github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,801 Commits 55 Branches 109 Tags
Commit Graph

1801 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Victor Hora
1adea9f1e8
Merge pull request #1714 from p0pr0ck5/sanitize-json 2018-11-12 19:45:38 -05:00
Victor Hora
a21f97066b Fix modsecurity.conf for IIS update CHANGES file 2018-11-12 15:54:36 -05:00
Victor Hora
f35075b2a7 IIS: Update Wix installer to bundle a supported CRS version (3.0) 2018-11-12 15:45:47 -05:00
Victor Hora
63cbd91723 IIS: Update dependencies for Windows build 2018-11-11 15:33:29 -05:00
Victor Hora
b7e82aae0e CHANGES: Adds info about: #788 and #1299 2018-11-09 18:10:59 -05:00
Victor Hora
45337265f1 Set SecStreamInBodyInspection by default on IIS builds (#1299) 2018-11-09 18:06:56 -05:00
Victor Hora
22322ce355 Update modsecurity.conf file for IIS build 2018-11-09 17:57:31 -05:00
Victor Hora
9be0a407eb Add sanity check for a couple malloc() and make code more resilient 2018-11-04 22:04:34 -05:00
Victor Hora
b3fa87dc7c Fix NetBSD build by renaming the hmac function to avoid conflicts 2018-11-04 21:20:10 -05:00
Victor Hora
96e21b0f3e CHANGES: Adds info about: #1612 2018-11-04 13:06:37 -05:00
Allan Boll
e97799c9bc Windows build, fixed duplicate YAJL dir in script 2018-11-04 13:04:03 -05:00
Victor Hora
1843b79adb IIS: Make failed MSI installer messages more helpful 2018-11-02 19:01:36 -04:00
Victor Hora
49495f1925 CHANGES: Adds info about: #1917 2018-10-19 19:50:05 -04:00
Allan Boll
a55a9481b3 IIS: Remove body prebuffering again. Unneeded due to no lock on modsecProcessRequest. 2018-10-19 19:49:44 -04:00
Felipe Zimmerle
f93709b66c Update issue templates 2018-10-17 09:21:02 -03:00
Victor Hora
1a28de9cef
CHANGES: Adds info about: #712 2018-10-12 21:27:50 -04:00
Victor Hora
a3dc602128 ju5t patch to fix mpm-itk mod_ruid2 compatibility 2018-10-12 21:20:40 -04:00
Victor Hora
d50650ba4f CHANGES: adds info on #1556 2018-09-22 20:51:27 -04:00
Victor Hora
96756533ba Code cosmetics: Minor change to match commit 2a42cc 2018-09-22 20:40:30 -04:00
Victor Hora
aab128f810 Code cosmetics: checks if actionset is not null before use it 2018-09-22 20:21:23 -04:00
Daniel Muey
a677456078 Issue #1671: Only generate SecHashKey when SecHashEngine is On 2018-09-20 17:46:55 -04:00
Victor Hora
b9bf98f2c1 CHANGES: Adds info about: #1857 2018-09-20 16:43:08 -04:00
Yang Luo
e0a087b540 Update the dependencies in README for Windows based on refactory of 2.9.2 release. 2018-09-20 16:39:28 -04:00
Yang Luo
b76f961aae Reformat the README to Markdown 2018-09-20 16:37:45 -04:00
Felipe Zimmerle
a168669cb5
CHANGES: adds info on #1826 2018-09-06 10:09:12 -03:00
Allan Boll
51a9717601
IIS: no lock on ProcessRequest. No reload of config. (#24) 
IIS: no lock on ProcessRequest. No reload of config.
 2018-09-06 10:08:06 -03:00
Felipe Zimmerle
6bc838eeaf
CHANGES: adds info on #1651 2018-09-06 10:03:15 -03:00
Allan Boll
18af259777
IIS, buffer request body before taking lock 
IIS, buffer request body before taking lock
 2018-09-06 10:02:02 -03:00
Felipe Zimmerle
8dd40709ee
good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:52 -03:00
Felipe Zimmerle
5367bca1b3
CHANGES: adds info on #1613 2018-09-05 16:27:49 -03:00
Allan Boll
6bb4461911
AppGw WAF version that doesn't block failed body parsing in detect-only mode 2018-09-05 16:08:21 -03:00
Allan Boll
2ae357be88
Let body parsers observe SecRequestBodyNoFilesLimit 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
 2018-09-05 16:08:21 -03:00
Felipe Zimmerle
89f5427c1c
potential off by one in parse_arguments 
Issue: #1799
 2018-09-05 15:33:39 -03:00
Felipe Zimmerle
fecc4296e3
Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:40:26 -03:00
Felipe Zimmerle
739048749e
Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:02:09 -03:00
Reed Morrison
f66cd4111f
Fix ip tree lookup on netmask content 2018-06-07 14:48:18 -03:00
Felipe Zimmerle
71f650ad48
Adds information on #1781 2018-05-28 17:55:37 -03:00
Ryan Kramer
9bfdbc57db
IIS: set overrideModeDefault to Allow so that individual websites can add <ModSecurity ...> to their web.config file 2018-05-28 17:54:36 -03:00
Felipe Zimmerle
21adc0a768
Adds information about #1721 2018-05-10 18:42:45 -03:00
Padraig Doran
ec71102197
Fix spelling 
"reachers" should be "reaches"
 2018-05-10 18:35:25 -03:00
Felipe Zimmerle
7aa2f2dd5a
Adds information about #1771 2018-05-10 15:32:38 -03:00
Charles Peterson
d6366d12e6
fix when multiple lines for curl version 
example....

### before fix

```bash
# /usr/bin/curl  --version | sed 's/^[^0-9][^[:space:]][^[:space:]]*[[:space:]]*//'
7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
```

### after fix

```bash
 # /usr/bin/curl  --version | sed 's/^[^0-9][^[:space:]][^[:space:]]*[[:space:]]*//' | tr '\r\n' ' '
7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 tftp ftp telnet dict ldap ldaps http file https ftps scp sftp  GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
```
 2018-05-10 15:24:04 -03:00
Robert Paprocki
8d4124eee2 Enable sanitizing JSON request bodies in native audit log format 
f86de56 enabled sanitizing JSON request body data in JSON audit
log formats (the commit message is misleading). This commit supplements
JSON request body sanitization to support sanitized elements in
native audit log formats.
 2018-03-20 11:35:40 -07:00
Robert Paprocki
830f0b7c54 Fix compiler warning in JSON parser 2018-03-20 10:57:19 -07:00
Felipe Zimmerle
203e85e33f
Adds information on #1619 2018-02-28 11:20:13 -03:00
Felipe Zimmerle
9ae7b6e1e5
Fix arabic charset in unicode_mapping file 
Contribution from @alaa-ahmed-a
 2018-02-28 11:16:34 -03:00
florian-eichelberger
f86de566d1
Enables sanitizing of json request bodies in the apache module for native log format 2018-02-05 09:36:45 -03:00
Felipe Zimmerle
4ee1d9c179
Adds information on #1538 2017-10-06 16:44:03 +00:00
Felipe Zimmerle
6406e2108d
Makes `large stream optimization' optional 2017-10-06 16:43:45 +00:00
Allan Boll
2e9ea0a677
Avoid use of min-macro, as it is not available in all envs 2017-10-05 17:20:41 +00:00