github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,494 Commits 55 Branches 109 Tags
Commit Graph

117 Commits

Author SHA1 Message Date
Felipe Zimmerle
0037a0732a Using RadixTree instead of list to storage IPs 
Used by the operator @ipMatch and variants, this structure storage all the IPs
addresses for later comparison. Last version was using RadixTree only if the
set of IPs was specified from files. IPs specified as parameters, was using
a chained list. Chained lists may affect the performance, since lookups in
worst case will be O(n). RadixTrees could provide better results depending
on the amount of elements and its contents.
 2014-03-31 16:22:10 -07:00
Felipe Zimmerle
b9fdc4fe3b Adds support to suspicious and whitelist to Read and Write limits 
The operators @ipMatch, @ipMatchF and @ipMatchFromFile were
added to the functions: SecReadStateLimit and SecReadStateLimit,
by using them it is possible to declare a suspicious list. When
a suspicious list is given, the {Read|Write}StateLimit will be
applied just to the IPs that belongs to that restricted list.
Note that the negative of those operators (e.g. !@ipMatch) can be
used to place a whitelist. The {Read|Write}StateLimit
restrictions will not be applied to those in the whitelist.
This current version the Sec{Read|Write}StateLimit can be used
varios times to add elements to both lists, however, the
last informed limit will be applied for the entire group. This
feature is experimental, and suggestions on how to improve it
are very welcome. For further discussion use the issue: #353.
 2014-03-31 16:22:10 -07:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Ulisses Albuquerque
c23097ce18 Added support for JSON body processor 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
f86a71f7a7 Adds SecStatusEngine On/Off switch 
Add the possibility to turn the Status Engine On or Off using the
directive SecStatusEngine [On/Off]. By default it is On.
 2014-03-31 07:14:55 -07:00
Felipe Zimmerle
d93ce9ceee Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables 
This variable is a combination from REQUEST_LINE, REQUEST_HEADERS and
REQUEST_BODY (if any). Expects for \n\n in between each of those values.
 2014-03-31 07:14:55 -07:00
Felipe Zimmerle
227de9fb8a Reverts commit b1cbccdc6b18a0f3a4edda8a5dfa9f6621485e81 
This belongs to a specific branch as long as it is not stable yet.
 2013-12-18 15:05:01 -08:00
ivanr
b1cbccdc6b Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases). 2013-12-17 07:14:25 -08:00
Breno Silva
cd31b39ce1 Removed SecDefineRemoteAddr and fixed Apache 2.4 mod_remoteip integration 2013-05-06 00:49:07 -04:00
Breno Silva
29ed5c4dc7 Added: SDBM_DELETE_ERROR variable 2013-05-02 08:04:26 -04:00
Breno Silva
6cd3a14db1 MODSEC-362 2013-04-22 13:36:13 -04:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
d4d80b38aa Added SecXmlExternalEntity 2013-03-04 16:54:20 -04:00
Breno Silva
4db1f51f39 Added MULTIPART_NAME and MULTIPART_FILENAME variables 2013-03-04 11:54:13 -04:00
Breno Silva
9725e71f06 ModSecurity: improving duplicate ID search 2013-01-31 10:22:37 -04:00
Breno Silva
eabc39ad83 Added SecCookieV0Separator 2013-01-26 18:45:34 -04:00
Breno Silva
53d422e9de Change names of HMAC feature to HASH 2012-10-30 18:02:22 -04:00
brenosilva
7355100712 MODSEC-297 2012-10-08 15:04:22 +00:00
brenosilva
5c5107a860 MODSEC-297 2012-10-08 13:55:11 +00:00
brenosilva
0d2307192c MODSEC-336 2012-10-05 18:03:58 +00:00
brenosilva
919e3f5e29 Reverted SecCookiev0Separator 2012-10-03 17:33:37 +00:00
brenosilva
aee22ea461 MODSEC-261 2012-10-03 13:49:00 +00:00
brenosilva
592ec392d1 Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 2012-08-02 18:04:53 +00:00
brenosilva
3bb931e188 Fix warnings 2012-06-17 13:32:07 +00:00
brenosilva
866cb6d6b4 Update trunk for 2.7 2012-05-10 23:18:39 +00:00
brenosilva
d4079971c6 MODSEC-160 2011-10-14 13:32:30 +00:00
brenosilva
6c89afcf7d MODSEC-211 2011-07-11 21:09:28 +00:00
brenosilva
ad168c801d Only reinject stream if data is changed by rsub 2011-06-15 14:38:42 +00:00
brenosilva
06dd5907b6 Build and code fixes 2011-06-14 15:01:17 +00:00
brenosilva
f595919107 Implement unicode map 2011-06-02 19:11:04 +00:00
brenosilva
5eaa1a7345 Added SecWriteStateLimit for slow post DoS 2011-05-05 17:01:57 +00:00
brenosilva
0cc30904b9 Fix issue in input stream 2011-04-28 16:32:41 +00:00
brenosilva
6b7edc4d47 Fixes, code cleanups, improvements 2011-04-27 15:58:22 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
1a2d377e34 MODSEC-178 2011-03-28 18:47:58 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
69551d2d09 Add Google safe browsing lookup 2011-03-15 20:49:10 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
1260d2b097 MODSEC-104 2010-12-23 12:27:57 +00:00
brenosilva
60a1725d04 MODSEC-12 2010-12-16 15:38:30 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
058283fb5a Add the ability to build custom request body parser extensions. 
Add an example for a request body parser extension.
 2010-05-05 23:01:11 +00:00
ivanr
98982e2962 Added the SecDisableBackendCompression directive 2010-03-19 20:00:59 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
0ecfe86c3c Add PERF_GC. 2010-02-03 08:46:42 +00:00
ivanr
bc35ab7e0b Implement variables for access to performance measurements. 2010-02-01 11:44:32 +00:00
ivanr
7b56982f26 Implemented a new time-measuring mechanism. Added Stopwatch2. 2010-02-01 09:42:23 +00:00
ivanr
d1c38bf029 Change SECACTION_TARGETS and SECMARKET_TARGETS to REMOTE_ADDR 2009-12-13 08:43:56 +00:00
ivanr
6d5e752cb3 Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered 2009-12-12 14:21:17 +00:00
ivanr
839b7f81e0 Removed the obsolete PDF UXSS functionality (MODSEC-96). 2009-12-04 23:33:47 +00:00