github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup some doc formatting.

Browse Source 
Prepare trunk for use as 2.5.0-devN tree.
This commit is contained in:
brectanus 2007-09-14 21:41:34 +00:00
parent c8e5c7fcd5
commit 53011819d4
3 changed files with 46 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CHANGES
View File

@ -1,14 +1,8 @@
?? ??? 2007 - 2.5.0-trunk ?? ??? 2007 - 2.5.0-dev3
------------------------- ------------------------
* Used new API calls to get the server version/banner when available. * Used new API calls to get the server version/banner when available.
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Added ability to compile without an external API (-DNO_MODSEC_API).
* Added "logdata" meta action to allow safe logging of raw transaction data. * Added "logdata" meta action to allow safe logging of raw transaction data.
* Added TX_SEVERITY that keeps track of the highest severity * Added TX_SEVERITY that keeps track of the highest severity
@ -35,8 +29,23 @@
visibility attribute. visibility attribute.
27 July 2007 - 2.1.2 11 Sep 2007 - 2.1.3
-------------------- -------------------
* Updated multipart parsing code adding variables to allow checking
for various parsing issues (request body abnormalities).
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Do not block internal ErrorDocument requests after blocking request.
* Added ability to compile without an external API (use -DNO_MODSEC_API).
27 Jul 2007 - 2.1.2
-------------------
* Cleaned up and clarified some documentation. * Cleaned up and clarified some documentation.

4
apache2/modsecurity.h
View File

@ -58,8 +58,8 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
#define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MAJOR "2"
#define MODSEC_VERSION_MINOR "5" #define MODSEC_VERSION_MINOR "5"
#define MODSEC_VERSION_MAINT "0" #define MODSEC_VERSION_MAINT "0"
#define MODSEC_VERSION_TYPE "trunk" #define MODSEC_VERSION_TYPE "dev"
#define MODSEC_VERSION_RELEASE "99" #define MODSEC_VERSION_RELEASE "3"
#define MODULE_NAME "ModSecurity" #define MODULE_NAME "ModSecurity"
#define MODULE_RELEASE \ #define MODULE_RELEASE \

47
doc/modsecurity2-apache-reference.xml
View File

@ -3,7 +3,7 @@
<title>ModSecurity Reference Manual</title> <title>ModSecurity Reference Manual</title>
<articleinfo> <articleinfo>
<releaseinfo>Version 2.5.0-trunk / (September 7, 2007)</releaseinfo> <releaseinfo>Version 2.5.0-dev3 / (September 14, 2007)</releaseinfo>
<copyright> <copyright>
<year>2004-2007</year> <year>2004-2007</year>
@ -666,9 +666,9 @@ SecAuditLogStorageDir logs/audit
<listitem> <listitem>
<para><literal moreinfo="none">I</literal> - This part is a <para><literal moreinfo="none">I</literal> - This part is a
replacement for part C. It will log the same data as C in all cases replacement for part C. It will log the same data as C in all cases
except when<literal moreinfo="none">multipart/form-data</literal> except when <literal moreinfo="none">multipart/form-data</literal>
encoding in used. In this case it will log a fake <literal encoding in used. In this case it will log a fake <literal
moreinfo="none"> application/x-www-form-urlencoded</literal> body moreinfo="none">application/x-www-form-urlencoded</literal> body
that contains the information about parameters but not about the that contains the information about parameters but not about the
files. This is handy if you don't want to have (often large) files files. This is handy if you don't want to have (often large) files
stored in your audit logs.</para> stored in your audit logs.</para>
@ -677,7 +677,7 @@ SecAuditLogStorageDir logs/audit
<listitem> <listitem>
<para><literal moreinfo="none">J</literal> - RESERVED. This part, <para><literal moreinfo="none">J</literal> - RESERVED. This part,
when implemented, will contain information about the files uploaded when implemented, will contain information about the files uploaded
using multipart/form-data encoding.</para> using <literal>multipart/form-data</literal> encoding.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -1910,16 +1910,17 @@ SecRule REQUEST_HEADERS:Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>application/x-www-form-urlencoded - used to transfer form <para><literal>application/x-www-form-urlencoded</literal> - used to
data</para> transfer form data</para>
</listitem> </listitem>
<listitem> <listitem>
<para>multipart/form-data - used for file transfers</para> <para><literal>multipart/form-data</literal> - used for file
</listitem> transfers</para>
</listitem>
<listitem>
<para>text/xml - used for passing XML data</para> <listitem>
<para><literal>text/xml</literal> - used for passing XML data</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -3694,7 +3695,7 @@ SecRule REQUEST_URI "^/cgi-bin/script\.pl" \
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>1 - 99,999; reserved for local (internal) use. Use as you see <para>1-99,999; reserved for local (internal) use. Use as you see
fit but do not use this range for rules that are distributed to fit but do not use this range for rules that are distributed to
others.</para> others.</para>
</listitem> </listitem>
@ -4730,10 +4731,11 @@ SecRule REQUEST_HEADERS:Ip-Address "!<emphasis role="bold">@streq %{TX.1}</empha
byte range. This can be useful to avoid stack overflow attacks (since byte range. This can be useful to avoid stack overflow attacks (since
they usually contain "random" binary content). Default range values are they usually contain "random" binary content). Default range values are
0 and 255, i.e. all byte values are allowed. This directive does not 0 and 255, i.e. all byte values are allowed. This directive does not
check byte range in a POST payload when multipart/form-data encoding check byte range in a POST payload when
(file upload) is used. Doing so would prevent binary files from being <literal>multipart/form-data</literal> encoding (file upload) is used.
uploaded. However, after the parameters are extracted from such request Doing so would prevent binary files from being uploaded. However, after
they are checked for a valid range.</para> the parameters are extracted from such request they are checked for a
valid range.</para>
<para>validateByteRange is similar to the ModSecurity 1.X <para>validateByteRange is similar to the ModSecurity 1.X
SecFilterForceByteRange Directive however since it works in a rule SecFilterForceByteRange Directive however since it works in a rule
@ -4804,8 +4806,9 @@ SecRule XML "<emphasis role="bold">@validateSchema /path/to/apache2/conf/xml.xsd
<para>URL encoding is an HTTP standard for encoding byte values within a <para>URL encoding is an HTTP standard for encoding byte values within a
URL. The byte is escaped with a % followed by two hexadecimal values URL. The byte is escaped with a % followed by two hexadecimal values
(0-F). This directive does not check encoding in a POST payload when the (0-F). This directive does not check encoding in a POST payload when the
multipart/form-data encoding (file upload) is used. It is not necessary <literal>multipart/form-data</literal> encoding (file upload) is used.
to do so because URL encoding is not used for this encoding.</para> It is not necessary to do so because URL encoding is not used for this
encoding.</para>
</section> </section>
<section> <section>
@ -4970,4 +4973,4 @@ SecRule REQUEST_METHOD "!<emphasis role="bold">@within %{tx.allowed_methods}</em
</section> </section>
</section> </section>
</section> </section>
</article> </article>