ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00

Author	SHA1	Message	Date
Felipe Zimmerle	78b7fa4e2c	Adds missing drop.h	2018-12-26 11:05:54 -03:00
Felipe Zimmerle	d00ea5111d	Adds initial support to drop action	2018-12-24 16:35:41 -03:00
Ervin Hegedus	77854ed1b5	Fix inet addr handling on 64 bit big endian systems	2018-12-10 15:03:09 -03:00
Felipe Zimmerle	407b6c0f4b	Fix setenv action to strdup key=variable	2018-11-29 15:18:15 -03:00
Felipe Zimmerle	d2b14de268	Allow 0 length JSON requests As discussed at: #1822	2018-11-29 10:39:46 -03:00
Fred Nicolson	3d2030426c	Replaced log locking using mutex with fcntl lock When reloading Nginx, there is a race condition which is visible under high load. As the logging mutex is shared between multiple workers, when a worker is sent a stop signal during a reload, and the log mutex is held, write() will never return, which means that the mutex will never unlock. As other workers share this mutex, they will deadlock. fcntl does not suffer from this issue.	2018-11-27 10:09:29 -03:00
Wenfeng Liu	3b3004d24d	Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES	2018-11-27 09:23:00 -03:00
Felipe Zimmerle	ce3abf2626	Adds support to multiple ranges in ctl:ruleRemoveById Issue #1956	2018-11-26 20:48:18 -03:00
Felipe Zimmerle	e712d30c56	Fix setvar to understand Rule variable in collections Issue #1961	2018-11-26 19:49:44 -03:00
Victor Hora	b638e523af	Make the boundary check less strict as per RFC2046	2018-11-20 22:17:22 -03:00
Victor Hora	ecad8c6c7e	Fix buffer size for utf8toUnicode transformation	2018-11-16 14:58:40 -05:00
Felipe Zimmerle	9d80983e55	Fix on top of #1943 + adding test cases	2018-11-01 16:11:39 -03:00
supplient	39f4a5d7d2	Fix double macros bug Macro run strangely if I input double macros like "%{ARGS_COMBINED_SIZE}%{ARGS_COMBINED_SIZE}".	2018-11-01 15:56:54 -03:00
Felipe Zimmerle	18cdffdbca	Encapsulates int[N] in a class to avoid compilation issues Depending on the compiler, there may be a compilation issue with the usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a regular class.	2018-11-01 11:50:15 -03:00
Victor Hora	e3b9f7c913	Fix SecUnicodeMapFile support Makes SecUnicodeMapFile read the file and adjust transformation to use the right variable.	2018-10-31 22:57:39 -03:00
Felipe Zimmerle	e1e8a01ed2	Override the default status code if not suitable to redirect action Issue #1850	2018-10-30 18:20:23 -03:00
Felipe Zimmerle	bfe917b6b1	parser: Fix the support for CRLF configuration files	2018-10-30 17:16:44 -03:00
Felipe Zimmerle	3f0ea90970	Test case skeleton for #1941	2018-10-29 11:14:31 -03:00
Felipe Zimmerle	91daeee9f6	Only calling server log if the message is not disruptive The disruptive message is already part of the interception object	2018-10-25 18:04:27 -03:00
Felipe Zimmerle	448897d297	Marking message as disruptive before generate log msg	2018-10-25 18:04:07 -03:00
Felipe Zimmerle	973c1f1028	Fix rule line number Issue #1844	2018-10-24 21:02:35 -03:00
Felipe Zimmerle	fa5f3784f2	Using shared_ptr instead of unique_ptr on rules exceptions	2018-10-23 17:03:18 -03:00
Felipe Zimmerle	ef7f65db90	Changes debuglogs schema to avoid unecessary str allocation	2018-10-23 17:00:16 -03:00
Felipe Zimmerle	23e0d35d2d	Fix the SecUnicodeMapFile and SecUnicodeCodePage	2018-10-23 17:00:11 -03:00
Felipe Zimmerle	69cd61439d	Changes the timing to save the rule message	2018-10-23 16:58:42 -03:00
Victor Hora	8088d6af71	Fix crash in msc_rules_add_file() when using disruptive action in child rule inside of chain	2018-10-23 16:39:21 -03:00
Wenfeng Liu	ec1112c648	Fix memory leak in AuditLog::init()	2018-10-23 16:39:15 -03:00
Felipe Zimmerle	8bda7c0a45	Fix RULE lookup in chained rules.	2018-10-23 16:37:54 -03:00
Felipe Zimmerle	120108fd33	Adds support for /32 in @ipMatch cidr notation. /32 is the representation of the ip itself. Not sure if it is needed, but there is a complaint for that: #849	2018-10-23 16:37:53 -03:00
Felipe Zimmerle	a5a40a71a9	Makes matchedvars inline	2018-10-23 16:37:49 -03:00
Felipe Zimmerle	b58018e778	Fix multimatch behavior to match what we have on v2	2018-10-23 16:37:42 -03:00
Felipe Zimmerle	dba73f5367	Using values after transformation at MATCHED_VARS	2018-10-23 16:26:11 -03:00
Felipe Zimmerle	85ecd190d9	Adds full support to UpdateActionById. Issue #1800	2018-10-23 16:26:11 -03:00
Felipe Zimmerle	3e8e28da48	Refactoring on the RULE variable	2018-10-23 16:26:11 -03:00
Felipe Zimmerle	554251bade	Refactoring on the Rule class	2018-10-23 16:26:10 -03:00
Felipe Zimmerle	74841779f8	Adds partial support to UpdateActionById	2018-10-23 16:26:10 -03:00
Victor Hora	20ef01d75c	Allow LuaJIT 2.1 to be used	2018-10-12 17:32:10 -04:00
Victor Hora	28f6f2201f	Match m_id JSON log with RuleMessage and v2 format	2018-10-12 13:10:11 -04:00
Felipe Zimmerle	bc3d3f1915	Adds support to setenv action Issue #1044	2018-09-25 10:19:52 -03:00
Felipe Zimmerle	4dd2812757	Adds new transaction constructor that accepts the transaction id as parameter.	2018-09-24 21:36:06 -03:00
Felipe Zimmerle	c721e101c0	Adds request IDs and URIs to the debug log	2018-09-24 21:07:11 -03:00
Felipe Zimmerle	98b9ae659d	Having a better organization for Variables::	2018-09-24 16:39:48 -03:00
Felipe Zimmerle	ee50fea266	Handling key exceptions on the variable itself This is the first step towords to solve #1697	2018-09-24 16:16:30 -03:00
Victor Hora	6f458b5203	Fix on top of jmx's m.setvar commit for USER collection in Lua scripts	2018-09-19 19:41:49 -04:00
jxm	45cdb0ed90	fix: function m.setvar not work in lua script	2018-09-19 19:34:13 -04:00
Felipe Zimmerle	c2bc695265	parser: Fix typo on SanitiseArgs Related to: #715 and #1889	2018-09-12 09:37:34 -03:00
Felipe Zimmerle	9c73c09abd	parser: Updates the generated parser file	2018-09-11 21:01:13 -03:00
Victor Hora	a719871458	Fix matching condition and adjust test case	2018-09-11 20:53:17 -03:00
Victor Hora	379f370095	Fix SecResponseBodyAccess and ctl:requestBodyAccess directives	2018-09-11 20:52:30 -03:00
Victor Hora	0c0b09ec52	Use glob.h when using OpenBSD	2018-09-11 20:45:58 -03:00

1 2 3 4 5 ...

986 Commits