github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update copyright text to Breach Security, Inc.

Browse Source 
Merge in changes from branches/2.1.x
This commit is contained in:
brectanus 2007-06-14 16:05:45 +00:00
parent c39723c3aa
commit 81d0f84ad3
35 changed files with 134 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -2,7 +2,7 @@
?? ??? 2007 - 2.2.0-trunk
-------------------------
* Do not trigger "pause" action for subrequests.
* Do not trigger "pause" action for internal requests.
* Added matching rule filename and line number to audit log.
@ -12,7 +12,9 @@
* Cache transformations per-request/phase so they are not repeated.
* Fixed problem with subrequests not being intercepted (only logged).
* Fixed issue with requests that use internal requests. These had the
potential to be intercepted incorrectly when other Apache httpd modules
that used internal requests were used with mod_security.
* Added Solaris to the list of platforms not supporting the hidden
visibility attribute.
@ -21,7 +23,8 @@
* Fixed decoding full-width unicode in t:urlDecodeUni.
* Only calculate debugging vars when we are debugging (more to come).
* Lessen some overhead of debugging messages and calculations
TODO: more to come
* Removed strnlen() calls for non-GNU platforms.

8
README.TXT
View File

@ -1,6 +1,10 @@
ModSecurity for Apache 2.x, http://www.modsecurity.org/
Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
ModSecurity for Apache (http://www.modsecurity.org)
Copyright (C) 2004-2006 Breach Security, Inc. (http://www.breach.com)
You should have received a copy of the licence along with this
program (stored in the file "LICENSE"). If the file is missing,
or if you have any other questions related to the licence, please
write to Breach Security, Inc. at support@breach.com.
DOCUMENTATION

15
apache2/apache2.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id$
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _APACHE2_H_
@ -65,7 +63,14 @@ char DSOLOCAL *get_env_var(request_rec *r, char *name);
void DSOLOCAL internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
int level, const char *text, va_list ap);
void DSOLOCAL msr_log(modsec_rec *msr, int level, const char *text, ...);
/* msr_log is now a macro to avoid function call overhead. Nothing
* is done to avoid expansion of arguments, so do not call with
* arguments that cannot be duplicated (ie no level++, etc.)
*/
void DSOLOCAL _msr_log(modsec_rec *msr, int level, const char *text, ...);
#define msr_log(msr, lvl, ...) \
do { if ((msr->txcfg != NULL) && (lvl <= msr->txcfg->debuglog_level)) _msr_log(msr, lvl, __VA_ARGS__); } while(0)
char DSOLOCAL *format_error_log_message(apr_pool_t *mp, error_message *em);

6
apache2/apache2_config.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: apache2_config.c,v 1.8 2006/12/28 10:39:13 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include <limits.h>

6
apache2/apache2_io.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: apache2_io.c,v 1.6 2007/01/23 16:08:15 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "modsecurity.h"

9
apache2/apache2_util.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: apache2_util.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "modsecurity.h"
@ -247,7 +245,7 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
* Logs one message at the given level to the debug log (and to the
* Apache error log if the message is important enough.
*/
void msr_log(modsec_rec *msr, int level, const char *text, ...) {
void _msr_log(modsec_rec *msr, int level, const char *text, ...) {
va_list ap;
va_start(ap, text);
@ -255,6 +253,7 @@ void msr_log(modsec_rec *msr, int level, const char *text, ...) {
va_end(ap);
}
/**
* Converts an Apache error log message into one line of text.
*/

59
apache2/mod_security2.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: mod_security2.c,v 1.11 2006/12/15 15:06:04 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include <limits.h>
@ -55,15 +53,30 @@ int perform_interception(modsec_rec *msr) {
msre_actionset *actionset = NULL;
const char *message = NULL;
const char *phase_text = "";
const char *subreq_text = (msr->r->main == NULL) ? "" : "Subrequest. ";
const char *intreq_text = "";
int is_initial_req = ap_is_initial_req(msr->r);
int status = DECLINED;
int log_level = 1;
/* Check for an initial request */
if (is_initial_req == 0) {
if (msr->r->main != NULL) {
intreq_text = "Sub-Request: ";
}
else if (msr->r->prev != NULL) {
intreq_text = "Internal Redirect: ";
}
else {
intreq_text = "Internal Request: ";
}
}
/* Sanity checks first. */
if (msr->was_intercepted == 0) {
msr_log(msr, 1, "Internal Error: Asked to intercept request but was_intercepted is zero");
msr->was_intercepted = 0;
return DECLINED;
}
@ -79,13 +92,13 @@ int perform_interception(modsec_rec *msr) {
phase_text = apr_psprintf(msr->mp, " (phase %i)", msr->phase);
/* By default we log at level 1 but we switch to 4
* if a nolog action was used or this is a subrequest
* if a nolog action was used or this is not the initial request
* to hide the message.
*/
log_level = ((actionset->log != 1) || (msr->r->main != NULL)) ? 4 : 1;
log_level = ((actionset->log != 1) || (is_initial_req == 0)) ? 4 : 1;
/* Pause the request first (if configured to do so and the main request). */
if (actionset->intercept_pause && (msr->r->main == NULL)) {
/* Pause the request first (if configured and the initial request). */
if (actionset->intercept_pause && (is_initial_req == 1)) {
msr_log(msr, (log_level > 3 ? log_level : log_level + 1), "Pausing transaction for "
"%i msec.", actionset->intercept_pause);
/* apr_sleep accepts microseconds */
@ -98,13 +111,13 @@ int perform_interception(modsec_rec *msr) {
if (actionset->intercept_status != 0) {
status = actionset->intercept_status;
message = apr_psprintf(msr->mp, "%sAccess denied with code %i%s.",
subreq_text, status, phase_text);
intreq_text, status, phase_text);
} else {
log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Internal Error: Invalid status code requested %i).",
subreq_text, phase_text, actionset->intercept_status);
intreq_text, phase_text, actionset->intercept_status);
}
break;
@ -115,15 +128,15 @@ int perform_interception(modsec_rec *msr) {
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Configuration Error: Proxy action to %s requested but mod_proxy not found).",
subreq_text, phase_text,
intreq_text, phase_text,
log_escape_nq(msr->mp, actionset->intercept_uri));
} else {
msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri);
msr->r->proxyreq = PROXYREQ_REVERSE;
msr->r->handler = "proxy-server";
status = OK;
message = apr_psprintf(msr->mp, "%sAccess denied using proxy to %s%s.",
subreq_text, phase_text,
message = apr_psprintf(msr->mp, "%sAccess denied using proxy to%s %s.",
intreq_text, phase_text,
log_escape_nq(msr->mp, actionset->intercept_uri));
}
} else {
@ -131,7 +144,7 @@ int perform_interception(modsec_rec *msr) {
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Configuration Error: Proxy action requested but it does not work in output phases).",
subreq_text, phase_text);
intreq_text, phase_text);
}
break;
@ -149,21 +162,21 @@ int perform_interception(modsec_rec *msr) {
if (apr_socket_close(csd) == APR_SUCCESS) {
status = HTTP_FORBIDDEN;
message = apr_psprintf(msr->mp, "%sAccess denied with connection close%s.",
subreq_text, phase_text);
intreq_text, phase_text);
} else {
log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop requested but failed to close the "
" socket).",
subreq_text, phase_text);
intreq_text, phase_text);
}
} else {
log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop requested but socket not found.",
subreq_text, phase_text);
intreq_text, phase_text);
}
}
#else
@ -171,7 +184,7 @@ int perform_interception(modsec_rec *msr) {
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop not implemented on this platform).",
subreq_text, phase_text);
intreq_text, phase_text);
#endif
break;
@ -186,14 +199,14 @@ int perform_interception(modsec_rec *msr) {
}
message = apr_psprintf(msr->mp, "%sAccess denied with redirection to %s using "
"status %i%s.",
subreq_text,
intreq_text,
log_escape_nq(msr->mp, actionset->intercept_uri), status,
phase_text);
break;
case ACTION_ALLOW :
status = DECLINED;
message = apr_psprintf(msr->mp, "%sAccess allowed%s.", subreq_text, phase_text);
message = apr_psprintf(msr->mp, "%sAccess allowed%s.", intreq_text, phase_text);
msr->was_intercepted = 0;
break;
@ -202,7 +215,7 @@ int perform_interception(modsec_rec *msr) {
status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Internal Error: invalid interception action %i).",
subreq_text, phase_text, actionset->intercept_action);
intreq_text, phase_text, actionset->intercept_action);
break;
}

6
apache2/modsecurity.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: modsecurity.c,v 1.7 2006/12/28 10:39:13 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include <stdlib.h>

6
apache2/modsecurity.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: modsecurity.h,v 1.27 2007/02/05 12:44:40 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MODSECURITY_H_

4
apache2/msc_geo.c
View File

@ -1,11 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "msc_geo.h"

4
apache2/msc_geo.h
View File

@ -1,11 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_GEO_H_

6
apache2/msc_logging.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_logging.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "msc_logging.h"

6
apache2/msc_logging.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_logging.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_LOGGING_H_

6
apache2/msc_multipart.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_multipart.c,v 1.2 2006/10/16 04:41:51 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include <ctype.h>

6
apache2/msc_multipart.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_multipart.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_MULTIPART_H_

6
apache2/msc_parsers.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_parsers.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "msc_parsers.h"

6
apache2/msc_parsers.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_parsers.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_PARSERS_H_

6
apache2/msc_pcre.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_pcre.c,v 1.2 2006/12/28 10:39:13 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "msc_pcre.h"

6
apache2/msc_pcre.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_pcre.h,v 1.3 2006/12/28 10:39:13 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_PCRE_H_

6
apache2/msc_reqbody.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_reqbody.c,v 1.2 2006/12/04 21:54:10 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "modsecurity.h"

6
apache2/msc_util.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_util.c,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "msc_util.h"

6
apache2/msc_util.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_util.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _UTIL_H_

6
apache2/msc_xml.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_xml.c,v 1.2 2006/12/04 20:04:09 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifdef WITH_LIBXML2

6
apache2/msc_xml.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: msc_xml.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_XML_H_

6
apache2/pdf_protect.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id$
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "modsecurity.h"

6
apache2/pdf_protect.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2007 Thinking Stone (http://www.thinkingstone.com)
*
* $Id$
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/

6
apache2/persist_dbm.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: persist_dbm.c,v 1.3 2006/12/21 19:57:41 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "persist_dbm.h"

6
apache2/persist_dbm.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: persist_dbm.h,v 1.1.1.1 2006/10/14 09:30:43 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _PERSIST_DBM_H_

20
apache2/re.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: re.c,v 1.15 2006/12/29 10:44:25 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include <ctype.h>
@ -1438,7 +1436,19 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
rc = execute_operator(var, rule, msr, acting_actionset, mptmp);
return (rc < 0) ? : rc;
if (rc < 0) {
return -1;
}
if (rc == RULE_MATCH) {
/* Return straight away if the transaction
* was intercepted - no need to process the remaining
* targets.
*/
if (msr->was_intercepted) {
return RULE_MATCH;
}
}
continue; /* next target */
}
}

6
apache2/re.h
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: re.h,v 1.7 2006/12/29 10:31:38 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#ifndef _MSC_RE_H_

6
apache2/re_actions.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: re_actions.c,v 1.9 2007/02/02 18:16:41 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "re.h"

6
apache2/re_operators.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: re_operators.c,v 1.7 2007/01/23 16:08:15 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "re.h"

6
apache2/re_tfns.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: re_tfns.c,v 1.3 2006/12/04 12:00:24 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include <ctype.h>

6
apache2/re_variables.c
View File

@ -1,13 +1,11 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2006 Thinking Stone (http://www.thinkingstone.com)
*
* $Id: re_variables.c,v 1.7 2007/01/23 16:08:15 ivanr Exp $
* Copyright (c) 2004-2007 Breach Security, Inc. (http://www.breach.com/)
*
* You should have received a copy of the licence along with this
* program (stored in the file "LICENSE"). If the file is missing,
* or if you have any other questions related to the licence, please
* write to Thinking Stone at contact@thinkingstone.com.
* write to Breach Security, Inc. at support@breach.com.
*
*/
#include "http_core.h"

2
rules/README
View File

@ -95,7 +95,7 @@ malicious activity.
4. Trojan Protection - Detecting access to Trojans horses.
5. Errors Hiding Disguising error messages sent by the server
5. Errors Hiding - Disguising error messages sent by the server
In addition the rule set also hints at the power of ModSecurity beyond
providing security by reporting access from the major search engines to your