ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00

Author	SHA1	Message	Date
brectanus	2733cc739a	Do not try to intercept a request after a failed rule. (See #53 )	2007-05-10 04:28:37 +00:00
ivanr	dfde8169e6	Documented the PDF XSS protection functionality. It's not much but it will do for now.	2007-05-03 17:02:37 +00:00
ivanr	f1d4e0e2ff	Documented RESPONSE_CONTENT_LENGTH and RESPONSE_CONTENT_TYPE.	2007-05-03 16:47:34 +00:00
ivanr	d8418c3aa3	Documented SecContentInjection, append, and prepend.	2007-05-03 16:41:12 +00:00
brectanus	c0c5d8d894	Removed extraneous symbols from dso via DSOLOCAL.	2007-05-03 16:17:42 +00:00
ivanr	fca9eabafe	Merged the PDF XSS protection functionality into ModSecurity.	2007-05-03 12:09:24 +00:00
brectanus	c559f3ee21	Change @eq to @streq. See #54 .	2007-05-03 03:41:29 +00:00
brectanus	2aa6e61605	Exported API for registering custom variables. See #120 . Simple example in api/mod_var_remote_host_port.c	2007-05-03 03:26:30 +00:00
brectanus	b47059a5b3	Remove docs for HTTP_* vars. See #23 .	2007-05-03 01:52:47 +00:00
brectanus	cd62f20022	Add docs for new transformations and operators. See #54 , #55 and #117 .	2007-05-02 17:00:13 +00:00
brectanus	0c234c115e	Cleanup debug log output: add rev to 'Invoking rule' line, remove clearing mem pool line.	2007-05-02 16:00:20 +00:00
ivanr	fa13b02f7f	Updated the CHANGES file with the RESPONSE_* variable changes.	2007-05-02 11:23:21 +00:00
ivanr	e0a8602929	Added experiemental support for content injection.	2007-05-02 11:22:09 +00:00
ivanr	20c0b11dd9	Added experimental RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE.	2007-05-02 10:02:20 +00:00
ivanr	3661a294a4	Added experimental RESPONSE_CONTENT_ENCODING.	2007-05-02 09:06:39 +00:00
brectanus	3f7fc7c758	Added string comparison operators: @contains, @is, @beginsWith and @endsWith with support for macro expansion. See #54 .	2007-05-01 22:00:34 +00:00
brectanus	0a1610f850	More debug log enhancements - quote values to easier see whitespace.	2007-05-01 21:52:47 +00:00
brectanus	a3c3f25ae0	Fix macro expansion. See #118 . Fix some debug log output to escape NULs properly in preparation for #54. Up version to prepare for 2.2.0 pre-releases.	2007-05-01 21:36:24 +00:00
brectanus	b93eef9db3	Added t:length to transform a value to its character length. See #55 .	2007-05-01 15:59:52 +00:00
brectanus	5482606c37	Added t:trimLeft, t:trimRight, t:trim to remove whitespace from a value on the left, right or both. (see trac #117 )	2007-05-01 15:55:35 +00:00
brectanus	d9a26780ab	Add SecAuditLog2 directive (trac #102 )	2007-04-25 20:46:23 +00:00
brectanus	e556a914f9	Remove tabs	2007-04-25 17:53:02 +00:00
rbarnett	f2c96bae2a	I added notes about accessing response headers in phase:3 and phase:5.	2007-04-12 18:46:12 +00:00
rbarnett	e72540b0a0	I added the XML and HTML files for the Migration Matrix doc.	2007-04-10 20:23:36 +00:00
brectanus	82fdc7cf3f	Format CHANGES to add space before '*'	2007-04-05 17:43:22 +00:00
brectanus	51a5418b4b	Update changes to reflect merges into 2.1.x branch	2007-04-05 15:13:22 +00:00
brectanus	eab433187f	Add PCRE_DOLLAR_ENDONLY to doc	2007-04-05 14:59:44 +00:00
brectanus	00dcb2714f	Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. (trac #57 )	2007-04-05 01:54:03 +00:00
brectanus	a93c77e9a2	Updated line/num/id debug output with a format that is easier to parse. (trac #47 )	2007-03-27 18:00:04 +00:00
brectanus	9e669fcc78	Better CHANGES entry. (trac #43 )	2007-03-27 17:47:15 +00:00
brectanus	383119a147	Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. (trac #51 )	2007-03-27 17:22:35 +00:00
brectanus	f6de76b053	Removed CGI style HTTP_* variables in favor of REQUEST_HEADERS:Header-Name. (trac #23 )	2007-03-27 17:18:21 +00:00
brectanus	485c664a42	Enhance debug log output for capturing to detect all regex/capture mismatches (trac #21 ).	2007-03-27 17:13:42 +00:00
brectanus	891859f9c5	Revert back to using captured regex execution as it seems to be more effecient as the ovector can be used for working space even if it is not used for captures. Warn when captures are used in the regex, but "capture" not specified.	2007-03-27 15:32:53 +00:00
brectanus	59928bfe60	This was not meant to be checked in yet (trac #42 )	2007-03-27 15:28:47 +00:00
brectanus	4676132ed4	Add the file/line to the rule so we can use it in the debug log and eventually in the alerts.	2007-03-21 21:20:35 +00:00
brectanus	58afede3f3	Do not log 'allow' action as intercepted in the debug log.	2007-03-21 14:38:57 +00:00
brectanus	d1ada359dd	Optimize regex execution to not capture unless 'capture' action used.	2007-03-21 14:06:36 +00:00
brectanus	09b704f114	Recycle the mptmp pool (trac #43 ).	2007-03-20 22:15:19 +00:00
brectanus	8876a03ab1	Recycle the mptmp pool (trac #43 ).	2007-03-20 22:09:04 +00:00
brectanus	f508c0a331	Fix a compile warning.	2007-03-20 22:01:30 +00:00
brectanus	473a471bba	Oops, forgot my parens.	2007-03-20 18:27:51 +00:00
brectanus	bce096216e	Fixed collection variable name printing in debug log (trac #45 )	2007-03-20 18:23:48 +00:00
brectanus	ab55a8716e	Fix potential memory corruption in msre_create_var_ex allocating per-request data out of global pool.	2007-03-08 16:15:45 +00:00
brectanus	8898759c47	Add back the check for overflow on length	2007-03-07 16:54:41 +00:00
brectanus	9b56d63145	More generic Makefile	2007-03-07 16:02:20 +00:00
brectanus	4370819f7b	Fixed potential DIV0 when a collection var was fetched in the same second as creation	2007-03-07 15:56:22 +00:00
brectanus	4e02be6219	Fixed parsing of ASCIIZ for application/x-www-form-urlencoded forms	2007-03-06 16:14:54 +00:00
brectanus	cf024ded05	Fix segfault when logging NULL text during request reading errors and upcoming fix for sending alerts on such errors.	2007-03-05 22:12:34 +00:00
brectanus	ebdd0400dd	Generate an alerts for error log entries for requests we did not process if it has a UNIQUE_ID available.	2007-03-02 21:47:13 +00:00

1 2

64 Commits