From b6657a4b93b9f848c50627ce8ebc68a61a7d111e Mon Sep 17 00:00:00 2001 From: brectanus Date: Fri, 15 Aug 2008 20:25:27 +0000 Subject: [PATCH] Update CHANGES. Sync up docs. --- CHANGES | 12 +++++++- doc/modsecurity2-apache-reference.xml | 41 +++++++++++++++++++++++++-- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 88faeb26..1180ae0c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,16 @@ -31 Jul 2008 - 2.5.7-dev1 +15 Aug 2008 - 2.5.7-dev1 ------------------------ + * Allow for disabling request body limit checks in phase:1. + + * Added transformations for processing parity for legacy protocols ported + to HTTP(S): t:parityEven7bit, t:parityOdd7bit, t:parityZero7bit + + * Added t:cssDecode transformation to decode CSS escapes. + + * Now log XML parsing/validation warnings and errors to be in the debug log + at levels 3 and 4, respectivly. + 31 Jul 2008 - 2.5.6 ------------------- diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index 0d07d9f5..ea471ac2 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -4,7 +4,7 @@ Manual - Version 2.5.7-dev1 (July 31, 2008) + Version 2.5.7-dev1 (August 15, 2008) 2004-2008 @@ -3717,6 +3717,19 @@ SecRule XML:/xq:employees/employee/name/text() Fred \ only one. +
+ cssDecode + + Decodes CSS-encoded characters, as specified at http://www.w3.org/TR/REC-CSS2/syndata.html. + This function uses only up to two bytes in the decoding process, meaning + it is useful to uncover ASCII characters (that wouldn't normally be + encoded) encoded using CSS encoding, or to counter evasion which is a + combination of a backslash and non-hexadecimal characters (e.g. + ja\vascript is equivalent to + javascript). +
+
<literal>escapeSeqDecode</literal> @@ -3840,6 +3853,28 @@ SecRule XML:/xq:employees/employee/name/text() Fred \ to forward slashes.
+
+ <literal>parityEven7bit</literal> + + This function calculates even parity of 7-bit data replacing + the 8th bit of each target byte with the calculated parity bit. +
+ +
+ <literal>parityOdd7bit</literal> + + This function calculates odd parity of 7-bit data replacing + the 8th bit of each target byte with the calculated parity bit. +
+ +
+ <literal>parityZero7bit</literal> + + This function calculates zero parity of 7-bit data replacing + the 8th bit of each target byte with a zero parity bit which allows + inspection of even/odd parity 7bit data as ASCII7 data. +
+
<literal>removeNulls</literal> @@ -5456,7 +5491,7 @@ SecRule REQUEST_HEADERS:Ip-Address "!@streq %{TX.1}"@validateDTD /path/to/apache2/conf/xml.dtd,id:12345" +SecRule XML "@validateDTD /path/to/apache2/conf/xml.dtd" "deny,id:12345"
@@ -5471,7 +5506,7 @@ SecRule XML "@validateDTD /path/to/apache2/conf/xml.dtd,id: SecRule REQUEST_HEADERS:Content-Type ^text/xml$ \ phase:1,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML SecRule REQBODY_PROCESSOR "!^XML$" nolog,pass,skipAfter:12345 -SecRule XML "@validateSchema /path/to/apache2/conf/xml.xsd,id:12345" +SecRule XML "@validateSchema /path/to/apache2/conf/xml.xsd" "deny,id:12345" This operator requires request body to be processed as XML.