AppSamurai is a mod_perl based system to protect vulnerable or sensitive Web applications. The target use is in reverse proxy configurations, with an Apache/mod_perl reverse proxy inside a DMZ and a backend Web server in another DMZ or an internal network. AppSamurai's features include a modular, multi-factor authentication system, form based or basic auth based logins, encrypted storage of session data on a proxy, the ability to use any Apache::Session storage type (including databases for clustered deployment), and the ability to configure it from httpd.conf.
|Tags||Security Internet Web HTTP Servers Proxy Servers|
Release Notes: This release adds nonce and signature to the login.pl login form and checking in Apache::AppSamurai::login(). All form logins must now provide a valid nonce and signature. It adds AuthSimple.pm, an authentication module for the Authen::Simple authentication framework, supporting numerous authentication methods (Kerberos, LDAP, PAM, etc.) It improves detection/requirement handling for mod_perl and Crypt::CBC ciphers.
Release Notes: The first release with Apache 2.x/mod_perl 2.x support. Unified Apache 1.x/mod_perl 1.x and Apache 2.x/mod_perl 2.x support, and example config. Crypt::CBC is used for session data encryption, with support for various block cipher modules. This release ships with ExtUtils::MakeMaker Makefile.PL for users without Module::Build (Module::Build install is still preferred).
No changes have been submitted for this release.