Todo
Cookie mapping
Mask / rewrite cookies and sessionid's to hide internal site data and mitigate session-based attacks. Use mod_usertrack's strong session tracking to remap (PHP|JSP|ASP)SessionID.
Application State
Per-IP / sessionid application tracking. Possible bundling of external logfile correlation tools.
Configuration
"Canned" configurations for common apps, configurable by SetEnvIf / include, i.e. owa.conf, joomla.conf, drupal.conf, etc. See examples in the current httpd.conf.
Web Administration
Web interface to per-VHost ProxyPass / rewrite / modsec rules would lead to wider adoption of the tool. Would potentially require a second httpd build, since wsgw is built / configured as proxy-only and we don't want to introduce exposure.
Build Process / Packages
Autoconf / automake wrappers, pre-built RPM's / debs / tgz's / etc.