github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-182

Browse Source
This commit is contained in:
brenosilva
2010-11-29 14:07:35 +00:00
parent feddff25f4
commit d016abfefd
57 changed files with 191 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -1,12 +1,12 @@
22 Nov 2010 - 2.5.13-dev3
-------------------------
* Add SecReadStateLimit to limit the number threads in BUSY connections per ip address
* Add SecReadStateLimit to limit the number of concurrent threads in BUSY connections per ip address
* Fixed redirect action was not expanding macros in chained rules
04 Nov 2010 - 2.5.13-dev2
--------------------
-------------------------
* Fixed Geo lookup concurrent connections bug

6
MODSECURITY_LICENSING_EXCEPTION
View File

@@ -5,7 +5,7 @@ MODSECURITY LICENSING EXCEPTION
Version 1.0, 29 July 2008
As a special exception ("Exception") to the terms and conditions of version 2
of the GPL, Breach Security, Inc. hereby grants you the rights described
of the GPL, Trustwave Holdings, Inc. hereby grants you the rights described
below, provided you agree to the terms and conditions in this Exception,
including its obligations and restrictions on use.
@@ -54,7 +54,7 @@ following conditions are met:
If the above conditions are not met, then the Program may only be copied,
modified, distributed or used under the terms and conditions of the GPLv2
or another valid licensing option from Breach Security, Inc.
or another valid licensing option from Trustwave Holdings, Inc.
FLOSS License List
@@ -106,7 +106,7 @@ Definitions
Applicability
=============
This Exception applies to all Programs that contain a notice placed by Breach
This Exception applies to all Programs that contain a notice placed by Trustwave Holdings
Security, Inc. saying that the Program may be distributed under the terms of
this Exception. If you create or distribute a work which is a Derivative Work
of both the Program and any other work licensed under the GPL, then this FLOSS

2
README.TXT
View File

@@ -1,5 +1,5 @@
ModSecurity for Apache 2.x, http://www.modsecurity.org/
Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
ModSecurity for Apache is an open source product, released under terms of
the General Public Licence, Version 2 (GPLv2). Please refer to the

18
README_WINDOWS.TXT
View File

@@ -2,7 +2,7 @@
Build notes for Windows from Tom Donovan
============================================================
These are the raw build notes from Tom Donovan for building
ModSecurity 2.5.12 with Apache httpd 2.2.14 on Windows. Some
ModSecurity 2.5.13 with Apache httpd 2.2.14 on Windows. Some
day these should be incorporated into the official docs, but
there has not yet been time, so they are included here in
their raw format for now.
@@ -77,9 +77,9 @@ BUILD CURL-7.20.0
NMAKE
BUILD MOD_SECURITY-2.5.12
BUILD MOD_SECURITY-2.5.13
Edited the top of C:\work\mod_security-2.5.12\apache2\Makefile.win and set my local paths
Edited the top of C:\work\mod_security-2.5.13\apache2\Makefile.win and set my local paths
(note that pcre.lib is not in $(PCRE)\LibR as it is in the original Makefile.win )
# Path to Apache httpd installation
@@ -99,12 +99,12 @@ BUILD MOD_SECURITY-2.5.12
$(LUA)\lua5.1.lib \
wsock32.lib
CD C:\work\mod_security-2.5.12\apache2
CD C:\work\mod_security-2.5.13\apache2
NMAKE -f Makefile.win
BUILD MOD_SECURITY-2.5.12 MLOGC program
BUILD MOD_SECURITY-2.5.13 MLOGC program
Edited the top of C:\work\mod_security-2.5.12\apache2\mlogc-src\Makefile.win and set my local paths
Edited the top of C:\work\mod_security-2.5.13\apache2\mlogc-src\Makefile.win and set my local paths
# Path to Apache httpd installation
BASE = C:\Apache2214
@@ -121,7 +121,7 @@ BUILD MOD_SECURITY-2.5.12 MLOGC program
wsock32.lib
CD C:\work\mod_security-2.5.12\apache2\mlogc-src
CD C:\work\mod_security-2.5.13\apache2\mlogc-src
NMAKE -f Makefile.win
INSTALL AND RUN
@@ -131,11 +131,11 @@ INSTALL AND RUN
C:\work\lua-5.1.4\src\lua5.1.dll
C:\work\libxml2-2.7.6\win32\bin.msvc\libxml2.dll
C:\work\curl-7.20.0\libcurl.dll
C:\work\mod_security-2.5.12\apache2\mlogc-src\mlogc.exe
C:\work\mod_security-2.5.13\apache2\mlogc-src\mlogc.exe
Copied this one file to C:\Apache2214\modules:
C:\work\mod_security-2.5.12\apache2\mod_security2.so
C:\work\mod_security-2.5.13\apache2\mod_security2.so
You could also copy C:\work\curl-7.20.0\\curl.exe to C:\Apache2214\bin, if you want to use the cURL command-line.

6
apache2/acmp.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/

6
apache2/acmp.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef ACMP_H_

6
apache2/apache2.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _APACHE2_H_

6
apache2/apache2_config.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <limits.h>

6
apache2/apache2_io.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <util_filter.h>

6
apache2/apache2_util.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "modsecurity.h"

6
apache2/mlogc-src/mlogc-batch-load.pl.in
View File

@@ -1,7 +1,7 @@
#!@PERL@
#
# ModSecurity for Apache 2.x, http://www.modsecurity.org/
# Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
# Copyright (c) 2004-2009 Trustwave Holdings, Inc. (http://www.trustwave.com/)
#
# This product is released under the terms of the General Public Licence,
# version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -13,8 +13,8 @@
# distribution.
#
# If any of the files related to licensing are missing or if you have any
# other questions related to licensing please contact Breach Security, Inc.
# directly using the email address support@breach.com.
# other questions related to licensing please contact Trustwave Holdings, Inc.
# directly using the email address support@trustwave.com.
#
use strict;

6
apache2/mlogc-src/mlogc.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2009 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/

6
apache2/mod_security2.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <limits.h>

6
apache2/modsecurity.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <stdlib.h>

6
apache2/modsecurity.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MODSECURITY_H_

6
apache2/msc_geo.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "msc_geo.h"

6
apache2/msc_geo.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_GEO_H_

6
apache2/msc_logging.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <sys/stat.h>

6
apache2/msc_logging.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_LOGGING_H_

6
apache2/msc_lua.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#if defined(WITH_LUA)

6
apache2/msc_lua.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#if defined(WITH_LUA)

6
apache2/msc_multipart.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <ctype.h>

6
apache2/msc_multipart.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_MULTIPART_H_

6
apache2/msc_parsers.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "msc_parsers.h"

6
apache2/msc_parsers.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_PARSERS_H_

6
apache2/msc_pcre.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "msc_pcre.h"

6
apache2/msc_pcre.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_PCRE_H_

8
apache2/msc_release.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
@@ -23,7 +23,7 @@ modsec_build_type_rec modsec_build_type[] = {
{ "-dev", 1 }, /* Development build */
{ "-rc", 3 }, /* Release Candidate build */
{ "", 9 }, /* Production build */
{ "-breach", 9 }, /* Breach build */
{ "-tw", 9 }, /* Trustwave Holdings build */
{ "-trunk", 9 }, /* Trunk build */
{ NULL, -1 } /* terminator */
};

10
apache2/msc_release.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_RELEASE_H_
@@ -49,8 +49,8 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
#define MODSEC_VERSION_MAJOR "2"
#define MODSEC_VERSION_MINOR "5"
#define MODSEC_VERSION_MAINT "13"
#define MODSEC_VERSION_TYPE "dev"
#define MODSEC_VERSION_RELEASE "3"
#define MODSEC_VERSION_TYPE ""
#define MODSEC_VERSION_RELEASE ""
#define MODSEC_VERSION_SUFFIX MODSEC_VERSION_TYPE MODSEC_VERSION_RELEASE

6
apache2/msc_reqbody.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "modsecurity.h"

6
apache2/msc_test.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <apr.h>

6
apache2/msc_util.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <ctype.h>

6
apache2/msc_util.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _UTIL_H_

6
apache2/msc_xml.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "msc_xml.h"

6
apache2/msc_xml.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_XML_H_

6
apache2/pdf_protect.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "modsecurity.h"

6
apache2/pdf_protect.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _PDF_PROTECT_H_

6
apache2/persist_dbm.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "persist_dbm.h"

6
apache2/persist_dbm.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _PERSIST_DBM_H_

6
apache2/re.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <ctype.h>

6
apache2/re.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef _MSC_RE_H_

6
apache2/re_actions.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2008 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "re.h"

6
apache2/re_operators.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "re.h"

6
apache2/re_tfns.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include <ctype.h>

6
apache2/re_variables.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#include "http_core.h"

50
apache2/t/regression/misc/00-multipart-parser.t
View File

@@ -14,7 +14,7 @@
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
),
match_log => {
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ],
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "bpinto\@trustwave.com"/s, 1 ],
-debug => [ qr/Multipart.*(?i:error|warning)/, 1 ],
},
match_response => {
@@ -34,7 +34,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -773,7 +773,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -818,7 +818,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -867,7 +867,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -914,7 +914,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -963,7 +963,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1010,7 +1010,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1055,7 +1055,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1102,7 +1102,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1130,7 +1130,7 @@
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
),
match_log => {
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ],
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@trustwave.com"/s, 1 ],
-debug => [ qr/Multipart.*(?i:error|warning)/, 1 ],
},
match_response => {
@@ -1150,7 +1150,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1198,7 +1198,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1245,7 +1245,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1294,7 +1294,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1340,7 +1340,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1387,7 +1387,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1434,7 +1434,7 @@
--0000 1111
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000 1111
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1480,7 +1480,7 @@
--00"00
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--00"00
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1526,7 +1526,7 @@
--00"00
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--00"00
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1572,7 +1572,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1618,7 +1618,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
@@ -1663,7 +1663,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: attachment
Content-Type: multipart/mixed; boundary=BbC04y
@@ -1716,7 +1716,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Type: multipart/mixed; boundary=BbC04y
@@ -1787,7 +1787,7 @@
--0000
Content-Disposition: form-data; name="email"
brian.rectanus@breach.com
brian.rectanus@trustwave.com
--0000
Content-Disposition: form-data; name="image1"; filename="image1.jpg"
Content-Type: image/jpeg

6
apache2/utf8tables.h
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
* Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* This product is released under the terms of the General Public Licence,
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
* distribution.
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Breach Security, Inc.
* directly using the email address support@breach.com.
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address support@trustwave.com.
*
*/
#ifndef UTF8TABLES_H_

2
doc/Makefile
View File

@@ -30,7 +30,7 @@ html-multipage/index.html: modsecurity2-apache-reference.xml
$(XALAN) -q -xsl html-chunked.xsl -in modsecurity2-apache-reference.xml -param base.dir html-multipage/; \
cp modsecurity-reference.css html-multipage/; \
cp modsecurity.gif html-multipage/; \
cp breach-logo-small.gif html-multipage/; \
cp trustwave-logo-small.gif html-multipage/; \
cp apache_request_cycle-modsecurity.jpg html-multipage/
index.html: main-index.html

BIN
doc/breach-logo-small.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

4
doc/html-chunked.xsl
View File

@@ -9,11 +9,11 @@
<xsl:param name="html.stylesheet">modsecurity-reference.css</xsl:param>
<xsl:template name="user.header.navigation">
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.breach.com"><img border="0" width="100" height="36" src="breach-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.trustwave.com"><img border="0" width="100" height="36" src="trustwave-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
</xsl:template>
<xsl:template name="user.footer.navigation">
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.breach.com">Breach Security</a></div>
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.trustwave.com">Trustwave Holdings</a></div>
</xsl:template>
<xsl:template name="article.titlepage.separator">

4
doc/html.xsl
View File

@@ -5,11 +5,11 @@
<!--xsl:import href="/usr/share/xml/docbook/stylesheet/nwalsh/html/onechunk.xsl"/-->
<xsl:template name="user.header.navigation">
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.breach.com"><img border="0" width="100" height="36" src="breach-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table cellpadding="0" cellspacing="0" width="100%"><tr><td><a href="http://www.modsecurity.org"><img border="0" alt="ModSecurity" height="36" width="120" src="modsecurity.gif" style="margin:4px"/></a></td><td align="right"><a href="http://www.trustwave.com"><img border="0" width="100" height="36" src="trustwave-logo-small.gif" style="margin:6px"/></a></td></tr></table></div>
</xsl:template>
<xsl:template name="user.footer.navigation">
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.breach.com">Breach Security</a></div>
<div class="copyright" align="center">Copyright (C) 2004-2010 <a href="http://www.trustwave.com">Trustwave Holdings</a></div>
</xsl:template>
<xsl:template name="article.titlepage.separator">

4
doc/main-index.html
View File

@@ -8,7 +8,7 @@
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD">
<table width="100%" cellspacing="0" cellpadding="0"><tr><td><a href="http://www.modsecurity.org"><img style="margin:4px" src="modsecurity.gif" width="120" height="36" alt="ModSecurity" border="0"></a></td><td align="right"><a
href="http://www.breach.com"><img style="margin:6px" src="breach-logo-small.gif"
href="http://www.trustwave.com"><img style="margin:6px" src="trustwave-logo-small.gif"
height="36" width="100" border="0"></a></td></tr></table>
</div>
@@ -29,7 +29,7 @@ height="36" width="100" border="0"></a></td></tr></table>
<hr size="1">
<div align="center" class="copyright">Copyright (C) 2004-2006 <a
href="http://www.breach.com">Breach Security</a></div>
href="http://www.trustwave.com">Trustwave Holdings</a></div>
</body>
</html>

2
doc/migration-matrix.html
View File

@@ -1,6 +1,6 @@
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>ModSecurity Migration Matrix</title><link rel="stylesheet" href="html.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="d0e1"></a>ModSecurity Migration Matrix</h2></div><div><p class="releaseinfo">Version 1.0 / (April 10, 2007)</p></div><div><p class="copyright">Copyright &copy; 2004-2007 Breach Security, Inc. (<a href="http://www.breach.com" target="_top">http://www.breach.com</a>)</p></div></div><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="01-introduction"></a>Migration from 1.x to 2.x</h2></div></div></div><div class="section" lang="en"><div class="titlepage"></div><p>If you are already using an older version of ModSecurity and want to upgrade/migrate your existing custom rules, you will need to ensure that you properly translate all of your Directives to their corresponding 2.0 counterparts. Some directives have simply changed names, however some directives actually behave differently so it is important that you also review the entire 2.0 Reference Manual.
<title>ModSecurity Migration Matrix</title><link rel="stylesheet" href="html.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="d0e1"></a>ModSecurity Migration Matrix</h2></div><div><p class="releaseinfo">Version 1.0 / (April 10, 2007)</p></div><div><p class="copyright">Copyright &copy; 2004-2007 Trustwave Holdings, Inc. (<a href="http://www.trustwave.com" target="_top">http://www.trustwave.com</a>)</p></div></div><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="01-introduction"></a>Migration from 1.x to 2.x</h2></div></div></div><div class="section" lang="en"><div class="titlepage"></div><p>If you are already using an older version of ModSecurity and want to upgrade/migrate your existing custom rules, you will need to ensure that you properly translate all of your Directives to their corresponding 2.0 counterparts. Some directives have simply changed names, however some directives actually behave differently so it is important that you also review the entire 2.0 Reference Manual.
The migration matrix show below should help you to translate ModSecurity 1.X directives to the 2.0 values. There are also some notes that provide additional information is a directive significantly changed how it operates.
</p><table border="1" id="d0e21"><tr><td><span class="bold"><strong>Feature/Capability</strong></span></td><td><span class="bold"><strong>ModSecurity 1.x</strong></span></td><td><span class="bold"><strong>ModSecurity 2.x</strong></span></td><td><span class="bold"><strong>Notes</strong></span></td><td><span class="bold"><strong>How To Upgrade</strong></span></td></tr><tr><td><span class="bold"><strong>Apache Version Supported</strong></span></td><td>Apache 1.x/2.x</td><td>Apache 2.x Only</td><td>ModSecurity 2.0 will only work with Apache 2.x and not the older 1.3 version.</td><td>If you are mainly an Apache 1.3 shop and/or you have other web servers that you want to protect (such as IIS) an alternative solution is to deploy an Apache 2.x reverse proxy server and implement ModSecurity 2.x on it.</td></tr><tr><td><span class="bold"><strong>Installation</strong></span></td><td>Can be installed as either a DSO module or as a statically compiled module.</td><td>Can currently only be installed as a DSO module.</td><td>In 1.x, you could use apxs directly, while in 2.x you must use the provided Makefile.</td><td>If you can not use DSOs in your current Apache configs, you may look at implementing a front-end Apache reverse proxy server.</td></tr><tr><td><span class="bold"><strong>Configuration - IfModule</strong></span></td><td>Apache 1.x - &lt;IfModule mod_security.c&gt;

4
doc/migration-matrix.xml
View File

@@ -8,8 +8,8 @@
<copyright>
<year>2004-2010</year>
<holder>Breach Security, Inc. (<ulink
url="http://www.breach.com">http://www.breach.com</ulink>)</holder>
<holder>Trustwave Holdings, Inc. (<ulink
url="http://www.trustwave.com">http://www.trustwave.com</ulink>)</holder>
</copyright>
</articleinfo>

18
doc/modsecurity2-apache-reference.xml
View File

@@ -11,8 +11,8 @@
<copyright>
<year>2004-2010</year>
<holder>Breach Security, Inc. (<ulink
url="http://www.breach.com">http://www.breach.com</ulink>)</holder>
<holder>Trustwave Holdings, Inc. (<ulink
url="http://www.trustwave.com">http://www.trustwave.com</ulink>)</holder>
</copyright>
</articleinfo>
@@ -180,12 +180,12 @@
version 2 (licence text is included with the distribution), as an Open
Source / Free Software product. A range of commercial licenses is also
available, together with a range of commercial support contracts. For
more information on commercial licensing please contact Breach
more information on commercial licensing please contact Trustwave Holdings
Security.</para>
<note>
<para>ModSecurity, mod_security, ModSecurity Pro, and ModSecurity Core
Rules are trademarks or registered trademarks of Breach Security,
Rules are trademarks or registered trademarks of Trustwave Holdings,
Inc.</para>
</note>
</section>
@@ -200,7 +200,7 @@
<para>ModSecurity is a web application firewall engine that provides
very little protection on its own. In order to become useful,
ModSecurity must be configured with rules. In order to enable users to
take full advantage of ModSecurity out of the box, Breach Security, Inc.
take full advantage of ModSecurity out of the box, Trustwave Holdings, Inc.
is providing a free certified rule set for ModSecurity 2.x. Unlike
intrusion detection and prevention systems, which rely on signatures
specific to known vulnerabilities, the Core Rules provide generic
@@ -523,7 +523,7 @@ LoadFile /usr/lib/liblua5.1.so</programlisting></para>
themselves but rather place all changes (such as
<literal>SecRuleRemoveByID</literal>, etc...) in your custom rules file.
This will allow for easier upgrading as newer Core rules are released by
Breach Security on the ModSecurity website.</para>
Trustwave Holdings on the ModSecurity website.</para>
</note>
<section>
@@ -1488,7 +1488,7 @@ SecMarker 99</emphasis></programlisting></para>
<para><emphasis>Scope:</emphasis> Global</para>
<para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Version:</emphasis> 2.5.13</para>
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
(1500 by default). See also
@@ -1531,7 +1531,7 @@ SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</p
<para><emphasis>Scope:</emphasis> Global</para>
<para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Version:</emphasis> 2.5.13</para>
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
(1500 by default). See also <literal>SecPcreMatchLimit</literal></para>
@@ -2582,7 +2582,7 @@ SecRuleUpdateActionById 12345 "t:compressWhitespace,deny,status:403,msg:'A new m
<para><emphasis>Scope:</emphasis> Any</para>
<para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Version:</emphasis> 2.5.13</para>
<para><emphasis>Dependencies/Notes:</emphasis> The default is set to 100
files, but you are encouraged to reduce this value. Any file over the

4
doc/modsecurity2-data-formats.xml
View File

@@ -7,8 +7,8 @@
<releaseinfo>Version 2.5.10-dev1 (March 24, 2009)</releaseinfo>
<copyright>
<year>2004-2010</year>
<holder>Breach Security, Inc. (<ulink url="http://www.breach.com"
>http://www.breach.com</ulink>)</holder>
<holder>Trustwave Holdings, Inc. (<ulink url="http://www.trustwave.com"
>http://www.trustwave.com</ulink>)</holder>
</copyright>
</articleinfo>
<para>The purpose of this document is to describe the formats of the ModSecurity alert messages,

BIN
doc/trustwave-logo-small.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.5 KiB