github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
521 Commits 55 Branches 109 Tags
Commit Graph

57 Commits

Author SHA1 Message Date
brectanus
20cc395510 Added mlogc source. 2008-09-02 23:10:36 +00:00
brectanus
225339525d Allow disabling processing of request body size limit in phase 1. See #518. 2008-08-15 20:21:25 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
ivanr
c3fd0231d0 Prevent phases from being processed more than once. 2008-06-05 14:52:48 +00:00
brectanus
83ff6c4796 Re-enable error output filter with a fix after more testing/tracing of code. See #498. 
Update versions to ready for release of 2.5.5.
 2008-06-03 20:28:05 +00:00
brectanus
0c1f2f2e09 Fixed blocking in phase 3 by reverting changeset:591 (for now). See #65 and #498. 2008-05-30 19:31:22 +00:00
brectanus
8f7b861d94 Added mod_rpaf-2.0 and mod_custom_header to the beforeme list. 2008-05-09 15:50:17 +00:00
brectanus
fa3462f48f Add the MODSEC_2.5 define to 2.6 for compatibility. 2008-04-11 20:06:48 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
e2ad283fdb Fix some sprintf formatters so they do not generate warnings. 2008-02-04 21:50:10 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
99c41afc3d Added a check that SecServerSignature actually worked (Apache changed some of this code as of 2.2.4 and could potentially change it again and break this). 
Cleaned up some configure code.
Cleaned up some extraneous cache logging.
Cleaned up the output from the test script.
 2008-01-14 22:32:53 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
61e4623bae Move around some code to make unit tests easier to build. 2007-12-19 20:44:56 +00:00
brectanus
a99357ad5b Add ability to use <IfDefine MODSEC_2.5>. See #436. 2007-12-17 19:06:08 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
ivanr
e467d3cac0 Unified messages in the error log and in the audit log. 2007-11-26 15:39:37 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
2b346dd086 Updated input filter insertion code for sub-requests. 2007-10-17 23:07:00 +00:00
brectanus
8e99090067 Add the input filter if we have read the body (even if a sub-request). See #335. 2007-10-17 22:41:37 +00:00
brectanus
27ba3027b7 Move init of msr->msc_rule_mptmp before msr storage. 2007-09-28 21:06:57 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
ivanr
2a707d4370 Enable our output filters to intercept bodies of error responses (#65). 2007-09-21 19:06:54 +00:00
brectanus
b217e42624 Merge in fix for ErrorDocument. 2007-09-17 17:10:38 +00:00
brectanus
c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). 2007-09-14 21:00:56 +00:00
brectanus
1e603d8a3e Detect and use new API calls to get the server version/banner when available. 2007-09-11 18:01:28 +00:00
brectanus
d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. 2007-08-22 20:12:41 +00:00
brectanus
9e08017b32 Force rpaf and similar modules before mod_security2. 2007-08-21 23:44:19 +00:00
brectanus
e275162463 Quiet "warning: int format, pid_t arg" type warnings. 2007-08-13 17:49:37 +00:00
brectanus
7c856eef1f Fix typo and make clearer the intent by using defined(). See #198. 2007-08-10 13:44:55 +00:00
brectanus
32905f9d46 Add ability to compile without API support (-DNO_MODSEC_API). See #198. 2007-08-10 00:46:04 +00:00
brectanus
fe8c564ed0 Added MODSEC_BUILD variable. See #38. 2007-08-08 18:25:03 +00:00
brectanus
8b9d914ed0 Merge in code fixes to create msr context on request failure. 2007-07-23 22:14:09 +00:00
brectanus
4d03b029f1 Remove the error message on a failed request so we can handle it in a pater phase. 2007-07-19 14:45:43 +00:00
brectanus
e251a9bd57 Add back code to send an alert on request failure. 2007-07-19 13:33:46 +00:00
brectanus
efe52d4e77 Initialize rules tmp pool properly. 
Update to latest core rules.
 2007-06-14 18:48:35 +00:00
brectanus
6569c444d8 Make rules/README UNIX style EOL. 
Merge another branch/2.1.x change.
 2007-06-14 16:42:04 +00:00
brectanus
81d0f84ad3 Update copyright text to Breach Security, Inc. 
Merge in changes from branches/2.1.x
 2007-06-14 16:05:45 +00:00
brectanus
6350e2badc Do not log alert message for subrequests. See #124. 
Cleanup CHANGES.
 2007-06-11 21:28:03 +00:00
brectanus
23bd6b4331 Do not pause if we are not the main request. See #124. 2007-06-11 21:20:07 +00:00
brectanus
84c0ca303e Fixed patch for subrequests to be more complete. See #124. 2007-05-31 15:42:42 +00:00
brectanus
af6160b9c4 Fixed problem with subrequests not being intercepted. See #124. 2007-05-30 14:14:00 +00:00