diff --git a/CHANGES b/CHANGES
index 22ca350f..af0fac83 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-02 Jan 2008 - 2.5.0-rc2
+21 Jan 2008 - 2.5.0-rc2
-----------------------
+ * There are no longer any default transformations performed.
+
* Implemented SecRuleUpdateActionById.
* Phase 5 rules can now be removed via SecRuleRemoveBy* directives.
diff --git a/apache2/re.c b/apache2/re.c
index 606cde41..8872e71c 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -620,7 +620,7 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
msre_actionset *msre_actionset_create_default(msre_engine *engine) {
char *my_error_msg = NULL;
return msre_actionset_create(engine,
- "log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace",
+ "log,auditlog,deny,status:403,phase:2",
&my_error_msg);
}
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 0db38a1d..55a07bed 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -3,7 +3,7 @@
ModSecurity Reference Manual
- Version 2.5.0-rc1/ (January 10, 2008)
+ Version 2.5.0-rc1/ (January 21, 2008)
2004-2008
@@ -2859,13 +2859,8 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd"
GET, HEAD, POST or if the HTTP is something other than HTTP/0.9, 1.0 or
1.1.
- SecRule REQUEST_LINE "!(^((?:(?:pos|ge)t|head))|http/(0\.9|1\.0|1\.1)$)"
+ SecRule REQUEST_LINE "!(^((?:(?:pos|ge)t|head))|http/(0\.9|1\.0|1\.1)$)" t:none,t:lowercase
- Note
-
- Due to the default action transformation function lowercase, the
- regex strings should be in lowercase as well unless the t:none
- transformation function is specified for this particular rule.
@@ -2875,13 +2870,8 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd"
Example: the following example will trigger if the Request Method is
either CONNECT or TRACE.
- SecRule REQUEST_METHOD "^((?:connect|trace))$"
+ SecRule REQUEST_METHOD "^((?:connect|trace))$" t:none,t:lowercase
- Note
-
- Due to the default action transformation function lowercase, the
- regex strings should be in lowercase as well unless the t:none
- transformation function is specified for this particular rule.
@@ -2890,13 +2880,8 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd"
This variable holds the Request Protocol Version information.
Example:
- SecRule REQUEST_PROTOCOL "!^http/(0\.9|1\.0|1\.1)$"
+ SecRule REQUEST_PROTOCOL "!^http/(0\.9|1\.0|1\.1)$" t:none,t:lowercase
- Note
-
- Due to the default action transformation function lowercase, the
- regex strings should be in lowercase as well unless the t:none
- transformation function is specified for this particular rule.
@@ -3420,8 +3405,8 @@ SecRule XML:/xq:employees/employee/name/text() Fred \
Note
- The default transformation function setting is - lowercase,
- replaceNulls and compressWhitespace (in this order).
+ There are no default transformation functions as there were in
+ previous versions of ModSecurity.
The following rule will ensure that an attacker does not use mixed
case in order to evade the ModSecurity rule:
@@ -3436,7 +3421,7 @@ SecRule XML:/xq:employees/employee/name/text() Fred \
SecRule ARG:p "xp_cmdshell" "t:urlDecode,t:lowercase"
One can use the SecDefaultAction command to ensure the translation
- occurs for every rule until the next. Note that translation actions are
+ occurs for every rule until the next. Note that transformation actions are
additive, so if a rule explicitly list actions, the translation actions
set by SecDefaultAction are still performed.
@@ -3625,7 +3610,7 @@ SecRule XML:/xq:employees/employee/name/text() Fred \
ones that are at the end of string and have one or two characters
missing) will not be converted. If you want to detect invalid encodings
use the @validateUrlEncoding
- operator. The transformational function should not be used against
+ operator. The transformation function should not be used against
variables that have already been URL-decoded unless it is your intention
to perform URL decoding twice!
@@ -5106,7 +5091,7 @@ end
All matches are case-sensitive. If you do not care about case
sensitivity you either need to implement the lowercase transformational function, or
+ moreinfo="none">lowercase transformation function, or
use the per-pattern(?i)modifier,
as allowed by PCRE.
@@ -5655,4 +5640,4 @@ Server: Apache/2.x.x
-
\ No newline at end of file
+