github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,693 Commits 55 Branches 109 Tags
52c1d48085cdf258c5982e1e2d07504b1bc00cd1
Commit Graph

3693 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
e795253ecf Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
2a5085255e Using multiple threads in reading logs via rule message example 2017-06-03 16:40:47 -03:00
Felipe Zimmerle
8fbb9e8128 Using pthreads to avoid concurrent access to the collection 2017-06-03 16:07:35 -03:00
Victor Hora
37868d1534 Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
a90b2a3ff7 Code cosmetics: init a vector. 2017-05-28 22:27:10 -03:00
Felipe Zimmerle
e1d3abc8e7 Removes memory leak on the counter variable modificator 2017-05-28 22:10:30 -03:00
Felipe Zimmerle
c49688fd7d Verify if a certain resource exists before do any other sanity check 2017-05-28 22:10:15 -03:00
Felipe Zimmerle
6143eb99e3 Removes LMDB from the default configuration options 2017-05-10 12:50:38 -03:00
Felipe Zimmerle
37619bae77 Removes local cache for transformations 2017-05-10 09:29:08 -03:00
Felipe Zimmerle
0e05b7bb8a Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
77a658c7cd Updates libinjection version 2017-04-27 18:35:01 -03:00
Felipe Zimmerle
6421ff087a Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Michael Simpson
7e59250068 Fix JSON parsing error message 2017-04-24 16:37:35 -03:00
Chaim Sanders
b58f713fe9 add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:49:45 -03:00
Felipe Zimmerle
e2bbe9858f XML Parser: removes unnecessary message from debug logs 
Fix #44
 2017-04-05 09:40:05 -03:00
Felipe Zimmerle
ba070c9eaa Speeds up utils::string::toupper function 2017-03-31 14:35:26 -03:00
Felipe Zimmerle
b3c8e97ff7 Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
c7053e572f Postponing the decision to whenever save or not a log message to the last rule 
Whenever there is a chained rule, the decision of saving a message on the
webserver's log will be taken after the execution of all actions on the chain,
including the default actions.
 2017-03-29 14:51:32 -03:00
Felipe Zimmerle
4d03ef512e Fix TX dictionary element name on logs 
Before this patch the element name was not being shown.
 2017-03-29 14:49:57 -03:00
Felipe Zimmerle
5f60bb5224 Yet another fix on the debuglogs merge 2017-03-28 18:11:31 -03:00
Felipe Zimmerle
cf4deaa3a0 Using uint64_t instead of u_int64_t 2017-03-28 12:55:40 -03:00
Felipe Zimmerle
d15b57895b Fix the Multipart parser error for unknown content type 2017-03-28 09:38:10 -03:00
Felipe Zimmerle
80cfca6fa3 Fix the debug log level merge function 2017-03-27 14:09:42 -03:00
Felipe Zimmerle
2a54bf23e5 Fix the debug log merge function 2017-03-27 11:30:26 -03:00
Felipe Zimmerle
eb12b15146 Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
dbcf5a7198 API CHANGE: Rules::merge signature was change to includes error msg 2017-03-23 09:52:39 -03:00
Felipe Zimmerle
5e59d19121 Improves macro expansion speed and variable set attribution 2017-03-23 08:53:51 -03:00
Felipe Zimmerle
f17da09fc0 Avoids call `toupper' twice while resolving a variable 2017-03-23 08:53:51 -03:00
Andrei Belov
85f98c8a66 Fix "make dist" after recent changes to parser 
In particular, it is now possible to either build ModSecurity
with pre-generated parser, or use "--enable-parser-generation"
configure option to rebuild parser from sources.
 2017-03-09 18:18:00 -03:00
Felipe Zimmerle
c290c73f9b Updates travis' badge 2017-03-08 09:44:17 -03:00
Felipe Zimmerle
53485c7f74 Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e79712095b Minor fix in the decision on whenever the log callback should be called 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
9ea5b475b2 Fix missing initialization on rules-check utility 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
6d61bd6b57 Adds rules-check utility 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d2c5b31b17 Uses FILE instead of _IO_FILE 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2bd87d07d Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
c3cb23f47d Removes the ';' from the x-www-form-urlencoded body-processor comparison 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
d6363607aa Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
39761ce7b8 Discards the `charset' from the C-T while checking for body processors 
Issue #1330
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7ab192e90f Using method instead of procol in the audit logs. 
Issue #1331
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
fcad290152 Having the DebugLogs using the SharedFile schema 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7f9cd76619 Improvements on the SharedFiles class 
examples/multiprocess_c/multi
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
01c13da510 Fix segfault due to invalid memory access on SharedFiles class 
Issue #1318
 2017-03-06 15:02:03 -03:00
David Testé
87f6b478fb Fix typo in returned string 2017-03-06 15:02:03 -03:00
David Testé
cc25390dc9 Fix copy/paste typo 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
027d50b76b Adds first version of `processContentOffset' 
This commit also includes an example application on how to use the
`processContentOffset' method.
 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
7aae5dc183 Fix Regex::searchAll to behave like global modifier 2017-03-06 15:02:02 -03:00