Felipe Zimmerle
010c18f63f
Adds support to SecDefaultAction configuration directive
2015-09-04 10:56:04 -03:00
Felipe Zimmerle
f2ed890ea6
Now accept SecRules regardless of the letter case
2015-09-03 11:09:40 -03:00
Chaim Sanders
8675383c0d
Updated build instructions for Fedora
2015-09-03 09:42:01 -03:00
Chaim Sanders
9a0c9d4938
Updated build instructions for Fedora
2015-09-03 09:42:01 -03:00
Chaim Sanders
84eba7ad1a
Updated build instructions for Fedora
2015-09-03 09:42:01 -03:00
Chaim Sanders
9cd9f7f11e
Updated readme to reflect required Fedora packages
2015-09-03 09:42:01 -03:00
Chaim Sanders
d963e2dc23
Updated readme to reflect required Fedora packages
2015-09-03 09:42:01 -03:00
Chaim Sanders
3cd54e753d
Updated readme to reflect required Fedora packages
2015-09-03 09:42:01 -03:00
Felipe Zimmerle
7afd93196d
Adds contains to the list of operators compatibles with the capture action
2015-09-03 09:38:19 -03:00
Felipe Zimmerle
3de845fac1
Fix macro expansion string replacement
...
It was removing more characters from the string than the actual %{variable}%
2015-09-03 09:38:19 -03:00
Felipe Zimmerle
45d81e1c04
Adds sanity check to the rule id action
2015-09-03 09:38:12 -03:00
Felipe Zimmerle
6ab88472b1
Adds a simple regression test for the operator @rx
2015-09-02 18:50:19 -03:00
Felipe Zimmerle
a63aa50f1b
Changes the default operator to be @rx not @pm
...
For some reason the default operator was @pm, which was a huge mistake.
The default operator is @rx, thanks for Sanders who have noticed that.
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
ea4cd53221
Accepts phases with its name instead of a number
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
035040cd13
Adds sanity check to confirm that the rule has an ID and it is not duplicated
2015-09-02 18:30:41 -03:00
Felipe Zimmerle
aae8036c0c
Cosmetics: Fix debug log message
2015-09-02 10:55:35 -03:00
Felipe Zimmerle
5d24b237bd
Fix default parts to be logged on audit logs
2015-09-02 10:55:35 -03:00
Felipe Zimmerle
fa4f72d90d
Adds support to ctl:auditLogParts variation
2015-09-02 10:55:29 -03:00
Felipe Zimmerle
e89e395a32
Fix various minor issues on the auditlog schema
2015-08-27 17:50:42 -03:00
Felipe Zimmerle
24b7d72666
DebugLogs are now being redirected to the correct files
2015-08-27 15:36:56 -03:00
Felipe Zimmerle
01542e28c3
Allows blank line (or line with space) at the end of a rules file
2015-08-25 15:50:40 -03:00
Felipe Zimmerle
e76af0eab9
Correctly handling nginx configuration merge
2015-08-25 15:50:27 -03:00
Felipe Zimmerle
004ef066ed
Fix rules chain and action execution
...
- Rules chains are respecting the phase of the first rule in chain.
- The actions are only executed if all chain match.
2015-08-25 13:44:20 -03:00
Felipe Zimmerle
f2da6bb81d
Fix the ruturn value while loading the rules
2015-08-25 10:20:58 -03:00
Felipe Zimmerle
c586ba0178
Removes an unused state from the seclang parser
2015-08-25 08:15:27 -03:00
Felipe Zimmerle
15893e312b
Fix regression test and example: checking if rules are loaded ok
...
It was checking only the amount of rules loaded, which could be 0 if
only configuration directives are loaded.
2015-08-25 07:48:37 -03:00
Felipe Zimmerle
e94226f1d8
Fix some build issues
...
Optional dependencies were temporarily marked as mandatory, in order
to sort any build problem, later it will be marked as optional again.
2015-08-25 00:25:33 -03:00
Felipe Zimmerle
fd8578351d
Fix segmentation fault in the regression tests
2015-08-25 00:24:28 -03:00
Felipe Zimmerle
a168502717
Adds missing file
2015-08-24 11:32:12 -03:00
Felipe Zimmerle
1065e297b2
Fix several minor issues on the seclang grammar
2015-08-22 11:06:28 -03:00
Felipe Zimmerle
e78d7f5b91
Makes the parser understand some missing configuration directives
...
Directives:
- SecPcreMatchLimitRecursion
- SecPcreMatchLimit
- SecResponseBodyMimeType
- SecTmpDir
- SecDataDir
- SecArgumentSeparator
- SecCookieFormat
- SecStatusEngine
Those are not implemented yet, but the parser is now able to understand it.
2015-08-20 13:04:54 -03:00
Felipe Zimmerle
a453a656c3
Fix continuation line and VARIABLENOCOLON
2015-08-19 23:12:34 -03:00
Felipe Zimmerle
0b225f0239
Parser: adds support to SecRequestBodyInMemoryLimit
2015-08-19 22:42:46 -03:00
Felipe Zimmerle
2d56aa521b
Cosmetics: fix actions on yy file
...
- added action for:
ctl:requestBodyProcessor=XML
ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
2015-08-19 22:36:31 -03:00
Felipe Zimmerle
a230a4ff3c
parser: Adds support for continuation lines
2015-08-19 17:20:43 -03:00
Felipe Zimmerle
ef99615401
parser: Understanding @pm if no operator is provided
2015-08-19 16:58:14 -03:00
Felipe Zimmerle
101fddfc9b
Extends DICT_ELEMENT to support "-"
2015-08-18 22:19:32 -03:00
Felipe Zimmerle
d5bf955028
Using DetectionOnly instead of DetectOnly
2015-08-18 22:16:38 -03:00
Felipe Zimmerle
b7fb65fe65
seclanguage: ignore lines starting with "#"
2015-08-18 22:10:55 -03:00
Felipe Zimmerle
cff74e7cea
Fix ValidateUrlEncoding corner case
2015-08-14 00:40:44 -03:00
Felipe Zimmerle
1de6d07dfd
Adds support to the @detectSQLi operator
2015-08-14 00:30:28 -03:00
Felipe Zimmerle
4baee88eb3
Adds support to the @detectXSS operator
2015-08-13 23:38:57 -03:00
Felipe Zimmerle
f0535ae11b
Adds libinjection repo as submodule
2015-08-13 23:38:57 -03:00
Felipe Zimmerle
ad65a1abea
Adds @noMatch operator
2015-08-13 23:38:50 -03:00
Felipe Zimmerle
73c6c8cf7c
build: searching for pcre/geoip on /opt/local directory
2015-08-13 16:27:20 -03:00
Felipe Zimmerle
d5fe21ce3c
Code cosmetics: reduce the amount of cppcheck warnings
2015-08-12 22:40:26 -03:00
Felipe Zimmerle
21400ba454
Adds support to the @verifyCC operator
2015-08-12 13:14:33 -03:00
Felipe Zimmerle
1b0a918330
Adds support to the @validateUrlEncoding operator
2015-08-11 18:01:39 -03:00
Felipe Zimmerle
b325834f1e
Disables c++11 mutex, until we have a better approach
2015-08-11 17:12:05 -03:00
Felipe Zimmerle
ac2f0bfd08
Cosmetic: avoiding warning by including full path instead of file.h
2015-08-11 17:11:54 -03:00
