github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,583 Commits 55 Branches 109 Tags
Commit Graph

69 Commits

Author SHA1 Message Date
Felipe Zimmerle
87a401af05 Fix remote resources download while hosting SSL site on Apache 
As reported by Christian Folin and Walter Hop on our dev mailing list, Apache
mod_ssl was failing if a remote resource was utilized. That was happening
because Curl clean up was also cleaning up the OpenSSL data used by mod_ssl.
This patch moves Curl initialization to happens while ModSecurity is
initialized.
 2014-12-11 12:39:27 -08:00
Felipe Zimmerle
9b836b652a Initial support to load rules from a remote server 
New directive `SecRemoteRules' was added. It allows the user to load a
set of rules from a given HTTP server.
 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Ulisses Albuquerque
c23097ce18 Added support for JSON body processor 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
d93ce9ceee Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables 
This variable is a combination from REQUEST_LINE, REQUEST_HEADERS and
REQUEST_BODY (if any). Expects for \n\n in between each of those values.
 2014-03-31 07:14:55 -07:00
Breno Silva
f8d441cd25 Fix Chunked string case sensitive issue - CVE-2013-5705 2013-09-04 08:57:07 -03:00
Breno Silva
3901128f17 Revert "Fix Chuncked string case sensitive issue" 
This reverts commit 16a815a3c2735f62238ef99af26090a2b8430d3d.
 2013-09-04 08:53:40 -03:00
Breno Silva
16a815a3c2 Fix Chuncked string case sensitive issue 2013-09-04 08:43:34 -03:00
Breno Silva
eb95384577 Fixed: SecPerfRuleTimes storing unwanted rules 2013-04-23 18:52:20 -04:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
213cd1e840 Fixed: detect comma plus white space as a cookie separator - change variable names 2013-01-05 12:11:18 -04:00
Breno Silva
80146b2c74 Fixed: detect comma plus white space as a cookie separator 2013-01-05 09:48:49 -04:00
brenosilva
dc83528526 MODSEC-261 2012-10-04 15:53:40 +00:00
brenosilva
919e3f5e29 Reverted SecCookiev0Separator 2012-10-03 17:33:37 +00:00
brenosilva
aee22ea461 MODSEC-261 2012-10-03 13:49:00 +00:00
brenosilva
592ec392d1 Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 2012-08-02 18:04:53 +00:00
brenosilva
f0fab2a803 Fix apache 2.4 compilation issue during make test 2012-05-14 23:08:11 +00:00
brenosilva
866cb6d6b4 Update trunk for 2.7 2012-05-10 23:18:39 +00:00
brenosilva
d4079971c6 MODSEC-160 2011-10-14 13:32:30 +00:00
brenosilva
3d69126de0 Build and code fixes 2011-06-14 18:16:55 +00:00
brenosilva
e1025d0f0c Change apr version macro by apache one 2011-05-18 18:33:20 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
1a2d377e34 MODSEC-178 2011-03-28 18:47:58 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
c04a4edb4b MODSEC-144 2011-03-11 18:48:58 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
058283fb5a Add the ability to build custom request body parser extensions. 
Add an example for a request body parser extension.
 2010-05-05 23:01:11 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
ed11e27e0f Moving performance logging from level 3 to level 4 to prevent it from polluting the error log 2010-02-04 08:39:26 +00:00
ivanr
e0f1608408 Move writing to collections and GC earlier so that the results can be logged. 2010-02-03 08:59:33 +00:00
ivanr
0ecfe86c3c Add PERF_GC. 2010-02-03 08:46:42 +00:00
ivanr
5448b3fc26 Log the duration of garbage collection at level 3. 2010-02-03 07:29:54 +00:00
ivanr
bc35ab7e0b Implement variables for access to performance measurements. 2010-02-01 11:44:32 +00:00
ivanr
7b56982f26 Implemented a new time-measuring mechanism. Added Stopwatch2. 2010-02-01 09:42:23 +00:00
ivanr
6d5e752cb3 Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered 2009-12-12 14:21:17 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
ivanr
8fe278e845 Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility. 2009-10-29 17:57:18 +00:00
b1v1r
73fb8eae5d Merge latest 2.5.x changes to trunk. 2009-07-24 05:11:45 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
(no author)
4a336dadf2 Removed an invalid "Internal error" message forcing auditing of a request (MODSEC-29). 
Cleaned up error messages prior to using send_error_bucket().
 2008-10-21 17:45:18 +00:00
brectanus
34798e9abe Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
brectanus
20cc395510 Added mlogc source. 2008-09-02 23:10:36 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
0b1e2d674a Fix a minor typo in a comment. 2008-06-05 17:01:42 +00:00
ivanr
e1e200c005 Disabled phase 5 after interception by mistake. Fixed 2008-06-05 14:57:05 +00:00
ivanr
c3fd0231d0 Prevent phases from being processed more than once. 2008-06-05 14:52:48 +00:00
brectanus
6241dfe961 Fixed XML multithreading crash. See #501. 2008-05-30 20:01:44 +00:00
brectanus
f394c6faa2 Add atomic updates for persistent counters. See #20. 2008-05-13 00:05:02 +00:00
brectanus
5f09dbb3ee Sync up trunk with changes from 2.5.x. 2008-03-28 17:06:44 +00:00