When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
Remove compile-time setting for generating audit logs
as JSON, creating a new config option (SecAuditLogFormat).
sec_audit_logger is now a wrapper for sec_audit_logger_json
or sec_audit_logger_native. This has the disadvantage of
making the audit log generation code harder to maintain,
but the logger function itself now is no longer pepper
with binary branches.
* Write Stopwatch2 values into a separate map
* Remove legacy Stopwatch
* Proper sanitization of request/response headers
* Lazily open maps for keys that may not have content
At patch 45805be, @littlecho changed the behaviour to set the audit log
index/serial file permission. Before, it was using the default permission now
it is respecting the permission configured via SecAuditLogFileMode. This patch
replicates @littlecho's work to the secundary auditlog file.
Change third parameter(which is the apr file permission flag) from CREATEMODE to dcfg->auditlog_fileperms. Due to the user can specify the desired file permission setting for the audit log files with setting the value of SecAuditLogFileMode, we should follow the file permission setting from the config file. Therefore, as the dcfg->auditlog_fileperms will be modified in cmd_audit_log_dirmode function, we can use the value while calling apr_file_open to meet the file permission that specified in modsecurity.conf.
A random number generator needs to be initialized once per process after a fork, but not after each request, more so with an argument that changes only once per second.
This fixes SpiderLabs#778
This is a copy of my commit deec149ca363dd14213afd1f9d7f71a71959ef31.
It is easy to test old/new code standalone with valgrind;
jst insert the getkey() function into this template:
-----------getkey() goes here-----------------
int main(void)
{
apr_pool_t *p;
apr_initialize();
apr_pool_create(&p, NULL);
printf("%s\n", getkey(p));
return 0;
}
Keep compatibility among different versions of Apache is not a simple
task, in this case it can be avoided by the creation of our own version
of ap_find_command, that is now used by msc_remote_rules.
apr_crypto is not always available, configure scripts are looking for
it and setting WITH_APU_CRYPTO in case it is found. There were two
places where apr_crypto.h was included without validating if
WITH_APU_CRYPTO was set. This patch removes the inclusion from the
first place (it seems not to be mandatory) and add the check for
WITH_APU_CRYPTO in the second one. This fix issue #834.
This definition is currently used in two different circumstances: Report with
accuracy that the server is an IIS (status call), and also show the amount of
loaded remote rules on the windows logs. Different from Apache which loads the
rules twice, IIS just do it once.
As the this new Curl version supports well the Windows certificate storage,
removing the dependency on the OpenSSL. Also changing the build scripts to work
accordingly. As the cmake build of Curl is said to broken abandoning it in
favor of the nmake files. Thanks to Gregg Smith and Steffen.
