A free mod_security replacement?
Then I learnt that it already existed, and was called mod_security.
(Initially I was suprised it was written as an Apache module, rather than a proxy, but I think it makes sense to code it that way now).
we? need a free replacement.
Writing the engine is almost trivial. The value comes from the rules (which should ideally be seperate a la snort – but freely redistributable), and to a lesser extent the simplicity of the rule-writing process / flexibility of the rule-engine.
My time is tight, but it is a genuinely interesting area to me.