From 69a547ccf993684dfc431479f9419bdffc767019 Mon Sep 17 00:00:00 2001 From: brectanus Date: Wed, 5 Mar 2008 18:16:23 +0000 Subject: [PATCH 1/3] Create a 2.5.1-breach1 for the M1100. --- CHANGES | 4 ++-- apache2/modsecurity.h | 2 +- doc/modsecurity2-apache-reference.xml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 153afa10..6dec15aa 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -04 Mar 2008 - 2.5.1-rc1 ------------------------ +05 Mar 2008 - 2.5.1-breach1 +--------------------------- * Using "severity" in a default action is now just a warning. diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 64b96243..788621a7 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -63,7 +63,7 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[]; #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "5" #define MODSEC_VERSION_MAINT "0" -#define MODSEC_VERSION_TYPE "-rc" +#define MODSEC_VERSION_TYPE "-breach" #define MODSEC_VERSION_RELEASE "1" #define MODULE_NAME "ModSecurity for Apache" diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index b986ea29..d9655187 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -4,7 +4,7 @@ Manual - Version 2.5.1-rc1 (March 04, 2008) + Version 2.5.1-breach1 (March 05, 2008) 2004-2008 @@ -6053,4 +6053,4 @@ Server: Apache/2.x.x - \ No newline at end of file + From e0f503a1332679642ac9f3cfdfd51d492772f81f Mon Sep 17 00:00:00 2001 From: brectanus Date: Wed, 5 Mar 2008 20:42:41 +0000 Subject: [PATCH 2/3] Add a needed function prototype for compiling in performance testing mode. --- apache2/re.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apache2/re.c b/apache2/re.c index e6af7111..dac80614 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -735,6 +735,8 @@ void msre_engine_destroy(msre_engine *engine) { * transaction phase. */ #if defined(PERFORMANCE_MEASUREMENT) +static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_rec *msr); + apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) { apr_array_header_t *arr = NULL; msre_rule **rules = NULL; From 024e8547256b386b85ef3e30f9804c95b102b00d Mon Sep 17 00:00:00 2001 From: brectanus Date: Fri, 7 Mar 2008 20:23:16 +0000 Subject: [PATCH 3/3] Fixed a bug in transformation caching, which would prevent a match in certian cases. Updated docs on "pass" action to explicitly state that we execute all targets. --- CHANGES | 7 +++++-- apache2/modsecurity.h | 2 +- apache2/re.c | 2 ++ doc/modsecurity2-apache-reference.xml | 22 +++++++++++++++++----- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 6dec15aa..f562ac3c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ -05 Mar 2008 - 2.5.1-breach1 ---------------------------- +07 Mar 2008 - 2.5.1-rc1 +----------------------- + + * Fixed an issue where a match would not occur if transformation caching + was enabled. * Using "severity" in a default action is now just a warning. diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 788621a7..64b96243 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -63,7 +63,7 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[]; #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "5" #define MODSEC_VERSION_MAINT "0" -#define MODSEC_VERSION_TYPE "-breach" +#define MODSEC_VERSION_TYPE "-rc" #define MODSEC_VERSION_RELEASE "1" #define MODULE_NAME "ModSecurity for Apache" diff --git a/apache2/re.c b/apache2/re.c index dac80614..0fd7ecf8 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -1988,6 +1988,8 @@ static apr_status_t msre_rule_process_normal(msre_rule *rule, modsec_rec *msr) { return -1; } if (rc == RULE_MATCH) { + match_count++; + /* Return straight away if the transaction * was intercepted - no need to process the remaining * targets. diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index d9655187..50d97d80 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -4,7 +4,7 @@ Manual - Version 2.5.1-breach1 (March 05, 2008) + Version 2.5.1-rc1 (March 07, 2008) 2004-2008 @@ -4606,14 +4606,26 @@ SecRule ARGS "attack" multiMatch Action Group: Disruptive - Example: + Example1: SecRule REQUEST_HEADERS:User-Agent "Test" log,pass + When using pass with SecRule with multiple + targets, all targets will be processed and + all non-disruptive actions will trigger for + every match found. In the second example the + TX:test target would be incremented by 1 for each matching + argument. + + Example2: + + SecRule ARGS "test" log,pass,setvar:TX.test=+1 + Note - Transaction will not be interrupted but it will be logged (unless - logging has been suppressed). + The transaction will not be interrupted but a log will be + generated for each matching target (unless logging has been + suppressed).
@@ -6053,4 +6065,4 @@ Server: Apache/2.x.x
- + \ No newline at end of file