Reed Morrison
f66cd4111f
Fix ip tree lookup on netmask content
2018-06-07 14:48:18 -03:00
Felipe Zimmerle
71f650ad48
Adds information on #1781
2018-05-28 17:55:37 -03:00
Ryan Kramer
9bfdbc57db
IIS: set overrideModeDefault to Allow so that individual websites can add <ModSecurity ...> to their web.config file
2018-05-28 17:54:36 -03:00
Felipe Zimmerle
21adc0a768
Adds information about #1721
2018-05-10 18:42:45 -03:00
Padraig Doran
ec71102197
Fix spelling
...
"reachers" should be "reaches"
2018-05-10 18:35:25 -03:00
Felipe Zimmerle
7aa2f2dd5a
Adds information about #1771
2018-05-10 15:32:38 -03:00
Charles Peterson
d6366d12e6
fix when multiple lines for curl version
...
example....
### before fix
```bash
# /usr/bin/curl --version | sed 's/^[^0-9][^[:space:]][^[:space:]]*[[:space:]]*//'
7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
```
### after fix
```bash
# /usr/bin/curl --version | sed 's/^[^0-9][^[:space:]][^[:space:]]*[[:space:]]*//' | tr '\r\n' ' '
7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 tftp ftp telnet dict ldap ldaps http file https ftps scp sftp GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
```
2018-05-10 15:24:04 -03:00
Robert Paprocki
8d4124eee2
Enable sanitizing JSON request bodies in native audit log format
...
f86de56
2018-03-20 11:35:40 -07:00
Robert Paprocki
830f0b7c54
Fix compiler warning in JSON parser
2018-03-20 10:57:19 -07:00
Felipe Zimmerle
203e85e33f
Adds information on #1619
2018-02-28 11:20:13 -03:00
Felipe Zimmerle
9ae7b6e1e5
Fix arabic charset in unicode_mapping file
...
Contribution from @alaa-ahmed-a
2018-02-28 11:16:34 -03:00
florian-eichelberger
f86de566d1
Enables sanitizing of json request bodies in the apache module for native log format
2018-02-05 09:36:45 -03:00
Felipe Zimmerle
4ee1d9c179
Adds information on #1538
2017-10-06 16:44:03 +00:00
Felipe Zimmerle
6406e2108d
Makes `large stream optimization' optional
2017-10-06 16:43:45 +00:00
Allan Boll
2e9ea0a677
Avoid use of min-macro, as it is not available in all envs
2017-10-05 17:20:41 +00:00
Allan Boll
7fff8938ba
Check return value of modsecurity_request_body_store
2017-10-05 17:20:41 +00:00
Allan Boll
6ce7f4d689
Remove the unneeded null termination for the stream_input_data
2017-10-05 17:20:41 +00:00
Allan Boll
023b863853
Ensure memory preallocation for streaming is bounded by SecRequestBodyLimit
2017-10-05 17:20:41 +00:00
Allan Boll
97b51ebfed
Renamed local var and initialized local vars. Undid accidental move.
2017-10-05 17:20:40 +00:00
Allan Boll
afae690655
Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream.
2017-10-05 17:20:40 +00:00
Felipe Zimmerle
07c3659ddc
Adds information on #1538
2017-10-05 16:40:40 +00:00
Allan Boll
b3a527f593
Fixed a typo in build_yajl.bat
2017-10-05 16:39:57 +00:00
Felipe Zimmerle
d50f840a43
Adds info about #1545
2017-10-05 14:39:32 +00:00
Nic Jansma
a0bd72334d
Fixes SecConnWriteStateLimit
2017-10-05 14:38:42 +00:00
Felipe Zimmerle
7fd5439c63
Adds info about #1446
2017-10-05 13:33:11 +00:00
Felipe Zimmerle
934a9fcc02
Verify if chunk exists before access it
2017-10-05 13:28:28 +00:00
Guido Ravagli
b8636a70d1
added "empy chunk" check
2017-10-05 13:24:59 +00:00
Felipe Zimmerle
9c51671b74
Adds information about #1488
2017-10-05 03:25:46 +00:00
Victor Hora
9b90d86f75
Add capture action to @detectXSS operator
2017-10-05 03:24:23 +00:00
Felipe Zimmerle
185ec6f72e
Adds information about #1486
2017-10-04 21:24:36 +00:00
Victor Hora
bbe7f8c389
Proposed fix for wildcard op when loading conf files on Nginx / IIS
2017-10-04 21:23:49 +00:00
Felipe Zimmerle
b3c39136c1
Adds info about 94fe3 on our changelogs
2017-10-04 19:36:43 +00:00
Felipe Zimmerle
c917df0f2a
Set of fixes to make the build/win to work in our buildbots
2017-10-04 13:48:45 +00:00
Felipe Zimmerle
5731b76918
Adds information about #1510
2017-09-29 18:35:45 +00:00
Marc Stern
89764f12b0
Fixed typos: LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH $log_server_context instead of $log_server_context
2017-09-29 18:34:30 +00:00
Felipe Zimmerle
2ab08a625e
Adds information about #1454
2017-09-29 14:00:38 +00:00
David Carlier
7ead7f4d23
Few missing headers, in the <arpa/inet.h> inclusions ones mainly due to the fact APR_HAVE* constants are simply into apr.h
2017-09-29 14:00:32 +00:00
Felipe Zimmerle
b878ece6c6
Version 2.9.2
...
Increasing version to 2.9.2 (final)
2017-07-18 09:59:59 -07:00
Victor Hora
1e8b4669eb
Refactoring of IIS build scripts
2017-07-17 23:34:04 -03:00
Felipe Zimmerle
61bce8d9a9
Cosmetics: moving declaration to the too of the block
2017-07-14 13:47:30 -03:00
Felipe Zimmerle
9f92321afb
Fix test case to match new version of curl.
...
Error message was changed
2017-07-14 10:37:58 -03:00
Felipe Zimmerle
cb6dc9ea27
Updates CHANGES to mention commit: fbd57
2017-06-23 16:18:54 -03:00
Allan Boll
04e4a6f9b8
Initialize msre_var pointers
2017-06-23 16:16:23 -03:00
Felipe Zimmerle
13b32aacdf
Updates CHANGES to mention commit: 551314
2017-06-01 08:49:34 -03:00
Andrei Belov
5335587b95
Obtain port from r->connection->local_sockaddr.
...
This eliminates segfaults caused by unset (NULL) r->port_start
and non-NULL r->port_end. In fact, r->port_start is always NULL,
so it is useless to rely on this pointer.
2017-06-01 08:48:37 -03:00
Felipe Zimmerle
9c0229ce1f
Updates libinjection to v3.10.0
2017-05-31 21:06:33 -03:00
Felipe Zimmerle
53571a860d
Updates libinjection.
...
This is not yet their v3.10.0. But I belive it is close to be.
See #124 at client9/libinjection for further information.
2017-05-30 10:48:11 -03:00
Felipe Zimmerle
e5dbe59336
Adds info about pull request #1432
2017-05-30 08:14:44 -03:00
Victor Hora
1684400eee
Fixes issue #1432 by not logging normal behavior to error.log and using APLOG_DEBUG instead
2017-05-30 08:13:11 -03:00
Felipe Zimmerle
624bd2bf82
Adds info about pull request #1071
2017-05-22 18:59:20 -03:00
