ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00

Author	SHA1	Message	Date
ivanr	bbcf1d08fc	Added an APR-Util variant of character encoding conversion.	2007-12-03 14:46:00 +00:00
ivanr	c25071b832	Initial experimental implementation of SecRequestEncoding. See #390 for more details.	2007-12-03 14:04:53 +00:00
brectanus	22873995f7	Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER.	2007-12-02 16:26:05 +00:00
brectanus	2bf4556cd0	Checkin fix to rule removal code to avoid placeholders.	2007-12-02 15:35:09 +00:00
brectanus	9e9bb318b3	Rewrite the luhn algorithm to be faster and easier to read. See #69 .	2007-12-01 00:42:28 +00:00
brectanus	13e209909f	Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69 . This still needs to be fixed.	2007-11-30 23:26:06 +00:00
brectanus	a6c2d867f4	Improvements to audit logging matching rules. See #93 .	2007-11-30 21:31:12 +00:00
brectanus	dcdce0cbc5	Added matching rules to audit log data. See #93 .	2007-11-30 00:52:21 +00:00
brectanus	85053718d9	Cleanup log output for skipAfter. See #258 .	2007-11-29 23:14:02 +00:00
ivanr	d3a0a2887a	Fix utf-8 validation (again\!\!\!).	2007-11-29 13:30:39 +00:00
ivanr	575e86388a	Implemented SecRequestBodyNoFilesLimit (#103 ).	2007-11-29 11:41:48 +00:00
ivanr	fd5e4fb32c	Fix bugs introduced by the recent change to audit logging.	2007-11-29 11:09:38 +00:00
ivanr	ab6a81fe7a	Remove unused reqbody_status from modsec_rec.	2007-11-29 10:46:12 +00:00
brectanus	1cfc906fac	Fixed apr_size_t formatting warnings by using portable %APR_SIZE_T_FMT instead of %lu.	2007-11-28 01:09:15 +00:00
brectanus	8cec4dd251	Some more debugging and fixes for skipAfter. See #258 .	2007-11-28 01:04:26 +00:00
ivanr	4a08d7e6bf	Handle out-of-disk-space conditions gracefully when writing to audit log.	2007-11-27 10:52:14 +00:00
brectanus	800cfc2cc2	Added missing #else block for printf attributes.	2007-11-27 00:17:50 +00:00
brectanus	e47fdeb420	Changed %p formatter to APRs %pp (wish that was documented). Marked msr_log() as a printf style function so GNU compiler can check formatting types. Fixed a few other warnings with msr_log() formatters.	2007-11-26 22:53:51 +00:00
brectanus	9447ae67b8	Added placeholder support for skipAfter so that it works with removed rules. See #258 .	2007-11-26 22:27:15 +00:00
brectanus	1860e2a35e	Renamed SecGeoLookupsDb to SecGeoLookupDB.	2007-11-26 17:04:42 +00:00
ivanr	b163864ba7	Implemented SecComponentSignature.	2007-11-26 16:05:56 +00:00
ivanr	e467d3cac0	Unified messages in the error log and in the audit log.	2007-11-26 15:39:37 +00:00
ivanr	f0be2ff6b0	Added warning message when XML request body parser fails.	2007-11-26 15:05:48 +00:00
brectanus	40c5b2004f	Remove extraneous 'void *' cast.	2007-11-15 19:11:59 +00:00
brectanus	aff6900539	Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate. Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.	2007-11-15 19:09:14 +00:00
ivanr	b9defc0adb	Warn in the debug log when request body processing fails.	2007-11-08 18:20:24 +00:00
ivanr	cd2287a412	Fix for an evasion false positive.	2007-11-08 18:12:51 +00:00
brectanus	83fb4b4da4	Fix more formatting errors/warnings on 64bit systems.	2007-11-07 20:22:09 +00:00
brectanus	7f71ae377c	Fix another warning on %u used where %lu needed.	2007-11-07 20:00:26 +00:00
brectanus	e45ea12fc8	Fix warnings on Solaris and/or 64bit builds.	2007-11-02 22:31:47 +00:00
brectanus	faec5b8e9d	Fix a possible loss of data warning when compiling 64bit reported by Marc Stern.	2007-10-23 22:16:39 +00:00
brectanus	2b346dd086	Updated input filter insertion code for sub-requests.	2007-10-17 23:07:00 +00:00
brectanus	8e99090067	Add the input filter if we have read the body (even if a sub-request). See #335 .	2007-10-17 22:41:37 +00:00
brectanus	9d49adf028	Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258 .	2007-10-17 19:59:28 +00:00
brectanus	974298a76c	Added ctl:ruleRemoveById action. See #259 .	2007-10-17 19:11:47 +00:00
brectanus	9efa02f423	Change ctl parameters to be case insensitive. Initial implementation of ctl:removeRuleById. See #259.	2007-10-16 00:14:42 +00:00
ivanr	b0d514478f	Fix blocking multipart FP, which affected Safari.	2007-10-15 18:05:12 +00:00
ivanr	d5f3b9ce52	Fix multipart parser blocking FP with Safari ( (#317).	2007-10-15 17:27:51 +00:00
brectanus	793b576701	Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123 .	2007-10-15 16:50:36 +00:00
brectanus	b784e6cb73	Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123 .	2007-10-03 00:23:46 +00:00
brectanus	83a7886071	Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. Added @containsWord. See #182.	2007-10-02 18:50:35 +00:00
brectanus	da1399f0b8	Added TX:LAST_MATCHED_VAR_NAME. See #123 .	2007-10-01 22:35:52 +00:00
brectanus	e0e031d163	Oops, too fast to blame apr :) This bug was a forgotten NULL in the apr_pstrcat function. Apparently newer APRs can handle this.	2007-10-01 19:05:34 +00:00
brectanus	dc71842cee	Revert to apr_psprintf (vs apr_pstrcat) to get around what appears to be an apr bug with FC4.	2007-10-01 18:45:06 +00:00
brectanus	9d4965b29e	Fix macro expansion in setvar. See #126 .	2007-10-01 17:24:10 +00:00
brectanus	2d526f1434	Fix typo in a comment.	2007-10-01 17:23:38 +00:00
brectanus	27ba3027b7	Move init of msr->msc_rule_mptmp before msr storage.	2007-09-28 21:06:57 +00:00
brectanus	fe1021e369	More cleanup of error messages and marking as relevant. See #4 .	2007-09-28 20:02:02 +00:00
brectanus	8b6f0e72a7	Wrap PERFORMANCE_MEASUREMENT variable as conditional compile.	2007-09-27 21:38:33 +00:00
brectanus	63a47c370e	Prefer %d string formatter to %i so we do not get warnings on some platforms.	2007-09-27 21:34:29 +00:00

1 2 3 4 5

241 Commits