From b48fdddf4c0dcccda37f4a1cd8647a60b3eaf33c Mon Sep 17 00:00:00 2001
From: b1v1r <b1v1r@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Thu, 11 Feb 2010 17:49:15 +0000
Subject: [PATCH] Merged changes from 2.5.x to trunk.

---
 CHANGES                               |  4 +-
 apache2/msc_pcre.c                    |  4 +-
 doc/modsecurity2-apache-reference.xml | 53 +++++++++++++++++++++------
 3 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4422f63a..6965fc67 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-04 Feb 2010 - trunk
+11 Feb 2010 - trunk
 -------------------
 
+ * Fix some portability issues on Windows.
+
  * Add REQUEST_BODY_LENGTH, which contains the number of request body
    bytes read. [Ivan Ristic]
 
diff --git a/apache2/msc_pcre.c b/apache2/msc_pcre.c
index b8a5a012..89f42a71 100644
--- a/apache2/msc_pcre.c
+++ b/apache2/msc_pcre.c
@@ -94,7 +94,7 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
     }
 #endif /* MODSEC_PCRE_MATCH_LIMIT */
 #else
-#warning This PCRE version does not support match limits!  Upgrade to at least PCRE v6.5.
+#pragma message ( "This PCRE version does not support match limits!  Upgrade to at least PCRE v6.5." )
 #endif /* PCRE_EXTRA_MATCH_LIMIT */
 
 #ifdef PCRE_EXTRA_MATCH_LIMIT_RECURSION
@@ -113,7 +113,7 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
     }
 #endif /* MODSEC_PCRE_MATCH_LIMIT_RECURSION */
 #else
-#warning This PCRE version does not support match recursion limits!  Upgrade to at least PCRE v6.5.
+#pragma message ( "This PCRE version does not support match recursion limits!  Upgrade to at least PCRE v6.5." )
 #endif /* PCRE_EXTRA_MATCH_LIMIT_RECURSION */
 
     regex->pe = pe;
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 158eb83f..efb2e50d 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -4,7 +4,7 @@
 <article>
   <title><trademark class="registered">ModSecurity</trademark> Reference Manual</title>
   <articleinfo>
-    <releaseinfo>Version 2.6.0-trunk (Feb 3, 2009)</releaseinfo>
+    <releaseinfo>Version 2.6.0-trunk (Feb 11, 2009)</releaseinfo>
     <copyright>
       <year>2004-2010</year>
       <holder>Breach Security, Inc. (<ulink url="http://www.breach.com"
@@ -1019,12 +1019,27 @@ SecMarker 99</emphasis></programlisting>
       <para><emphasis>Version:</emphasis> 2.5.12</para>
 
       <para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
-      (1500 by default)</para>
+      (1500 by default). See also
+      <literal>SecPcreMatchLimitRecursion</literal></para>
 
-      <para>The <literal>--enable-pcre-match-limit=val</literal> configure
-      option will set a custom default and the
-      <literal>--disable-pcre-match-limit</literal> option will resort to the
-      compiled PCRE library default.</para>
+      <para>If the limits are exceeded this will be logged at level 3 in the
+      debug log, added as a Message line in the audit log and the <literal
+      moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag will be set
+      to a non-zero value. To prevent bypass, you should write a rule to check
+      for the existance of the <literal
+      moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag.</para>
+
+      <programlisting>SecPcreMatchLimit 100
+SecPcreMatchLimitRecursion 100
+  ...
+SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</programlisting>
+
+      <note>
+        <para>The <literal>--enable-pcre-match-limit=val</literal> configure
+        option will set a custom default and the
+        <literal>--disable-pcre-match-limit</literal> option will resort to
+        the compiled PCRE library default.</para>
+      </note>
     </section>
 
     <section>
@@ -1047,12 +1062,26 @@ SecMarker 99</emphasis></programlisting>
       <para><emphasis>Version:</emphasis> 2.5.12</para>
 
       <para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
-      (1500 by default)</para>
+      (1500 by default). See also <literal>SecPcreMatchLimit</literal></para>
 
-      <para>The <literal>--enable-pcre-match-limit-recursion=val</literal>
-      configure option will set a custom default and the
-      <literal>--disable-pcre-match-limit-recursion</literal> option will
-      resort to the compiled PCRE library default.</para>
+      <para>If the limits are exceeded this will be logged at level 3 in the
+      debug log, added as a Message line in the audit log and the <literal
+      moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag will be set
+      to a non-zero value. To prevent bypass, you should write a rule to check
+      for the existance of the <literal
+      moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag.</para>
+
+      <programlisting>SecPcreMatchLimit 100
+SecPcreMatchLimitRecursion 100
+  ...
+SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</programlisting>
+
+      <note>
+        <para>The <literal>--enable-pcre-match-limit-recursion=val</literal>
+        configure option will set a custom default and the
+        <literal>--disable-pcre-match-limit-recursion</literal> option will
+        resort to the compiled PCRE library default.</para>
+      </note>
     </section>
 
     <section>
@@ -2677,7 +2706,7 @@ SecAction setsid:%{REQUEST_COOKIES.PHPSESSID}</programlisting>
         </listitem>
 
         <listitem>
-          <para><literal moreinfo="none">TX:MSC_.*</literal> - ModSecurity
+          <para><literal moreinfo="none">TX:MSC_*</literal> - ModSecurity
           processing flags.</para>
 
           <itemizedlist>