github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup some doc formatting.

Browse Source 
Prepare trunk for use as 2.5.0-devN tree.
This commit is contained in:
brectanus 2007-09-14 21:41:34 +00:00
parent c8e5c7fcd5
commit 53011819d4
3 changed files with 46 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CHANGES
View File

@ -1,14 +1,8 @@
?? ??? 2007 - 2.5.0-trunk
-------------------------
?? ??? 2007 - 2.5.0-dev3
------------------------
* Used new API calls to get the server version/banner when available.
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Added ability to compile without an external API (-DNO_MODSEC_API).
* Added "logdata" meta action to allow safe logging of raw transaction data.
* Added TX_SEVERITY that keeps track of the highest severity
@ -35,8 +29,23 @@
visibility attribute.
27 July 2007 - 2.1.2
--------------------
11 Sep 2007 - 2.1.3
-------------------
* Updated multipart parsing code adding variables to allow checking
for various parsing issues (request body abnormalities).
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Do not block internal ErrorDocument requests after blocking request.
* Added ability to compile without an external API (use -DNO_MODSEC_API).
27 Jul 2007 - 2.1.2
-------------------
* Cleaned up and clarified some documentation.

4
apache2/modsecurity.h
View File

@ -58,8 +58,8 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
#define MODSEC_VERSION_MAJOR "2"
#define MODSEC_VERSION_MINOR "5"
#define MODSEC_VERSION_MAINT "0"
#define MODSEC_VERSION_TYPE "trunk"
#define MODSEC_VERSION_RELEASE "99"
#define MODSEC_VERSION_TYPE "dev"
#define MODSEC_VERSION_RELEASE "3"
#define MODULE_NAME "ModSecurity"
#define MODULE_RELEASE \

47
doc/modsecurity2-apache-reference.xml
View File

@ -3,7 +3,7 @@
<title>ModSecurity Reference Manual</title>
<articleinfo>
<releaseinfo>Version 2.5.0-trunk / (September 7, 2007)</releaseinfo>
<releaseinfo>Version 2.5.0-dev3 / (September 14, 2007)</releaseinfo>
<copyright>
<year>2004-2007</year>
@ -666,9 +666,9 @@ SecAuditLogStorageDir logs/audit
<listitem>
<para><literal moreinfo="none">I</literal> - This part is a
replacement for part C. It will log the same data as C in all cases
except when<literal moreinfo="none">multipart/form-data</literal>
except when <literal moreinfo="none">multipart/form-data</literal>
encoding in used. In this case it will log a fake <literal
moreinfo="none"> application/x-www-form-urlencoded</literal> body
moreinfo="none">application/x-www-form-urlencoded</literal> body
that contains the information about parameters but not about the
files. This is handy if you don't want to have (often large) files
stored in your audit logs.</para>
@ -677,7 +677,7 @@ SecAuditLogStorageDir logs/audit
<listitem>
<para><literal moreinfo="none">J</literal> - RESERVED. This part,
when implemented, will contain information about the files uploaded
using multipart/form-data encoding.</para>
using <literal>multipart/form-data</literal> encoding.</para>
</listitem>
<listitem>
@ -1910,16 +1910,17 @@ SecRule REQUEST_HEADERS:Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis
<itemizedlist>
<listitem>
<para>application/x-www-form-urlencoded - used to transfer form
data</para>
</listitem>
<listitem>
<para>multipart/form-data - used for file transfers</para>
</listitem>
<listitem>
<para>text/xml - used for passing XML data</para>
<para><literal>application/x-www-form-urlencoded</literal> - used to
transfer form data</para>
</listitem>
<listitem>
<para><literal>multipart/form-data</literal> - used for file
transfers</para>
</listitem>
<listitem>
<para><literal>text/xml</literal> - used for passing XML data</para>
</listitem>
</itemizedlist>
@ -3694,7 +3695,7 @@ SecRule REQUEST_URI "^/cgi-bin/script\.pl" \
<itemizedlist>
<listitem>
<para>1 - 99,999; reserved for local (internal) use. Use as you see
<para>1-99,999; reserved for local (internal) use. Use as you see
fit but do not use this range for rules that are distributed to
others.</para>
</listitem>
@ -4730,10 +4731,11 @@ SecRule REQUEST_HEADERS:Ip-Address "!<emphasis role="bold">@streq %{TX.1}</empha
byte range. This can be useful to avoid stack overflow attacks (since
they usually contain "random" binary content). Default range values are
0 and 255, i.e. all byte values are allowed. This directive does not
check byte range in a POST payload when multipart/form-data encoding
(file upload) is used. Doing so would prevent binary files from being
uploaded. However, after the parameters are extracted from such request
they are checked for a valid range.</para>
check byte range in a POST payload when
<literal>multipart/form-data</literal> encoding (file upload) is used.
Doing so would prevent binary files from being uploaded. However, after
the parameters are extracted from such request they are checked for a
valid range.</para>
<para>validateByteRange is similar to the ModSecurity 1.X
SecFilterForceByteRange Directive however since it works in a rule
@ -4804,8 +4806,9 @@ SecRule XML "<emphasis role="bold">@validateSchema /path/to/apache2/conf/xml.xsd
<para>URL encoding is an HTTP standard for encoding byte values within a
URL. The byte is escaped with a % followed by two hexadecimal values
(0-F). This directive does not check encoding in a POST payload when the
multipart/form-data encoding (file upload) is used. It is not necessary
to do so because URL encoding is not used for this encoding.</para>
<literal>multipart/form-data</literal> encoding (file upload) is used.
It is not necessary to do so because URL encoding is not used for this
encoding.</para>
</section>
<section>
@ -4970,4 +4973,4 @@ SecRule REQUEST_METHOD "!<emphasis role="bold">@within %{tx.allowed_methods}</em
</section>
</section>
</section>
</article>
</article>