PHPIDS - get it!

Archive for June, 2008

PHPIDS 0.5 has landed

Saturday, June 7th, 2008

After several weeks without releases, only smaller rule upgrades and converter patches we finally present the most recent version of the PHPIDS. Most of you would have expected the 0.4.8 - but we are throwing out 0.5 today - why is that?

Easy explanation: we’ve added a feature that has been requested very often and closes one huge gap in the protection layer the PHPIDS provides. We are talking about user input where valid HTML is allowed - even wanted. Like with WYSIWYG editors and other rich text forms. Until now the PHPIDS wasn’t able to deal with this kind of input - too many false alerts were generated and generally we recommended to add form fields with allowed HTML to the exclusions. Not good.

Those times are over - the PHPIDS 0.5 uses the HTMLPurifier to compare the original user input with the purified one to determine the differences and analyze them with the rules and the centrifuge. You can of course chose freely which fields you want to monitor the traditional way and which are allowed to contain valid HTML - just have a look at the packaged Config.ini to see how it works.



scan_keys = false
 
; define which fields contain html and need preparation before
; hitting the PHPIDS rules (new in PHPIDS 0.5)
html[] = __wysiwyg
 
; define which fields shouldn’t be monitored
exceptions[] = __utmz

We tested this feature for a pretty long time - but of course not as long as the way riper components like the rules and the PHPIDS Centrifuge. So - there might be some false alerts and other minor problems to wipe out in the next releases. Please help us improving the system by submitting problems and contacting us about them via mail, forum or group.

Some other mentionable enhancements are optimizations of the Centrifuge, a lot of important fixes of the rules, optimizations of the converter, extended tests for even more reliability and several performance tweaks. Thanks to Hinnerk Altenburg from epublica the rule set is now even compatible with Perl and Python - so there are no barriers anymore for writing ports for several other languages.

So don’t hesitate too long and grab the latest packages from the downloads section. We hope you like this release as much as we do and have great fun and use detecting attacks and reacting on them however you feel like. Big thanks go to Gareth Heyes, David Lindsay and several others for their help on testing the PHPIDS and again finding exotic but working rule circumventions. Also many thanks to all the guys from OWASP Europe and ph-neutral for their excellent feedback and great discussions about the PHPIDS.

Posted in PHPIDS | 5 Comments »