github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
750 Commits 55 Branches 109 Tags
Commit Graph

111 Commits

Author SHA1 Message Date
ivanr
23c3237d1c Added missing log level checks before logging. 2009-12-07 17:27:39 +00:00
b1v1r
9d26b16e23 Merge 2.5.x changes into trunk. 2009-05-16 07:54:17 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
c5e258f0ba Added additional check for XML well formed. 2008-09-10 18:32:24 +00:00
brectanus
f20059b009 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. 2008-09-03 22:16:42 +00:00
brectanus
5298e29540 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
aef091a849 Reverted r950 which moved the periods from the message to after the "[offset ...]" tag. This tag was intended to be interpreted as metadata. 
Enhanced the documentation from r951 to reflect "[offset ...]" as metadata and not the message.
 2008-02-15 23:05:30 +00:00
ivanr
258ef32adb Minor changes to operator messages. 2008-02-14 15:40:38 +00:00
brectanus
cc2110b187 Updates to build on Windows with MS VC++ 8. 2008-02-13 07:10:54 +00:00
brectanus
8e43107827 Add target name to validateUrlEncoding message. 2008-02-08 01:17:46 +00:00
brectanus
16b2821d51 Update string match text for @within to not include the target test. 
Make sure the empty string always matches (it does in @rx and @m so it should in other string operators).
 2008-02-08 00:04:09 +00:00
brectanus
827a5831e2 A pattern of "" (empty string) should always match. 2008-02-07 23:21:31 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
246ed9cbc5 Make sure a zero-length CC# does not verify. 2007-12-20 19:19:34 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
brectanus
4e7c243c39 Make libxml2 *required*. 2007-12-19 18:13:41 +00:00
brectanus
5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). 2007-12-19 00:26:19 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. 
Added @containsWord.  See #182.
 2007-10-02 18:50:35 +00:00
brectanus
da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. 2007-10-01 22:35:52 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
2ec596e83a Fix error message in validateByteRange to include the target variable name. See #157. 2007-08-08 15:16:26 +00:00
brectanus
3e5e2a06b7 Stricter validation for @validateUtf8Encoding. 
Capture the match in TX:0 when using "capture" action w/@pm operators.
 2007-07-31 19:04:07 +00:00
brectanus
19887f9cc6 Added @within string comparison operator with support for macro expansion. See #134. 2007-06-21 02:21:06 +00:00
brectanus
b58efb3466 Update CHANGES. 
Reversion from 2.2. to 2.5.
Update @pmFromFile to base relative filenames off of rule file path.
 2007-06-20 19:58:01 +00:00
brectanus
81d0f84ad3 Update copyright text to Breach Security, Inc. 
Merge in changes from branches/2.1.x
 2007-06-14 16:05:45 +00:00
brectanus
11456dd87a Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16. 2007-06-04 20:16:48 +00:00
brectanus
f1607d007b Cleanup message output. See #16. 2007-06-01 15:21:04 +00:00
brectanus
e887faac2b Add @pm/@pmfile operators (parallel patch). See #16. 2007-05-30 22:02:35 +00:00
brectanus
c594c205c3 Fix new string operators to all resolve macros. 
Rename startsWith operator in code to match docs.
See #54.
 2007-05-29 14:58:05 +00:00
brectanus
a627e96c75 Lessen "capture" debug log messages. 2007-05-17 12:02:59 +00:00
brectanus
e03ea11f9a Only calculate debug data when we are debugging. 2007-05-16 19:48:21 +00:00