1288 Commits

Author	SHA1	Message	Date
Allan Boll	97b51ebfed	Renamed local var and initialized local vars. Undid accidental move.	2017-10-05 17:20:40 +00:00
Allan Boll	afae690655	Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream.	2017-10-05 17:20:40 +00:00
Nic Jansma	a0bd72334d	Fixes SecConnWriteStateLimit	2017-10-05 14:38:42 +00:00
Felipe Zimmerle	934a9fcc02	Verify if chunk exists before access it	2017-10-05 13:28:28 +00:00
Guido Ravagli	b8636a70d1	added "empy chunk" check	2017-10-05 13:24:59 +00:00
Victor Hora	9b90d86f75	Add capture action to @detectXSS operator	2017-10-05 03:24:23 +00:00
Marc Stern	89764f12b0	Fixed typos: LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH $log_server_context instead of $log_server_context	2017-09-29 18:34:30 +00:00
David Carlier	7ead7f4d23	Few missing headers, in the <arpa/inet.h> inclusions ones mainly due to the fact APR_HAVE* constants are simply into apr.h	2017-09-29 14:00:32 +00:00
Felipe Zimmerle	b878ece6c6	Version 2.9.2 ... Increasing version to 2.9.2 (final)	2017-07-18 09:59:59 -07:00
Felipe Zimmerle	61bce8d9a9	Cosmetics: moving declaration to the too of the block	2017-07-14 13:47:30 -03:00
Allan Boll	04e4a6f9b8	Initialize msre_var pointers	2017-06-23 16:16:23 -03:00
Felipe Zimmerle	9c0229ce1f	Updates libinjection to v3.10.0	2017-05-31 21:06:33 -03:00
Felipe Zimmerle	53571a860d	Updates libinjection. ... This is not yet their v3.10.0. But I belive it is close to be. See #124 at client9/libinjection for further information.	2017-05-30 10:48:11 -03:00
Victor Hora	1684400eee	Fixes issue #1432 by not logging normal behavior to error.log and using APLOG_DEBUG instead	2017-05-30 08:13:11 -03:00
Hideaki Hayashi	6473cf626d	Make url path absolute for SecHashEngine only when it is relative in the first place. Fix #752	2017-05-22 18:56:37 -03:00
Felipe Zimmerle	6f49bad748	Fix the hex digit size for SHA1 on msc_crypt implementation ... Fix #1354	2017-05-22 18:48:20 -03:00
Felipe Zimmerle	a249574692	Avoids to flush xml buffer while assembling the injected html ... Fix #742	2017-05-22 18:44:22 -03:00
Daniel Stelter-Gliese	72f632e9b6	Avoid additional operator invokation if last transform of a multimatch doesn't modify the input ... Fixes #1086	2017-05-22 15:13:54 -03:00
Felipe Zimmerle	9ac9ff8223	Adds a sanity check before use ctl:ruleRemoveTargetByTag ... This commit closes the issue #1353	2017-05-22 09:23:58 -03:00
Felipe Zimmerle	112ba45e7a	Makes global mutex for collections optional	2017-05-21 08:53:11 -03:00
Mladen Turk	c6f6dffed2	Move locking before table update	2017-05-19 17:16:08 -03:00
Mladen Turk	84d2f30cc8	Use global mutex instead sdbm file lock to fix issues with threaded mpm's	2017-05-19 17:16:08 -03:00
Felipe Zimmerle	2de5175b9c	Fix collection naming problem ... As reported on #1274 we had a problem while merging the collections. Turns out that the collection name was wrong while passing the information to setvar.	2017-05-19 10:29:30 -03:00
Felipe Zimmerle	a5bbb8345f	Fix compilation for 2.2.x and standalone after #1289	2017-05-11 09:14:49 -03:00
Robert Bost	4f55b5d1a7	Change from using rand() to thread-safe ap_random_pick.	2017-05-08 21:19:23 -03:00
Coty Sutherland	10fb76ff16	Adding comments around odd looking code to prevent future scrutiny	2017-05-08 21:07:14 -03:00
Felipe Zimmerle	d6bd0badc5	Cosmetics: fix #1400 indentation and help message	2017-05-08 16:01:37 -03:00
Marc Stern	70322304f2	{dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log.	2017-05-08 15:36:58 -03:00
Felipe Zimmerle	da995bb636	Adds sb_handle structure to specific versions of apache ... Fix issue #1407	2017-05-05 23:06:43 -03:00
Felipe Zimmerle	9b3c32bb54	Makes #1308 compatible to older versions of Apache	2017-05-04 23:23:31 -03:00
Barry Pollard	019edfa1a9	This is a fix for #992 to allow drop to work with mod_http2	2017-05-04 22:19:57 -03:00
Sander Hoentjen	0f59d4e044	query MPM after all config is loaded (fixes #786)	2017-05-04 10:09:07 -03:00
Sander Hoentjen	a2eb4c8b04	Don't update the scoreboard ourself (fixes #1337) ... This is unsafe, and messes up the scoreboard on Apache >= 2.4.25 with Event MPM	2017-05-04 10:09:07 -03:00
Sander Hoentjen	53edb258bb	get correct worker_score in loop	2017-05-04 10:09:06 -03:00
Sander Hoentjen	8efece97f7	don't use sb_handle on apache 2.4	2017-05-04 10:09:06 -03:00
Sander Hoentjen	f813365f7e	Fix logging for Apache 2.4	2017-05-04 10:09:06 -03:00
Felipe Zimmerle	caadf97524	Cosmetics: Fix 0x0bdda1 indentation issues	2017-05-03 09:34:47 -03:00
Marc Stern	51f312736a	rule id is not logged in case rule has no msg	2017-05-03 09:20:32 -03:00
Felipe Zimmerle	3e9e4b39cc	Cosmetics changes top of #1402	2017-05-02 17:14:06 -03:00
Marc Stern	7246998f09	Adds option to disable logging of stopwatches in audit log.	2017-05-02 17:11:58 -03:00
Marc Stern	d7383c39dd	Option to disable logging of dechunking	2017-05-02 11:09:42 -03:00
Felipe Zimmerle	a4724dfdab	Updates the libinjection	2017-04-28 14:56:06 -03:00
Marc Stern	7b86d8c51d	Extends a7731c by adding JSON support	2017-04-26 16:38:12 -03:00
Felipe Zimmerle	3de0dfc5fd	Cosmetics: fix #1381 indentation	2017-04-26 16:04:31 -03:00
Marc Stern	d1376c5525	Adds option to disable logging of Apache handler in audit log	2017-04-26 16:03:58 -03:00
Felipe Zimmerle	67908f45f4	Cosmetics: fix #1380 indentation	2017-04-26 15:28:13 -03:00
Marc Stern	d243818aff	{dis|en}able-collection-delete-problem-logging: Option to disable logging of collection delete problem in audit log when log level < 9 in audit log [Issue #576 - Marc Stern]	2017-04-26 15:27:57 -03:00
Felipe Zimmerle	45b7706f1f	Adds sanity check before print action message in the logs ... This is a sanity check on top of #1379	2017-04-11 10:04:19 -03:00
Marc Stern	99eb07d944	Fix missing rule id in log See https://github.com/SpiderLabs/ModSecurity/issues/391	2017-04-10 12:28:38 -03:00
Marc Stern	9244cd9824	Option to disable logging of "Server" in audit log when log level < 9. [Issue #1070 - Marc Stern]	2017-04-10 12:13:55 -03:00