github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,670 Commits 55 Branches 109 Tags
Commit Graph

3670 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ivanr
cd2287a412 Fix for an evasion false positive. 2007-11-08 18:12:51 +00:00
brectanus
83fb4b4da4 Fix more formatting errors/warnings on 64bit systems. 2007-11-07 20:22:09 +00:00
brectanus
7f71ae377c Fix another warning on %u used where %lu needed. 2007-11-07 20:00:26 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
faec5b8e9d Fix a possible loss of data warning when compiling 64bit reported by Marc Stern. 2007-10-23 22:16:39 +00:00
brectanus
2b346dd086 Updated input filter insertion code for sub-requests. 2007-10-17 23:07:00 +00:00
brectanus
8e99090067 Add the input filter if we have read the body (even if a sub-request). See #335. 2007-10-17 22:41:37 +00:00
brectanus
9d49adf028 Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258. 2007-10-17 19:59:28 +00:00
brectanus
974298a76c Added ctl:ruleRemoveById action. See #259. 2007-10-17 19:11:47 +00:00
brectanus
9efa02f423 Change ctl parameters to be case insensitive. 
Initial implementation of ctl:removeRuleById.  See #259.
 2007-10-16 00:14:42 +00:00
ivanr
f66e8c5b38 Document MULTIPART_CRLF_LF_LINES. 2007-10-15 18:27:42 +00:00
ivanr
b0d514478f Fix blocking multipart FP, which affected Safari. 2007-10-15 18:05:12 +00:00
ivanr
d5f3b9ce52 Fix multipart parser blocking FP with Safari ( 
(#317).
 2007-10-15 17:27:51 +00:00
brectanus
793b576701 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. 2007-10-15 16:50:36 +00:00
brectanus
b784e6cb73 Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123. 2007-10-03 00:23:46 +00:00
brectanus
83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. 
Added @containsWord.  See #182.
 2007-10-02 18:50:35 +00:00
ivanr
a6cf7957be Update ModSecurity chroot documentation. 2007-10-01 22:38:19 +00:00
brectanus
da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. 2007-10-01 22:35:52 +00:00
brectanus
e0e031d163 Oops, too fast to blame apr :) This bug was a forgotten NULL in the apr_pstrcat function. Apparently newer APRs can handle this. 2007-10-01 19:05:34 +00:00
brectanus
dc71842cee Revert to apr_psprintf (vs apr_pstrcat) to get around what appears to be an apr bug with FC4. 2007-10-01 18:45:06 +00:00
brectanus
9d4965b29e Fix macro expansion in setvar. See #126. 2007-10-01 17:24:10 +00:00
brectanus
2d526f1434 Fix typo in a comment. 2007-10-01 17:23:38 +00:00
brectanus
b661574973 Document the 'tag' action. See #276. 2007-09-28 22:16:37 +00:00
brectanus
27ba3027b7 Move init of msr->msc_rule_mptmp before msr storage. 2007-09-28 21:06:57 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
8b6f0e72a7 Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. 2007-09-27 21:38:33 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
86c9a9bf1f Cleanup CHANGES. 2007-09-26 21:39:45 +00:00
brectanus
9f898a0e0b Fixed comment. 2007-09-26 19:49:48 +00:00
brectanus
7c393c4874 Fixed the wrong status being displayed in the error page. See #3. 2007-09-26 19:47:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
brectanus
426ce1aea7 Fixed deprecatevar. See #59. 2007-09-25 21:40:04 +00:00
ivanr
a1955d09e3 Add crude performance measurement. 2007-09-24 23:59:42 +00:00
ivanr
009c3b0fa1 Document SecResponseBodyLimitAction. 2007-09-21 23:37:56 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
ivanr
59333a6a81 Update CHANGES. 2007-09-21 22:15:12 +00:00
ivanr
79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. 2007-09-21 19:46:53 +00:00
ivanr
dfe09ff1b0 Fix content injection C++ style comments. 2007-09-21 19:36:57 +00:00
ivanr
2a707d4370 Enable our output filters to intercept bodies of error responses (#65). 2007-09-21 19:06:54 +00:00
brectanus
eb6b456f5b Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255. 2007-09-21 00:20:31 +00:00
brectanus
b217e42624 Merge in fix for ErrorDocument. 2007-09-17 17:10:38 +00:00
brectanus
ad940d1ff9 Partially corrected the filter error code. See #3. 2007-09-14 23:01:58 +00:00
brectanus
53011819d4 Cleanup some doc formatting. 
Prepare trunk for use as 2.5.0-devN tree.
 2007-09-14 21:41:34 +00:00
brectanus
c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). 2007-09-14 21:00:56 +00:00
brectanus
8a54517f0d Updated copyright dates in xsl files. See #253. 2007-09-12 19:04:54 +00:00
brectanus
1e603d8a3e Detect and use new API calls to get the server version/banner when available. 2007-09-11 18:01:28 +00:00
brectanus
8549546b5e Add a cast to unsigned char * to avoid warning. 2007-09-11 17:59:14 +00:00
ivanr
b95cc3b372 Updated the manuals (trunk and the 2.1.x branch) to cover the new multipart stuff. More detail is needed but there is not enough time for that today. Also added back the impedance mismatch stuff and the PHP peculiarities. 2007-09-07 17:03:26 +00:00