MicrosoftがModSecurityのStableとか出す時代か・・・

We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2. Since the announcement of availability of the beta version in July 2012, we have been working very hard to bring the quality of the module to meet the enterprise class product requirements. In addition to numerous reliability improvements, we have introduced following changes since the first beta version was released: optimized performance of request and response body handling added “Include” directive, relative path and wildcard options to the configuration files re-written installer code to avoid .NET Framework dependency and added installation error messages to system event log integrated OWASP Core Rule Set in the MSI installer with IIS-specific configuration fixed about 10 functional bugs reported by ModSecurity IIS users. Microsoft also released recently a TechNet article entitled "Security Best Practices to Protect Internet Facing Web Servers", which explains in details benefits of deploying a WAF module on a web server.

Introducing ModSecurity IIS 2.7.2 Stable Release – Security Research & Defense