Refactoring on the nginx module, including:
- Better handling larger posts;
- Now using nginx echo module during the regression tests.
- Better interacting with neginx chain rules
- Separation of the request handling and content filters.
- Better handling nginx sessions and resource counts to allow a
more efficient garbage collector.
- Handling both http/1.0 and 1.1, including keep-alive.
- Tests are now capable to test nginx as a proxy or end-server.
- Tested agains nginx 1.6 and 1.7.
This commit makes ModSecurity to refuse to download or install rules
(SecRemoteRules) from sites that are not running HTTPS with a valid and
trusted certificate.
Initially those directives were only able to load content from a
local file. This commit extends this functionality allowing the user to
provide an HTTP URI that can be downloaded and loaded by ModSecurity.
Initially the download is associated with a server restart. For next
versions we expect to load such resources as it become outdated (Without
need to resetart the server).
FuzzyHash operator is optional and only installed if the headers for libfuzzy
was found in the system. Otherwise, the FuzzyHash operator is disable during
the compilation. After this commit, if some rules tries to use it, ModSecurity
will produce an runtime error not a config time error, allowing the web server
to procede normal with its operations.
IfDefines such as: <IfDefine MODSEC_2.5> are just compatible with Apache a
solution to check if some resource is available or not have to be developed
to be used in situations like that. This commit just removes the IfDefine.
