github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
785 Commits 55 Branches 109 Tags
04fe141c73588a21a40527487265879a3eddf435
Commit Graph

62 Commits

Author SHA1 Message Date
b1v1r
04fe141c73 Fixed SecUploadFileMode to set the correct mode (MODSEC-129). 2010-02-05 18:26:43 +00:00
b1v1r
513c87ee45 Added SecUploadFileLimit (MODSEC-116). 2010-02-05 18:15:31 +00:00
b1v1r
589274903d Added PCRE limits and studying by default to help alleviate REDoS reported by Sogeti/ESEC R&D (MODSEC-119). 2010-02-05 18:09:19 +00:00
b1v1r
bfe41347d2 Update copyright to 2010. 2010-02-03 23:50:24 +00:00
b1v1r
d33f656b93 Fixed parsing quoted strings in multipart Content-Disposition headers. 2009-11-05 19:36:32 +00:00
b1v1r
cb03e372da More updates for Windows - many thanks to apachelounge.com for these. 2009-09-20 03:08:45 +00:00
b1v1r
7333260b9b Added SecAuditLogDirMode and SecAuditLogFileMode (MODSEC-82). 
Cleaned up SecUploadFileMode implementation.
 2009-08-25 00:29:56 +00:00
b1v1r
0680e9e71a Fixed crash on configuration if SecMarker is used before any rules. 
Fixed SecRuleUpdateActionById so that it will work on chain starters (MODSEC-37).
 2009-08-12 21:41:15 +00:00
b1v1r
2370606d70 Updated copyright year to 2009. 2009-03-06 05:32:03 +00:00
brectanus
f2f160e10c Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
ivanr
7edd9cc7f7 Update licensing headers in all source code files. 2008-07-31 09:30:59 +00:00
brectanus
40b6cd3ebe Cleanup. See #364. 2008-07-29 05:47:14 +00:00
brectanus
6ebc5ad6e7 Transformation caching fixes. See #364. 2008-07-29 00:18:16 +00:00
brectanus
6b970c9185 Added back support for HTTP_* targets by aliasing it to REQUEST_HEADERS:*. 
Fixed the severity warning message to only be displayed at a warn log level.
 2008-03-19 21:31:41 +00:00
brectanus
20274563fb Make a severity in a default action just a warning instead of a fatal error. 2008-03-04 22:55:39 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
52ccced72b Cleanup building actionsets and use minimal default. See #445. 
Fully resolve all rules before logging.
 2008-01-25 04:52:49 +00:00
brectanus
f8adea949c Implemented SecUploadFileMode. See #448. 2008-01-24 22:10:37 +00:00
brectanus
a3584993f5 Implement "block" pseudo-action. See #441. 2008-01-24 05:16:35 +00:00
brectanus
c4e1ede358 Fixed merging actionsets so we can build a more accurate rule for auditing. 2008-01-22 05:39:33 +00:00
brectanus
0d24a08f33 Implemented SecRuleUpdateActionById. See #442. 2008-01-19 02:23:41 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
ivanr
2068357af8 Added m.getvars() and finalised Lua support. 2007-12-21 12:50:03 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
ivanr
4fcd787b94 Lua: Support relative filenames in SecRuleScript. 2007-12-20 10:17:48 +00:00
ivanr
e357bb55af Add quoting to unparsed rule generation. 2007-12-19 16:11:32 +00:00
ivanr
afd3cbf14f Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. 2007-12-19 11:22:52 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
8a1687bf36 Make phase 5 more strict and catch an inherited disruptive action. See #429. 2007-12-17 05:13:49 +00:00
brectanus
32100608e5 Handle actionset being NULL. See #66 and #429. 2007-12-15 00:42:39 +00:00
brectanus
476684e6ec Stricter configuration parsing. See #66 and #429. 2007-12-14 22:45:01 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
brectanus
22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2007-12-02 16:26:05 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
brectanus
8cec4dd251 Some more debugging and fixes for skipAfter. See #258. 2007-11-28 01:04:26 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
ivanr
b163864ba7 Implemented SecComponentSignature. 2007-11-26 16:05:56 +00:00
brectanus
40c5b2004f Remove extraneous 'void *' cast. 2007-11-15 19:11:59 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
7f71ae377c Fix another warning on %u used where %lu needed. 2007-11-07 20:00:26 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
brectanus
8f6385f784 Added logdata action (still needs byte limit). See #40. 2007-08-10 00:22:15 +00:00