github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
695 Commits 55 Branches 109 Tags
Commit Graph

53 Commits

Author SHA1 Message Date
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
1a2d377e34 MODSEC-178 2011-03-28 18:47:58 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
d170dd4ebe MODSEC-57 2011-02-24 15:03:50 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
ivanr
76583d80fa Added the missing log messages for the ctl action; optimised the existing log messages (MODSEC-99). 2009-12-04 23:50:51 +00:00
b1v1r
3b12989683 Merge 2.5.x changes into trunk. 2009-11-07 00:06:26 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
ivanr
8fe278e845 Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility. 2009-10-29 17:57:18 +00:00
b1v1r
ffc5d968e6 Merge 2.5.x changes into trunk. 2009-05-21 06:18:18 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
309510d70b Change from ctl:requestBodyBuffering to ctl:forceRequestBodyVariable. 2008-09-10 17:11:20 +00:00
brectanus
34798e9abe Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
f394c6faa2 Add atomic updates for persistent counters. See #20. 2008-05-13 00:05:02 +00:00
brectanus
b4f473f87f Expand macros in expirevar and deprecatevar. See #477. 
Cleaned up debug logs in actions.
Warn on mismatched curly braces in macro expansion.
 2008-04-24 16:23:35 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
13b5cdd5fc Expand macros in setenv (name and value). See #458. 2008-02-04 18:26:35 +00:00
brectanus
a3584993f5 Implement "block" pseudo-action. See #441. 2008-01-24 05:16:35 +00:00
brectanus
c4e1ede358 Fixed merging actionsets so we can build a more accurate rule for auditing. 2008-01-22 05:39:33 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
b6446dc836 Fixed an old bug in ctl:auditLogParts that was fixed in 2.1.x, but not trunk. 2008-01-09 01:02:51 +00:00
ivanr
2068357af8 Added m.getvars() and finalised Lua support. 2007-12-21 12:50:03 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
ivanr
4cecdf4c5b Added support for Lua to the exec action. 2007-12-20 12:06:30 +00:00
ivanr
4414cb8527 Lua: Support retrieval of individual variables from scripts. 2007-12-19 14:35:20 +00:00
ivanr
a703c9c626 Minor allow bug fix. 2007-12-17 15:11:18 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
5065852dfe More efficient collection persistance and deletion on retrieval. See #345 and #426. 2007-12-14 19:53:23 +00:00
brectanus
54cac6461b Add IS_NEW and IS_EXPIRED collection variables. See #345. 2007-12-12 22:52:08 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
9d49adf028 Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258. 2007-10-17 19:59:28 +00:00
brectanus
974298a76c Added ctl:ruleRemoveById action. See #259. 2007-10-17 19:11:47 +00:00
brectanus
9efa02f423 Change ctl parameters to be case insensitive. 
Initial implementation of ctl:removeRuleById.  See #259.
 2007-10-16 00:14:42 +00:00
brectanus
793b576701 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. 2007-10-15 16:50:36 +00:00
brectanus
9d4965b29e Fix macro expansion in setvar. See #126. 2007-10-01 17:24:10 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
426ce1aea7 Fixed deprecatevar. See #59. 2007-09-25 21:40:04 +00:00
brectanus
8f6385f784 Added logdata action (still needs byte limit). See #40. 2007-08-10 00:22:15 +00:00
brectanus
81d0f84ad3 Update copyright text to Breach Security, Inc. 
Merge in changes from branches/2.1.x
 2007-06-14 16:05:45 +00:00
brectanus
c0c5d8d894 Removed extraneous symbols from dso via DSOLOCAL. 2007-05-03 16:17:42 +00:00
ivanr
e0a8602929 Added experiemental support for content injection. 2007-05-02 11:22:09 +00:00
brectanus
a3c3f25ae0 Fix macro expansion. See #118. 
Fix some debug log output to escape NULs properly in preparation for #54.
Up version to prepare for 2.2.0 pre-releases.
 2007-05-01 21:36:24 +00:00
brectanus
ab55a8716e Fix potential memory corruption in msre_create_var_ex allocating per-request data out of global pool. 2007-03-08 16:15:45 +00:00