Version 8.13 - New directives QS_DenyQueryBody and QS_PermitUriBody obsolte QS_DenyBody. - Fixed: QS_Deny*/QS_Permit* directives can handle strings containing 0 bytes (qsfilter2 still can't). Version 8.12 - New directive QS_InvalidUrlEncoding. Version 8.11 - Fixed: Change Apache 2.0 ifdef statements in order to compile with any compiler. Version 8.10 - Fixed: Did not compile with Apache 2.0. Version 8.9 - QS_LimitRequestBody may be defined using mod_setenvif. See new directive order in mod_qos_seq.gif - mod_qos uses anonymous shm by default. - Use constant semaphore/shared memory file names in order to reuse resources after unclear server shutdown. Version 8.5 - New directive QS_EventKBytesPerSecLimit. - New structure of the source archive tarball, see index.html#build for more information about building the binaries. Version 8.3 - QS_RequestHeaderFilterRule has new syntax. - QS_RequestHeaderFilter checks the header length too. It's possible to use "QS_RequestHeaderFilter size" for header length checking only (instead of using LimitRequestFieldsize). Version 8.2 - Fixed: Client prefer, don't mark connection timeout at keep alive end (used in conjunction with QS_ClientPrefer). - Access log events (mod_qos_ev, mod_qos_cr, mod_qos_con) are stored as variables (storing them in the out headers will be removed in one of the next release). Version 8.1 - Fixed: check for enabled cc in input filter. - Don't allow requests without an URL. Version 8.0 - New server configuration merger: settings within virtual hosts are merged with the settings from the base server (directives outside virtual hosts). Virtual host settings do not overwrite base settings any more. - New directive QS_LimitRequestBody. Version 7.20 - Fixed url decoding detecting %HH encoding (full range). Version 7.19 - QS_DenyEvent may be used to block requests which do NOT have the specified event set. - QS_DenyEvent is applied after the QS_SetEnvIf* directives. See mod_qos_seq.gif for more details. Version 7.18 - QS_Deny/Permit logs on severity warning if action is log only. Version 7.17 - QS_SetEnvIfBody recognizes the occurrence of $1 within the variable value and replaces it by the subexpressions of the defined regex pattern. Version 7.16 - Set audit log variables at header parser hook. Version 7.15 - Directive QS_EventRequestLimit may match variable values too. - New directive QS_SetEnvIfBody. - Audit log is enabled based on the defined log format variables. Version 7.14 - New directive QS_DenyBody implements generic request body filter which can be used in conjunction with QS_DenyQuery, QS_PermitUri, and body data audit log (to be processed my qsfilter2). Version 7.13 - Changed directive processing order, see mod_qos_seq.gif. - New directive QS_SetEnvIfParp (requires mod_parp, see http://parp.sourceforge.net). Important: mod_parp and the QS_SetEnvIfParp directive copies the whole HTTP request message body into the servers memory (requires at least twice the memory size of the posted data). It is very important that you limit the messagy body size for requests processed my mod_parp/QS_SetEnvIfParp using the Apache directive LimitRequestBody. - New directive QS_DenyEvent. - Chuck out mod_qos_control. Version 7.12 - Process event filter only if some rules have been defined. - Recovery rate (decreas limitation) for bandwidth and and request limit has been increased from 16% to 25%. Version 7.11 - New directive QS_EventRequestLimit. Version 7.9 - Fixed: QS_SrvMinDataRate/QS_SrvRequestRate counts all server connections (not only per child process). Version 7.8 - Directive QS_SrvMinDataRate/QS_SrvRequestRate supports min/max limitation in order to increase the minimum upload/download bandwith on multiple simultaneously connections. - Fixed: activation of QS_SrvMinDataRate did not work (QS_SrvRequestRate only). Version 7.7 - New directive QS_SetEnvIfQuery. Version 7.6 - Use the HTTP response code defined by QS_ErrorResponseCode (default is 500) settings for all denied requests expect for those requests rejected to a QS_Deny*, QS_Permit*, or QS_RequestHeaderFilter rule. Version 7.5 - New diretive QS_ErrorResponseCode - Multiple directives (QS_LocRequestLimit, QS_LocRequestLimitMatch, QS_CondLocRequestLimitMatch, QS_ClientEventBlockCount, and QS_ClientEventPerSecLimit) allow now a limitation set to "0". - QS_SrvMinDataRate replaces QS_SrvRequestRate. Version 7.4 - QS_SrvRequestRate supports chunked POST. Version 7.3 - Partial (not for chunked post) fixed error message for slow server response when using QS_SrvRequestRate. Version 7.2 - New directive QS_SetEnvResHeaderMatch Version 7.1 - QS_SrvMaxConnExcludeIP works for QS_SrvRequestRate (may be used to allow selected IP sources, e.g. slow spider). Version 7.0 - New directive QS_SrvRequestRate enforces minimum upload bandwith (used for TCP DoS prevention). Requires thread support. - QS_ClientPrefer allows definition of free connections in percent in order to override the default of 80%. Available for Apache 2.2 only. - QS_SrvConnTimeout is no longer available. Use may QS_SrvRequestRate instead. Version 6.7 - Detects low priotity clients (clients sending slow or using small data packets get marked as low priority clients). - New directives QS_VipUser and QS_VipIpUser. - Status viewer shows information about client (IP) control status. Version 6.6 - mod_status handler hook supports short status flag. Version 6.5 - New directive QS_SetEnvResHeader. - mod_qos_control supports QS_SetEnvIf, QS_SetEnvStatus, and QS_SetEnvIf directive editing. Version 6.4 - New directive QS_SetEnvStatus. - QS_SetEnvIf for response processing (log transaction). - QS_ClientEventBlockCount on response events (log transaction). Version 6.3 - New directive QS_VipIPHeaderName to mark clients (IP) without providing them full VIP privileges. - Add details to log messages. Version 6.2 - New command: QS_ClientEventPerSecLimit. Version 6.1 - QS_SetEnvIf supports NOT operator. - Sets QS_VipRequest variable when receiving valid session cookie. Version 6.0 - mod_qos features per client (IP) control rules. - QS_ClientPrefer, prefers known VIP clients. - QS_ClientEventBlockCount, blocks clients on events. Version 5.17 - New directive QS_EventPerSecLimit allows req/sec limitation for requests causing an event. - New directive QS_SetEnvIf allows combination of multiple environment variables. - Fixed sem/shm leak when using QS_SrvPreferNet. Version 5.16 - Mark QS_CondLocRequestLimitMatch in status viewer. Version 5.15 - New directive QS_CondLocRequestLimitMatch allows conditional request level rules. Version 5.14 - Remove "nicetitles" from status viewer. Version 5.13 - Again, minor status viewer changes. Version 5.12 - Status viewer uses "nicetitles" to show long rule strings. Version 5.11 - Minor internal code changes. Version 5.10 - Rules do not use individual mutex any longer. This allows an unlimted number of rules. Version 5.9 - mod_qos_control features additional qsfilter2 settings. Version 5.8 - Minor improvements in status viewer. - 5.7 did not compile with Apache 2.0 (ap_regex). Version 5.7 - Important: QS_PermitUri, QS_Deny*, qsfilter2 apply filter rules against unescaped URLs where %<hex>, \x<hex> and + (new!) is unescaped. You should regenerate your QS_PermitUri rules using the updated version of the qsfilter2 tool provided by this release. - Very first release of mod_qos_control. Version 5.6 - New status viewer implementation. Version 5.4 - Important: QS_PermitUri, QS_Deny*, qsfilter2 apply filter rules against unescaped URLs where %<hex> and \x<hex> (new!) is unescaped. You should regenerate your QS_PermitUri rules using the updated version of the qsfilter2 tool provided by this release. Version 5.2 - QS_VipHeaderName creates session cookie only once. - VIP has no QS_LocKBytesPerSecLimit/QS_LocKBytesPerSecLimitMatch restrictions. - QS_SrvPreferNet triggers for VIP user on response header only. Version 5.1 - New directive QS_SrvPreferNet. Version 4.30 - Fixed: segfault at server startup when no virtual host has been configured. Version 4.29 - Debug log level lists available request header filter rules. Version 4.28 - Introduce request header filter. Version 4.18 - Introduce log message numbers and SSI support for error pages. - Add new directive QS_DenyInheritanceOff - Add qsfilter2, a tool to generate request URI white list rules. - Use mod_unique_id to tag error messages. Version 4.13 - QS_PermitUri uses case sensitive pcre. Version 4.11 - Add new directive QS_PermitUri. Version 4.8 - Introduce generic request filtering (QS_Deny* directive). Version 4.3 - New handling of graceful server restart. Version 4.2 - QS_LocKBytesPerSecLimitMatch, QS_LocRequestPerSecLimitMatch Version 4.1 - QS_LocKBytesPerSecLimit Version 4.0 - Introduce request/response throttling. Version 3.12 - Update to mod_qos viewer (status handler). Version 3.10 - Dynamic error page definition using setenvif. Version 3.12 - Introduce mod_qos viewer (status handler). Version 3.5 - QS_KeepAliveTimeout Version 3.4 - QS_SrvConnTimeout Version 3.2 - QS_SrvMaxConnTimeout Version 3.1 - QS_SrvMaxConnExcludeIP Version 3.0 - Introduce connection level control (QS_SrvMaxConnClose QS_SrvMaxConn). Version 2.3 - VIP detection. Version 2.2 - qslog utility. Version 2.0 - New implementation of location based request limitation. Version 1.3 - Initial version (scoreboard based request limitation).