github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,958 Commits 55 Branches 109 Tags
Commit Graph

263 Commits

Author SHA1 Message Date
Felipe Zimmerle
6f92c8914a
Disables skip counter if debug log is disabled 2018-04-24 14:17:01 -03:00
Robert Paprocki
d0a63aac03
Define m_secmarker_skipped as an integer type 
There's no reason to treat this this as a double, since it
represents a human-readable data value that is only meaningful
as an integer. In doing so we write cleaner audit logs and save
a small amount of space.
 2018-04-24 11:49:13 -03:00
Felipe Zimmerle
8d0f51beda
Change release version to v3.0.2 2018-04-03 10:47:48 -03:00
Felipe Zimmerle
f67ff0aa67
Change release version to v3.0.1 2018-04-01 21:23:25 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Felipe Zimmerle
9537cfceed
Fix SecUploadDir configuration merge 2018-03-23 11:32:46 -03:00
Felipe Zimmerle
450c966da0
Fix a set of compilation warnings 2018-03-01 11:36:31 -03:00
Andrei Belov
ebc068b8ce
Fix msc_who_am_i() to return pointer to a valid C string 
Previously this function was unusable as it returned pointer
to some garbage data.
 2018-02-23 18:42:33 -03:00
Felipe Zimmerle
eeec7efb68
Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
de7c5c89bb
Using shared var for variables names 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493
Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a299997e02
Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2d892a3176
Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
cd30509f3a
Fix the debuglogs for the regression tests 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
c1cd668acb
Change release version to v3.0.0 2017-12-13 19:09:08 -03:00
Felipe Zimmerle
3fb71f32d8
Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
082a3e3287
Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
ec667a4609
Adds support for SecRuleRemoveByTag 2017-11-07 14:52:50 -03:00
Felipe Zimmerle
4d7fd5c30a
Adds support for update target by message 2017-11-06 23:29:25 -03:00
Felipe Zimmerle
e52bd7d635
Adds support to SecRuleScript directive 2017-11-05 23:31:16 -03:00
Felipe Zimmerle
34e8b140e5
Setting http response code on the auditlog 2017-10-19 23:27:30 -03:00
Felipe Zimmerle
274f9e5aa1
Refactoring on RuleMessage class, now accepting http code as parameter 2017-10-19 23:00:47 -03:00
Felipe Zimmerle
39fb75c34d
Having disruptive msgs as disruptive [instead of warnings] on audit log 
Issue #1592
 2017-10-17 14:58:04 -03:00
Felipe Zimmerle
1ad95254cd
Avoids unicode initialization on every rules block 
ModSecurity-nginx/#67
ModSecurity/#1563
 2017-10-11 12:40:48 -03:00
Victor Hora
d285bc02b8
Add missing statements 2017-10-09 09:02:32 -03:00
Victor Hora
63bef3d142
Support to JSON stuff on serial logging 2017-10-09 09:02:31 -03:00
Dávid Major
a5266d6d1c
Store the connection and url parameters in std::string 2017-09-29 17:18:30 +00:00
Dávid Major
495b47d8a2
Eliminate some reorder and sign warnings 2017-09-29 17:16:09 +00:00
Felipe Zimmerle
cca3642530
Changes release tag to -rc1 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
7ac6bf7241
Fix memory issues while resolving variables 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
003a8e8e5f
Uses shared_ptr on variable names 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
9069a453e5
Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670db1bb475c83cd2f24455bb5bd6ee6a4.
 2017-08-24 00:10:42 -03:00
Felipe Zimmerle
1d3c4c670d
Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
Felipe Zimmerle
81879cd131
parser: SecRequestBodyInMemoryLimit is now returning an error msg 2017-08-22 10:44:35 -03:00
Felipe Zimmerle
c22658ec80
Adds `msc_update_status_code' method to the libmodsec api 2017-08-20 18:52:50 -03:00
Felipe Zimmerle
d7eab6b7a3 Adds support to SecRuleRemoveByMsg 2017-08-16 23:42:13 -03:00
Felipe Zimmerle
b4051246b1 Adds support to SecResponseBodyMimeTypesClear 2017-08-16 22:21:03 -03:00
Felipe Zimmerle
48f1470269 Adds support to SecArgumentSeparator 2017-08-16 18:27:51 -03:00
Victor Hora
53ff0e1a57
Adds initial support to SecHttpBlKey 2017-07-29 00:12:14 -03:00
Lasse Karstensen
bce5ef7704
Add the missing g in Transaction::GetReponseBodyLenth() 
This commit fixes a typo in the method name for retrieving
the body length.
 2017-07-28 22:30:25 -03:00
Felipe Zimmerle
4bec6b0019
Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
15ca5ceab4
Yet another change on the audit log permissions 
The default values are set to 0640 and 0750. That is the real
value in version 2.
 2017-07-25 23:08:59 -03:00
Felipe Zimmerle
b58c8fe7ed
Changes the default file creation permission to 1600 
Somewhat related to #1497.
 2017-07-25 15:11:27 -03:00
Felipe Zimmerle
27a8abc052
Changes the auditlog new derectories permission to 1872 
As well noticed on #1497 [by @met3or] we had an inconsistence in the
default permission value for new directories between version 2 and 3.
 2017-07-25 15:06:47 -03:00
Felipe Zimmerle
e14dc602e5 Adds support to SecRuleUpdateTargetById 2017-07-04 13:13:13 -07:00
Felipe Zimmerle
fba9c20ea1 Adds initial support to SecRuleUpdateTargetByTag 2017-07-03 17:42:34 -07:00
Felipe Zimmerle
6421ff087a
Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Felipe Zimmerle
5f60bb5224
Yet another fix on the debuglogs merge 2017-03-28 18:11:31 -03:00
Felipe Zimmerle
80cfca6fa3
Fix the debug log level merge function 2017-03-27 14:09:42 -03:00
Felipe Zimmerle
2a54bf23e5
Fix the debug log merge function 2017-03-27 11:30:26 -03:00