github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,861 Commits 55 Branches 109 Tags
Commit Graph

233 Commits

Author SHA1 Message Date
Felipe Zimmerle
24b7d72666 DebugLogs are now being redirected to the correct files 2015-08-27 15:36:56 -03:00
Felipe Zimmerle
01542e28c3 Allows blank line (or line with space) at the end of a rules file 2015-08-25 15:50:40 -03:00
Felipe Zimmerle
e76af0eab9 Correctly handling nginx configuration merge 2015-08-25 15:50:27 -03:00
Felipe Zimmerle
004ef066ed Fix rules chain and action execution 
- Rules chains are respecting the phase of the first rule in chain.
- The actions are only executed if all chain match.
 2015-08-25 13:44:20 -03:00
Felipe Zimmerle
f2da6bb81d Fix the ruturn value while loading the rules 2015-08-25 10:20:58 -03:00
Felipe Zimmerle
c586ba0178 Removes an unused state from the seclang parser 2015-08-25 08:15:27 -03:00
Felipe Zimmerle
e94226f1d8 Fix some build issues 
Optional dependencies were temporarily marked as mandatory, in order
to sort any build problem, later it will be marked as optional again.
 2015-08-25 00:25:33 -03:00
Felipe Zimmerle
fd8578351d Fix segmentation fault in the regression tests 2015-08-25 00:24:28 -03:00
Felipe Zimmerle
a168502717 Adds missing file 2015-08-24 11:32:12 -03:00
Felipe Zimmerle
1065e297b2 Fix several minor issues on the seclang grammar 2015-08-22 11:06:28 -03:00
Felipe Zimmerle
e78d7f5b91 Makes the parser understand some missing configuration directives 
Directives:
 - SecPcreMatchLimitRecursion
 - SecPcreMatchLimit
 - SecResponseBodyMimeType
 - SecTmpDir
 - SecDataDir
 - SecArgumentSeparator
 - SecCookieFormat
 - SecStatusEngine

Those are not implemented yet, but the parser is now able to understand it.
 2015-08-20 13:04:54 -03:00
Felipe Zimmerle
a453a656c3 Fix continuation line and VARIABLENOCOLON 2015-08-19 23:12:34 -03:00
Felipe Zimmerle
0b225f0239 Parser: adds support to SecRequestBodyInMemoryLimit 2015-08-19 22:42:46 -03:00
Felipe Zimmerle
2d56aa521b Cosmetics: fix actions on yy file 
- added action for:
  ctl:requestBodyProcessor=XML
  ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
 2015-08-19 22:36:31 -03:00
Felipe Zimmerle
a230a4ff3c parser: Adds support for continuation lines 2015-08-19 17:20:43 -03:00
Felipe Zimmerle
ef99615401 parser: Understanding @pm if no operator is provided 2015-08-19 16:58:14 -03:00
Felipe Zimmerle
101fddfc9b Extends DICT_ELEMENT to support "-" 2015-08-18 22:19:32 -03:00
Felipe Zimmerle
d5bf955028 Using DetectionOnly instead of DetectOnly 2015-08-18 22:16:38 -03:00
Felipe Zimmerle
b7fb65fe65 seclanguage: ignore lines starting with "#" 2015-08-18 22:10:55 -03:00
Felipe Zimmerle
cff74e7cea Fix ValidateUrlEncoding corner case 2015-08-14 00:40:44 -03:00
Felipe Zimmerle
1de6d07dfd Adds support to the @detectSQLi operator 2015-08-14 00:30:28 -03:00
Felipe Zimmerle
4baee88eb3 Adds support to the @detectXSS operator 2015-08-13 23:38:57 -03:00
Felipe Zimmerle
ad65a1abea Adds @noMatch operator 2015-08-13 23:38:50 -03:00
Felipe Zimmerle
d5fe21ce3c Code cosmetics: reduce the amount of cppcheck warnings 2015-08-12 22:40:26 -03:00
Felipe Zimmerle
21400ba454 Adds support to the @verifyCC operator 2015-08-12 13:14:33 -03:00
Felipe Zimmerle
1b0a918330 Adds support to the @validateUrlEncoding operator 2015-08-11 18:01:39 -03:00
Felipe Zimmerle
b325834f1e Disables c++11 mutex, until we have a better approach 2015-08-11 17:12:05 -03:00
Felipe Zimmerle
2ff0a44df2 Eliminates the sec language grammar shift-reduce problem 2015-08-11 16:53:05 -03:00
Felipe Zimmerle
a324ff9317 Fix validate byte range table initizliation 2015-08-11 15:34:14 -03:00
Felipe Zimmerle
187be64edf Fix operator instantiation/selection 2015-08-11 15:07:50 -03:00
Felipe Zimmerle
9a7506f9e9 Adds support to the beginsWith operator 2015-08-11 15:07:50 -03:00
Felipe Zimmerle
209a3db47f Adds support to the @endsWith operator 2015-08-11 15:07:45 -03:00
Felipe Zimmerle
577736abb1 Code cosmetics: Fix the coding style. 2015-08-11 13:13:28 -03:00
Felipe Zimmerle
fb161a69a9 Removes some warnings by adding missing returns 2015-08-11 13:13:16 -03:00
Felipe Zimmerle
c5a4355348 Fix geolookup operator instantiation 2015-08-10 17:59:09 -03:00
Felipe Zimmerle
64cbb15335 Adds support to the @containsWord operator 2015-08-10 17:42:03 -03:00
Felipe Zimmerle
2f81b62d17 Adds missing return to ValidateByteRange::init 2015-08-10 17:41:17 -03:00
Felipe Zimmerle
b883888c03 Adds support to the operator @within 2015-08-10 15:39:03 -03:00
Felipe Zimmerle
218eab6417 Fix libgeoip lookup during the build 2015-08-10 15:22:32 -03:00
Felipe Zimmerle
f231df16ad Adds support to the ValidateUtf8Encoding operator 2015-08-10 14:51:27 -03:00
Felipe Zimmerle
9096055ea7 Reduces bison dependency to 3.0 2015-08-10 14:11:30 -03:00
Felipe Zimmerle
70c2621af3 Adds support to the strmatch operator 2015-08-10 14:03:15 -03:00
Felipe Zimmerle
f62e17c67c Adds support to the @eq operator 2015-08-10 13:37:39 -03:00
Felipe Zimmerle
9231f507bf Fill PATH_INFO with decoded value 2015-08-10 12:40:46 -03:00
Felipe Zimmerle
9431678f89 Adds missing return true on RequestBodyProcessor::Multipart 2015-08-10 12:34:47 -03:00
Felipe Zimmerle
317c71e815 Using raw uri value to feed QUERY_STRING variable 2015-08-10 11:18:15 -03:00
Felipe Zimmerle
70b25668b6 Checks if assay is set before calling the log method 
Assay may be not defined in the occasion of a unit test
 2015-08-10 00:33:27 -03:00
Felipe Zimmerle
ce0d81c0da Adds sanity check for inputs 2015-08-10 00:08:02 -03:00
Felipe Zimmerle
c06179f18e Adds support for Log and Rev actions 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
ad9393a8c2 Adds support for the tag action 2015-08-07 14:27:43 -03:00