github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
424 Commits 55 Branches 109 Tags
Commit Graph

324 Commits

Author SHA1 Message Date
ivanr
e357bb55af Add quoting to unparsed rule generation. 2007-12-19 16:11:32 +00:00
ivanr
cdcb3bdb14 Lua: Added support for retrieving parametarised parameters (e.g. ARGS:p). 2007-12-19 15:46:45 +00:00
ivanr
4414cb8527 Lua: Support retrieval of individual variables from scripts. 2007-12-19 14:35:20 +00:00
ivanr
aef5a460b6 Fix Lua support. Enable logging from Lua scripts (using m.log()). 2007-12-19 12:50:21 +00:00
ivanr
e0c444953c Update Makefile to compile with Lua support 2007-12-19 11:26:55 +00:00
ivanr
afd3cbf14f Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. 2007-12-19 11:22:52 +00:00
ivanr
6f6934e9d3 Code polish. 2007-12-19 09:22:58 +00:00
brectanus
d2dee97a31 Fix jsDecode \xHH to verify HH is there and valid hex. See #439. 2007-12-19 00:31:08 +00:00
brectanus
5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). 2007-12-19 00:26:19 +00:00
brectanus
499c3f3167 Add initial unit testing framework. See #438. 2007-12-19 00:09:30 +00:00
brectanus
8360aacc22 Use use new msr->rule_was_intercepted flag. See #425. 2007-12-17 19:58:35 +00:00
brectanus
a99357ad5b Add ability to use <IfDefine MODSEC_2.5>. See #436. 2007-12-17 19:06:08 +00:00
ivanr
a703c9c626 Minor allow bug fix. 2007-12-17 15:11:18 +00:00
ivanr
dc081c5df1 Removed some code that implemented SecRequestEncoding. Left the directive in, as well as the structure member as they are harmless. 2007-12-17 15:09:59 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
9b0ce5ae67 Move an extraneous debug log line from level 4 to level 9. 2007-12-17 05:43:49 +00:00
brectanus
8a1687bf36 Make phase 5 more strict and catch an inherited disruptive action. See #429. 2007-12-17 05:13:49 +00:00
brectanus
32100608e5 Handle actionset being NULL. See #66 and #429. 2007-12-15 00:42:39 +00:00
brectanus
476684e6ec Stricter configuration parsing. See #66 and #429. 2007-12-14 22:45:01 +00:00
brectanus
cd51a10046 Allow all rules to run in phase 5. See #425. 2007-12-14 22:34:16 +00:00
brectanus
5065852dfe More efficient collection persistance and deletion on retrieval. See #345 and #426. 2007-12-14 19:53:23 +00:00
brectanus
4c11791a94 Escape cache value in log. 2007-12-14 00:42:04 +00:00
brectanus
aa68fff104 Fixed decoding \9 with t:escapeSeqDecode. See #423. 2007-12-14 00:30:25 +00:00
brectanus
8aa31fd099 Change jsDecodeuni to jsDecode which also decodes all the other JS escapes. See #193. 2007-12-14 00:19:46 +00:00
brectanus
b0de659133 Added t:jsDecodeUni handling unicode similar to t:urlDecodeUni. See #193. 2007-12-13 00:58:02 +00:00
brectanus
cbf79d43ba Update version to ready for 2.5.0-rc1. 2007-12-12 23:08:14 +00:00
brectanus
54cac6461b Add IS_NEW and IS_EXPIRED collection variables. See #345. 2007-12-12 22:52:08 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
ivanr
bbcf1d08fc Added an APR-Util variant of character encoding conversion. 2007-12-03 14:46:00 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
brectanus
22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2007-12-02 16:26:05 +00:00
brectanus
2bf4556cd0 Checkin fix to rule removal code to avoid placeholders. 2007-12-02 15:35:09 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
brectanus
a6c2d867f4 Improvements to audit logging matching rules. See #93. 2007-11-30 21:31:12 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00
brectanus
85053718d9 Cleanup log output for skipAfter. See #258. 2007-11-29 23:14:02 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
ivanr
fd5e4fb32c Fix bugs introduced by the recent change to audit logging. 2007-11-29 11:09:38 +00:00
ivanr
ab6a81fe7a Remove unused reqbody_status from modsec_rec. 2007-11-29 10:46:12 +00:00
brectanus
1cfc906fac Fixed apr_size_t formatting warnings by using portable %APR_SIZE_T_FMT instead of %lu. 2007-11-28 01:09:15 +00:00
brectanus
8cec4dd251 Some more debugging and fixes for skipAfter. See #258. 2007-11-28 01:04:26 +00:00
ivanr
4a08d7e6bf Handle out-of-disk-space conditions gracefully when writing to audit log. 2007-11-27 10:52:14 +00:00
brectanus
800cfc2cc2 Added missing #else block for printf attributes. 2007-11-27 00:17:50 +00:00