github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
573 Commits 55 Branches 109 Tags
Commit Graph

54 Commits

Author SHA1 Message Date
b1v1r
21ecf99dab Merge 2.5.x changes into trunk. 2009-09-24 19:11:16 +00:00
b1v1r
826124b378 Merge 2.5.x changes to trunk. 2009-08-25 22:19:33 +00:00
b1v1r
7379a4fb3f Merge 2.5.x changes into trunk. 2009-08-12 23:03:11 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
34798e9abe Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
5f09dbb3ee Sync up trunk with changes from 2.5.x. 2008-03-28 17:06:44 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
52ccced72b Cleanup building actionsets and use minimal default. See #445. 
Fully resolve all rules before logging.
 2008-01-25 04:52:49 +00:00
brectanus
f8adea949c Implemented SecUploadFileMode. See #448. 2008-01-24 22:10:37 +00:00
brectanus
a3584993f5 Implement "block" pseudo-action. See #441. 2008-01-24 05:16:35 +00:00
brectanus
c4e1ede358 Fixed merging actionsets so we can build a more accurate rule for auditing. 2008-01-22 05:39:33 +00:00
brectanus
0d24a08f33 Implemented SecRuleUpdateActionById. See #442. 2008-01-19 02:23:41 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
ivanr
2068357af8 Added m.getvars() and finalised Lua support. 2007-12-21 12:50:03 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
ivanr
4fcd787b94 Lua: Support relative filenames in SecRuleScript. 2007-12-20 10:17:48 +00:00
ivanr
e357bb55af Add quoting to unparsed rule generation. 2007-12-19 16:11:32 +00:00
ivanr
afd3cbf14f Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. 2007-12-19 11:22:52 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
8a1687bf36 Make phase 5 more strict and catch an inherited disruptive action. See #429. 2007-12-17 05:13:49 +00:00
brectanus
32100608e5 Handle actionset being NULL. See #66 and #429. 2007-12-15 00:42:39 +00:00
brectanus
476684e6ec Stricter configuration parsing. See #66 and #429. 2007-12-14 22:45:01 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
brectanus
22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2007-12-02 16:26:05 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
brectanus
8cec4dd251 Some more debugging and fixes for skipAfter. See #258. 2007-11-28 01:04:26 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
ivanr
b163864ba7 Implemented SecComponentSignature. 2007-11-26 16:05:56 +00:00
brectanus
40c5b2004f Remove extraneous 'void *' cast. 2007-11-15 19:11:59 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
7f71ae377c Fix another warning on %u used where %lu needed. 2007-11-07 20:00:26 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
brectanus
8f6385f784 Added logdata action (still needs byte limit). See #40. 2007-08-10 00:22:15 +00:00
brectanus
9695f2b816 Improvements in transformation cache (add options, document). 
Update CHANGES.
 2007-08-03 20:25:30 +00:00
brectanus
72832c1b32 Working on cache enhancements. See trac #14. 2007-08-02 20:25:06 +00:00
brectanus
81d0f84ad3 Update copyright text to Breach Security, Inc. 
Merge in changes from branches/2.1.x
 2007-06-14 16:05:45 +00:00
ivanr
74738b29b0 Added new directive (SecPdfProtectMethod) to enable the user to choose between 
using token redirection (falling back on forced download in some cases) and
forced download (in all cases).
 2007-06-14 15:26:08 +00:00
ivanr
c7f5dc3355 Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented. 2007-06-14 14:54:23 +00:00
brectanus
a68eb04884 Add geo lookup support. See #22. 2007-05-11 16:14:11 +00:00
ivanr
fca9eabafe Merged the PDF XSS protection functionality into ModSecurity. 2007-05-03 12:09:24 +00:00
ivanr
e0a8602929 Added experiemental support for content injection. 2007-05-02 11:22:09 +00:00