It is now recommended to disable whitelist checks of client HTTP headers in Shadow Daemon to prevent false-positives.

In this blog post I will explain how to turn a Raspberry Pi into a home alarm system that detects movements, records them, and sends the images to your phone. Additionally, the alarm system will turn on and off automatically based on the location of your phone.

TL;DR: There was a bug in the library jsoncpp regarding null-bytes. It was fixed a year ago, but most packet managers still ship affected versions. If a vulnerable version of the library is used it is possible to bypass shadowd 2.0.0 or earlier.

At the next OWASP Ruhrpott meeting I will present the current state of the web application firewall Shadow Daemon. The main topics of my talk will be the architecture and attack detection of the system, but you can also expect comparisons with other free web application firewalls like mod_security and naxsi.

It is my pleasure to announce the release of shadowd 1.1.0 as well as shadowd_ui 1.1.0 of the Shadow Daemon web application firewall. This update improves the performance, attack detection and ease of use. There are five major changes:

• A native flood protection. It is no longer necessary to use fail2ban to prevent flooding of the logs, it happens automatically now.
• A storage queue. This removes a huge bottleneck from Shadow Daemon, the permanent storage of requests.
• Optimizations of the database layout to improve the performance.
• New blacklist filters/signatures to detect more attacks, e.g. shellshock, cross-site scripting, server-site includes and code evaluation.
• An option for the whitelist rules generator to automatically unify arrays. This makes it much easier to generate rules for big web applications.

There are no new major additions, but this update does improve the overall experience a lot, so I highly recommend to apply it. Most changes are based on feedback, so keep it coming :)