github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,173 Commits 55 Branches 109 Tags
514abeb513fa64b9f9d44e91c8e4272e1772f495
Commit Graph

1064 Commits

Author SHA1 Message Date
Felipe Zimmerle
7c2dbf48cf Typo in the debuglogs for rules::getFinalVars 2017-07-24 22:18:00 -03:00
Felipe Zimmerle
e14dc602e5 Adds support to SecRuleUpdateTargetById 2017-07-04 13:13:13 -07:00
Felipe Zimmerle
fba9c20ea1 Adds initial support to SecRuleUpdateTargetByTag 2017-07-03 17:42:34 -07:00
Felipe Zimmerle
25175dd800 Adds support to verify CPF operator 2017-06-28 00:44:42 -03:00
Felipe Zimmerle
ad8182e2a8 Adds support to the verify ssn operator 2017-06-27 23:55:47 -03:00
David Buckle
d465c2f1a3 Removes the beauty of the JSON logging 
The beautify options makes the JSON easy to be read by human eyes.
No need to have pretty print JSON for production, as beautify the JSON
is not a hard task. Atop of that there are some disvantages to use the
JSON in pretty format, as described on the issue: #1472
 2017-06-27 08:39:58 -03:00
Felipe Zimmerle
1edd3570e1 Adds a set of sanity checks to validate API inputs (2 of 2) 2017-06-21 19:11:25 -07:00
Felipe Zimmerle
508a2b5a4a Adds sanity check on SecRemoteRules directive input 2017-06-21 19:08:12 -07:00
Felipe Zimmerle
49b7ea99e6 Adds a set of sanity checks to validate API inputs (1 of 2) 2017-06-21 12:59:19 -07:00
Felipe Zimmerle
f5b47a8077 Duplicates the url variable in the disruptive action 
The log message needs to be freed by the consumer. Doing the same with
the url to keep the API consistent.
 2017-06-19 18:32:17 -03:00
Felipe Zimmerle
c3a0d8d9bb Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
3ebc2d61fb Enables random number generation 2017-06-16 23:20:28 -03:00
Felipe Zimmerle
4726912ec8 Audit Log: Adds space after response size 
Reported at #1452
 2017-06-16 22:55:15 -03:00
Felipe Zimmerle
9cb3f23b50 Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
e795253ecf Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
2a5085255e Using multiple threads in reading logs via rule message example 2017-06-03 16:40:47 -03:00
Felipe Zimmerle
8fbb9e8128 Using pthreads to avoid concurrent access to the collection 2017-06-03 16:07:35 -03:00
Victor Hora
37868d1534 Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
a90b2a3ff7 Code cosmetics: init a vector. 2017-05-28 22:27:10 -03:00
Felipe Zimmerle
e1d3abc8e7 Removes memory leak on the counter variable modificator 2017-05-28 22:10:30 -03:00
Felipe Zimmerle
c49688fd7d Verify if a certain resource exists before do any other sanity check 2017-05-28 22:10:15 -03:00
Felipe Zimmerle
37619bae77 Removes local cache for transformations 2017-05-10 09:29:08 -03:00
Felipe Zimmerle
0e05b7bb8a Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
6421ff087a Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Michael Simpson
7e59250068 Fix JSON parsing error message 2017-04-24 16:37:35 -03:00
Felipe Zimmerle
e2bbe9858f XML Parser: removes unnecessary message from debug logs 
Fix #44
 2017-04-05 09:40:05 -03:00
Felipe Zimmerle
ba070c9eaa Speeds up utils::string::toupper function 2017-03-31 14:35:26 -03:00
Felipe Zimmerle
b3c8e97ff7 Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
c7053e572f Postponing the decision to whenever save or not a log message to the last rule 
Whenever there is a chained rule, the decision of saving a message on the
webserver's log will be taken after the execution of all actions on the chain,
including the default actions.
 2017-03-29 14:51:32 -03:00
Felipe Zimmerle
4d03ef512e Fix TX dictionary element name on logs 
Before this patch the element name was not being shown.
 2017-03-29 14:49:57 -03:00
Felipe Zimmerle
cf4deaa3a0 Using uint64_t instead of u_int64_t 2017-03-28 12:55:40 -03:00
Felipe Zimmerle
d15b57895b Fix the Multipart parser error for unknown content type 2017-03-28 09:38:10 -03:00
Felipe Zimmerle
eb12b15146 Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
dbcf5a7198 API CHANGE: Rules::merge signature was change to includes error msg 2017-03-23 09:52:39 -03:00
Felipe Zimmerle
5e59d19121 Improves macro expansion speed and variable set attribution 2017-03-23 08:53:51 -03:00
Felipe Zimmerle
f17da09fc0 Avoids call `toupper' twice while resolving a variable 2017-03-23 08:53:51 -03:00
Andrei Belov
85f98c8a66 Fix "make dist" after recent changes to parser 
In particular, it is now possible to either build ModSecurity
with pre-generated parser, or use "--enable-parser-generation"
configure option to rebuild parser from sources.
 2017-03-09 18:18:00 -03:00
Felipe Zimmerle
53485c7f74 Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e79712095b Minor fix in the decision on whenever the log callback should be called 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d2c5b31b17 Uses FILE instead of _IO_FILE 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2bd87d07d Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
c3cb23f47d Removes the ';' from the x-www-form-urlencoded body-processor comparison 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
d6363607aa Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
39761ce7b8 Discards the `charset' from the C-T while checking for body processors 
Issue #1330
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7ab192e90f Using method instead of procol in the audit logs. 
Issue #1331
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
fcad290152 Having the DebugLogs using the SharedFile schema 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7f9cd76619 Improvements on the SharedFiles class 
examples/multiprocess_c/multi
 2017-03-06 15:02:03 -03:00