ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00

Author	SHA1	Message	Date
Felipe Zimmerle	873a94a73f	CHANGES: Preparing for a next version	2021-07-09 10:21:10 -03:00
Felipe Zimmerle	bf881a4eda	Change release version to v3.0.5	2021-07-07 10:13:14 -03:00
martinhsv	cd5fba8974	Handle URI received with uri-fragment	2021-07-05 14:51:21 -03:00
Felipe Zimmerle	9764b1fb3b	CHANGES: Fix entry for ARGS_NAMES	2021-01-25 14:59:17 -03:00
Dmitri Toubelis	102f4bdd91	Make the `configure` step more reliable Iyt appears that in cross compile environments the location of the "current" directory cannot be assumed. This fix makes it explicit.	2021-01-25 09:26:51 -03:00
martinhsv	fbea73120c	Fix: FILES variable does not use multipart part name for key	2021-01-24 15:06:30 -03:00
Felipe Zimmerle	f1f2527c03	Using setenv instead of putenv on SetEnv action	2021-01-24 14:59:59 -03:00
Felipe Zimmerle	e6bdadeb69	tests: Prints test number on segfault	2021-01-13 13:38:38 -03:00
Felipe Zimmerle	f18595f428	Makes regular expression selection on collections key case insensitive This issue was initially reported by @michaelgranzow-avi on #2296. @airween made an initial attempt to provide a fixed at #2107; As a consequence of the pull request review - provided by @victorhora, @zimmerle, and @michaelgranzow-avi - @airween made a second attempt at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed the essential pieces from @airween patch into this one. This patch differs from @airween's because @airween's patches were partially working: Key exclusions with regex weren't covered, same for anchored variables (e.g. ARGS). During the review, I have highlighted the importance of having elementary test cases. A simple test case on ARGS could spot the issue. Since that is an important fix, I don't want to hold this for one more review cycle; therefore, I am committing the fix myself. Thank you all involved in the solution of this very own issue.	2020-12-10 10:05:07 -03:00
martinhsv	d72be1c470	Fix: Only delete Multipart tmp files after rules have run	2020-11-04 13:50:07 -03:00
Michael Granzow	1b7aa42c77	Issue-2423: Meta-actions like 'msg' should be applied at end of chain	2020-10-29 10:33:02 -03:00
martinhsv	2672db103e	Add support for new operator rxGlobal	2020-10-26 08:55:07 -03:00
Felipe Zimmerle	785958f9b5	Fix maxminddb link on FreeBSD Issue #2131	2020-10-23 14:44:54 -03:00
martinhsv	8436c78993	Fix IP address logging in Section A	2020-10-16 13:14:42 -07:00
Felipe Zimmerle	9e6d8b7bbc	CHANGES: Adds support to lua 5.4	2020-08-17 11:35:51 -03:00
Felipe Zimmerle	51d06d7a8e	CHANGES: Adds info about #2378	2020-07-30 13:51:33 -03:00
martinhsv	b9620c26a0	rx:exit after full match; fix TX population after unused group	2020-06-29 06:13:45 -07:00
martinhsv	07ce43cceb	Correct CHANGES file entry for #2234	2020-06-18 07:12:25 -07:00
martinhsv	a1547eaa32	Regression tests: audit log compare support and test cases	2020-03-31 15:01:26 -03:00
martinhsv	f57265a3e2	Support configurable limit on number of arguments processed	2020-02-14 11:00:01 -03:00
martinhsv	136db3e582	Multipart Content-Disposition should allow filename* field	2020-02-11 10:29:38 -03:00
martinhsv	1b1fdc055b	Fix rule-update-target exclusions for plain (non-regex) variables	2020-02-11 09:42:37 -03:00
Felipe Zimmerle	f7e4c1d9f5	CHANGES: Adds info about #2235	2020-02-04 11:05:33 -03:00
Felipe Zimmerle	2b09e7e01d	CHANGES: Adds info about #2253	2020-02-04 10:53:22 -03:00
Felipe Zimmerle	7c6bf810e4	CHANGES: Preparing to 3.0.4+	2020-01-14 11:02:44 -03:00
Felipe Zimmerle	753145fbd1	Change release version to v3.0.4	2020-01-10 09:32:41 -03:00
martinhsv	0470168056	Fix: audit log data omitted when nolog,auditlog	2020-01-07 11:16:07 -03:00
root	6624a18a4e	Fixed inspectFile operator does not pass FILES_TMPNAMES pass FILES_TMPNAMES variable to lua engine Fixed Lua engine should also be aware of the variable and pass it to the target lua script main function	2019-11-26 08:40:53 -03:00
Felipe Zimmerle	05e9e7cf31	XML: Remove error messages from stderr	2019-11-25 09:27:11 -03:00
Felipe Zimmerle	42a16c71cf	CHANGES: Adds info about #1645	2019-11-22 14:49:50 -03:00
martinhsv	ea7cacf289	Additional adjustment to Cookie header parsing	2019-11-21 16:50:27 -03:00
martinhsv	6395fe07ce	Restore chained rule logging to be more like 2.9	2019-11-21 08:21:59 -03:00
Ervin Hegedus	038522ad9b	Small fixes in log messages to help debugging	2019-11-20 15:24:30 -03:00
martinhsv	b8160cce6b	Fix Cookie header parsing issues	2019-11-20 08:51:06 -03:00
martinhsv	199a9db3e2	Fix nolog rules logging to part H	2019-11-11 13:50:44 -03:00
martinhsv	9cac167faf	Fix argument key-value pair parsing cases	2019-11-05 13:06:29 -03:00
martinhsv	68c995ca98	Fix: audit log part for response body for JSON format to be E	2019-10-25 09:51:26 -03:00
Victor Hora	d4dc3dbf2a	Make sure m_rulesMessages is filled after successfull match	2019-10-16 09:40:04 -03:00
Felipe Zimmerle	beedddd6c6	Fix @pm lookup for possible matches on offset zero	2019-10-02 08:05:14 -07:00
Felipe Zimmerle	341a5d01e1	CHANGES: Regex lookup on the key name instead of COLLECTION:key	2019-06-26 11:01:43 -03:00
Felipe Zimmerle	74eee9330b	CHANGES: Adds info about #2106	2019-06-17 14:57:13 -03:00
Felipe Zimmerle	cbd15ec138	CHANGES: Adds info about #2113 , #2111	2019-06-04 10:30:19 -03:00
Felipe Zimmerle	f50700e9d4	CHANGES: Adds info about #1960	2019-06-03 19:56:24 -03:00
Felipe Zimmerle	1cc22966db	CHANGES: Adds info on "Having body limits to respect ..."	2019-06-03 14:15:49 -03:00
Felipe Zimmerle	c7fe50e5be	CHANGES: Adds info about #1872	2019-05-31 11:52:32 -03:00
Felipe Zimmerle	b5823d4e0c	CHANGES: Adds info about #2099 , #2102	2019-05-30 10:22:00 -03:00
Felipe Zimmerle	7e8782d977	CHANGES: Adds info about #2063	2019-05-29 22:05:28 -03:00
Felipe Zimmerle	f752291af8	CHANGES: Adds info about #2057	2019-05-27 17:43:06 -03:00
Felipe Zimmerle	25e4445834	CHANGES: Adds info about #2059	2019-05-27 17:14:29 -03:00
Felipe Zimmerle	a0a99319a2	CHANGES: Adds info about #2068	2019-05-27 17:08:44 -03:00

1 2 3 4 5 ...

601 Commits