Merge 2.5.x build changes back to trunk.

doc/modsecurity2-apache-reference.xml

@@ -6,7 +6,7 @@
   Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.6.0-trunk (March 5, 2009)</releaseinfo>
+    <releaseinfo>Version 2.6.0-trunk (April 22, 2009)</releaseinfo>
 
     <copyright>
       <year>2004-2009</year>
@@ -4548,11 +4548,11 @@ SecRule REQUEST_CONTENT_TYPE ^text/xml nolog,pass,<emphasis>ctl:requestBodyProce
       threshold of more than 25 attempts in 2 minutes, it will DROP subsequent
       connections.</para>
 
-      <programlisting format="linespecific">SecAction initcol:ip=%{REMOTE_ADDR},nolog
+      <programlisting format="linespecific">SecAction phase:1,initcol:ip=%{REMOTE_ADDR},nolog
 SecRule ARGS:login "!^$" \
     nolog,phase:1,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=20/120
 SecRule IP:AUTH_ATTEMPT "@gt 25" \
-    log,<emphasis>drop</emphasis>,phase:1,msg:'Possible Brute Force Attack"</programlisting>
+    "log,<emphasis>drop</emphasis>,phase:1,msg:'Possible Brute Force Attack'"</programlisting>
 
       <para><emphasis>Note</emphasis></para>
 

doc/modsecurity2-data-formats.xml

@@ -2,34 +2,26 @@
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
 "http://www.docbook.org/xml/4.4/docbookx.dtd">
 <article>
-  <title>ModSecurity 2 Data Formats</title>
-
-  <articleinfo>
-    <releaseinfo>2.6.0-trunk (March 5, 2009)</releaseinfo>
-
-    <copyright>
-      <year>2004-2009</year>
-
-      <holder>Breach Security, Inc. (<ulink
-      url="http://www.breach.com">http://www.breach.com</ulink>)</holder>
-    </copyright>
-  </articleinfo>
-
-  <para>The purpose of this document is to describe the formats of the
-  ModSecurity alert messages, transaction logs and communication protocols,
-  which would not only allow for a better understanding what ModSecurity does
-  but also for an easy integration with third-party tools and products.</para>
-
-  <section>
-    <title>Alerts</title>
-
-    <para>As part of its operations ModSecurity will emit alerts, which are
-    either <emphasis>warnings</emphasis> (non-fatal) or
-    <emphasis>errors</emphasis> (fatal, usually leading to the interception of
-    the transaction in question). Below is an example of a ModSecurity alert
-    entry:</para>
-
-    <programlisting>Access denied with code 505 (phase 1). Match of "rx
+    <title>ModSecurity 2 Data Formats</title>
+    <articleinfo>
+        <releaseinfo>2.6.0-trunk (April 22, 2009)</releaseinfo>
+        <copyright>
+            <year>2004-2009</year>
+            <holder>Breach Security, Inc. (<ulink url="http://www.breach.com"
+                    >http://www.breach.com</ulink>)</holder>
+        </copyright>
+    </articleinfo>
+    <para>The purpose of this document is to describe the formats of the ModSecurity alert messages,
+        transaction logs and communication protocols, which would not only allow for a better
+        understanding what ModSecurity does but also for an easy integration with third-party tools
+        and products.</para>
+    <section>
+        <title>Alerts</title>
+        <para>As part of its operations ModSecurity will emit alerts, which are either
+                <emphasis>warnings</emphasis> (non-fatal) or <emphasis>errors</emphasis> (fatal,
+            usually leading to the interception of the transaction in question). Below is an example
+            of a ModSecurity alert entry:</para>
+        <programlisting>Access denied with code 505 (phase 1). Match of "rx
   ^HTTP/(0\\\\.9|1\\\\.[01])$" against "REQUEST_PROTOCOL" required.
   [id "960034"] [msg "HTTP protocol version is not allowed by policy"]
   [severity "CRITICAL"] [uri "/"] [unique_id "PQaTTVBEUOkAAFwKXrYAAAAM"]</programlisting>