correct values of response code and bytes sent when Apache does certain forms of internal redirects
  • Added a Hello World message on Apache start, indicating module is loaded and it’s version number
  • Improved work around Apache’s state machine to capture more response headers

(Originally released as 239, but with minor improvements)

0.224 2015-08-11

HIGHLY RECOMMENDED

  • Fixed incorrect handling of (rare) negative length values and time values (due to clock drift, lack of kernel having a monotonic clock, etc)
  • Made general optimizations and improvements
  • Redacted Authorization and X-Auth-Token HTTP request headers

0.214 2015-07-31

HIGHLY RECOMMENDED

  • Removed incorrect WARNING log message of the form “Allocated buffer using Content-Length of 22 bytes for input stream”, which was benign and was turned into a DEBUG message
  • Added ability to send Scheme information to agent (i.e. http or https)
  • Added ability to send back TLS (SSL) information to the agent, upgrade agent to at least 1.8.3385 for best results
  • Made minor optimizations

0.207 2015-07-20

HIGHLY RECOMMENDED

  • Fixed bug in requests with POST bodies > 4000 bytes, where input would get truncated. This bug appeared to manifest itself on some Apache configurations and not others. Regardless, this release is highly recommended for all.
  • Added X-SigSci-AgentResponse, X-SigSci-RequestID request headers, bringing Apache to parity with other platforms
  • With Agent 1.8.3186, X-SigSci-Tags is added indicating what was detected in the request

0.159 2015-07-13

  • Enabled forward compatibility for upcoming feature

0.144 2015-07-06

  • Enabled sending of response headers to Agent for upcoming features, which brings the Apache module to parity with other platforms
  • Added support and inspect PATCH http methods
  • Fixed possible issue with reading post bodies > 64k
  • Removed rare debug messages that were incorrectly going to stderr

0.139 2015-06-14

  • Fixed issues where the Signal Sciences dashboard would show a incorrect “Agent Response” of 0. For best results, upgrade Agent to at least 1.8.2718

0.133 2015-06-11

  • Major cleanup and bug fix release. Highly recommended for all customers.
  • Removed ability to send Cookie or Set-Cookie headers to the agent
  • Removed deprecated communication protocol