github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
317 Commits 55 Branches 109 Tags
Commit Graph

317 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
brectanus
d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. 2007-08-22 20:12:41 +00:00
brectanus
70e8246ae4 Update CHANGES. 2007-08-21 23:47:06 +00:00
brectanus
9e08017b32 Force rpaf and similar modules before mod_security2. 2007-08-21 23:44:19 +00:00
ivanr
9301461b33 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). 2007-08-20 16:09:48 +00:00
ivanr
608f7f2b44 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. 2007-08-20 15:25:05 +00:00
ivanr
239fa00957 Fix silly errors, typos. 2007-08-17 16:01:24 +00:00
ivanr
baf6f59dff Multipart parsing improvements. 2007-08-17 15:47:33 +00:00
brectanus
e275162463 Quiet "warning: int format, pid_t arg" type warnings. 2007-08-13 17:49:37 +00:00
ivanr
28d44486e3 Fixed data corruption in the multipart parser. 2007-08-10 15:59:54 +00:00
ivanr
222f1f6f78 Cleanup. MULTIPART_STRICT_ERROR now returns 1 on parsing error too. 2007-08-10 15:04:42 +00:00
ivanr
323f9f81a0 Better discovery of partial quoting evasion. 2007-08-10 14:51:55 +00:00
ivanr
b1949b7ebc Another check for evasion through partial quoting of multipart boundary. 2007-08-10 14:40:22 +00:00
ivanr
d0ac05c3ea Add check for evasion using double quote inside multipart boundary. 2007-08-10 14:37:04 +00:00
ivanr
25fb1b2629 Moved XML request body processor error to debug level 1. 2007-08-10 14:25:44 +00:00
ivanr
5898e9e116 Fixed a potential segmentation fault, introduced with recent changes. 2007-08-10 14:24:13 +00:00
brectanus
7c856eef1f Fix typo and make clearer the intent by using defined(). See #198. 2007-08-10 13:44:55 +00:00
ivanr
716d0fd419 Added a check for nul bytes in multipart part headers. 2007-08-10 10:17:36 +00:00
ivanr
c85773b343 Added MULTIPART_UNMATCHED_BOUNDARY. Not very reliable, as it detects anything that looks like a boundary, which means any line that begins with -- but we don't think it's a boundary. 2007-08-10 09:59:57 +00:00
ivanr
70324713e4 Added checks to detect quoted boundary evasion (although we are not susceptable any more) and to detect duplicate final bounary. 2007-08-10 08:36:24 +00:00
brectanus
32905f9d46 Add ability to compile without API support (-DNO_MODSEC_API). See #198. 2007-08-10 00:46:04 +00:00
brectanus
f4389c9a55 Update docs and CHANGES for logdata action. 2007-08-10 00:44:20 +00:00
brectanus
8f6385f784 Added logdata action (still needs byte limit). See #40. 2007-08-10 00:22:15 +00:00
ivanr
765dfd0274 Fixed typo. 2007-08-09 15:30:47 +00:00
brectanus
9cfdd8f0d2 Rename TX_SEVERITY to HIGHEST_SEVERITY, fix and document. 2007-08-09 14:32:02 +00:00
brectanus
b71687c7f7 Add ARGS_GET* and ARGS_POST docs. 2007-08-09 13:26:19 +00:00
ivanr
c520886e10 Detect and prevent multipart evasion. 2007-08-09 10:50:53 +00:00
ivanr
cb0cb93752 Sorted variables in the registration code. 2007-08-09 10:17:42 +00:00
brectanus
648037fdb5 Added TX_SEVERITY variable. See #60. 2007-08-08 22:11:02 +00:00
brectanus
d2fd881c00 Fix typo in CHANGES. 2007-08-08 20:53:00 +00:00
brectanus
f41c27a28c Added ARGS_GET, ARGS_POST, ARGS_GET_NAME, ARGS_POST_NAMES variables. See #136. 2007-08-08 20:49:51 +00:00
brectanus
fe8c564ed0 Added MODSEC_BUILD variable. See #38. 2007-08-08 18:25:03 +00:00
brectanus
2ec596e83a Fix error message in validateByteRange to include the target variable name. See #157. 2007-08-08 15:16:26 +00:00
brectanus
5a6ce01429 Added logging of target variable expansion. See #62. 2007-08-08 14:48:49 +00:00
brectanus
820ba5f1d2 Add debug message when not buffering response body due to MIME type not configured. See trac #63. 2007-08-06 20:51:21 +00:00
ivanr
892938dee4 Enhanced multipart parsing to support quotted boundaries and LF line terminators (RFC demands CRLF but some applications use only LF). 2007-08-06 14:55:18 +00:00
brectanus
9695f2b816 Improvements in transformation cache (add options, document). 
Update CHANGES.
 2007-08-03 20:25:30 +00:00
brectanus
43f7fa72f5 Remove non-ASCII characters. 2007-08-02 21:20:32 +00:00
brectanus
b761c1c01c Merge in some doc changes. 
Fix some doc formatting issues.
Update the CHANGES file.
 2007-08-02 20:40:37 +00:00
brectanus
72832c1b32 Working on cache enhancements. See trac #14. 2007-08-02 20:25:06 +00:00
brectanus
3e5e2a06b7 Stricter validation for @validateUtf8Encoding. 
Capture the match in TX:0 when using "capture" action w/@pm operators.
 2007-07-31 19:04:07 +00:00
brectanus
5a38dde99b Disable XML parsing by default in the included core rules. 2007-07-30 15:34:46 +00:00
ivanr
bafe8ad773 Remove old comment. 2007-07-27 13:31:31 +00:00
ivanr
31f119664f Updated README files to refer to GPLv2. 2007-07-27 12:45:09 +00:00
ivanr
3facacf92a Emphasize the need to check REQBODY_PROCESSOR_ERROR in configuration example. 2007-07-27 12:38:54 +00:00
ivanr
73706c8bc6 Update documentation to emphasize the importance of REQBODY_PROCESSOR_ERROR handling. 2007-07-27 12:31:19 +00:00
brectanus
8b9d914ed0 Merge in code fixes to create msr context on request failure. 2007-07-23 22:14:09 +00:00
brectanus
4d03b029f1 Remove the error message on a failed request so we can handle it in a pater phase. 2007-07-19 14:45:43 +00:00
brectanus
9be72c39d1 Update to core rules 1.4.3 2007-07-19 14:18:42 +00:00
brectanus
e251a9bd57 Add back code to send an alert on request failure. 2007-07-19 13:33:46 +00:00
ivanr
656021c20e Fix typo. 2007-07-17 09:01:13 +00:00