github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,258 Commits 55 Branches 109 Tags
Commit Graph

2258 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ivanr
d5f3b9ce52 Fix multipart parser blocking FP with Safari ( 
(#317).
 2007-10-15 17:27:51 +00:00
brectanus
793b576701 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. 2007-10-15 16:50:36 +00:00
brectanus
b784e6cb73 Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123. 2007-10-03 00:23:46 +00:00
brectanus
83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. 
Added @containsWord.  See #182.
 2007-10-02 18:50:35 +00:00
ivanr
a6cf7957be Update ModSecurity chroot documentation. 2007-10-01 22:38:19 +00:00
brectanus
da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. 2007-10-01 22:35:52 +00:00
brectanus
e0e031d163 Oops, too fast to blame apr :) This bug was a forgotten NULL in the apr_pstrcat function. Apparently newer APRs can handle this. 2007-10-01 19:05:34 +00:00
brectanus
dc71842cee Revert to apr_psprintf (vs apr_pstrcat) to get around what appears to be an apr bug with FC4. 2007-10-01 18:45:06 +00:00
brectanus
9d4965b29e Fix macro expansion in setvar. See #126. 2007-10-01 17:24:10 +00:00
brectanus
2d526f1434 Fix typo in a comment. 2007-10-01 17:23:38 +00:00
brectanus
b661574973 Document the 'tag' action. See #276. 2007-09-28 22:16:37 +00:00
brectanus
27ba3027b7 Move init of msr->msc_rule_mptmp before msr storage. 2007-09-28 21:06:57 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
8b6f0e72a7 Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. 2007-09-27 21:38:33 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
86c9a9bf1f Cleanup CHANGES. 2007-09-26 21:39:45 +00:00
brectanus
9f898a0e0b Fixed comment. 2007-09-26 19:49:48 +00:00
brectanus
7c393c4874 Fixed the wrong status being displayed in the error page. See #3. 2007-09-26 19:47:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
brectanus
426ce1aea7 Fixed deprecatevar. See #59. 2007-09-25 21:40:04 +00:00
ivanr
a1955d09e3 Add crude performance measurement. 2007-09-24 23:59:42 +00:00
ivanr
009c3b0fa1 Document SecResponseBodyLimitAction. 2007-09-21 23:37:56 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
ivanr
59333a6a81 Update CHANGES. 2007-09-21 22:15:12 +00:00
ivanr
79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. 2007-09-21 19:46:53 +00:00
ivanr
dfe09ff1b0 Fix content injection C++ style comments. 2007-09-21 19:36:57 +00:00
ivanr
2a707d4370 Enable our output filters to intercept bodies of error responses (#65). 2007-09-21 19:06:54 +00:00
brectanus
eb6b456f5b Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255. 2007-09-21 00:20:31 +00:00
brectanus
b217e42624 Merge in fix for ErrorDocument. 2007-09-17 17:10:38 +00:00
brectanus
ad940d1ff9 Partially corrected the filter error code. See #3. 2007-09-14 23:01:58 +00:00
brectanus
53011819d4 Cleanup some doc formatting. 
Prepare trunk for use as 2.5.0-devN tree.
 2007-09-14 21:41:34 +00:00
brectanus
c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). 2007-09-14 21:00:56 +00:00
brectanus
8a54517f0d Updated copyright dates in xsl files. See #253. 2007-09-12 19:04:54 +00:00
brectanus
1e603d8a3e Detect and use new API calls to get the server version/banner when available. 2007-09-11 18:01:28 +00:00
brectanus
8549546b5e Add a cast to unsigned char * to avoid warning. 2007-09-11 17:59:14 +00:00
ivanr
b95cc3b372 Updated the manuals (trunk and the 2.1.x branch) to cover the new multipart stuff. More detail is needed but there is not enough time for that today. Also added back the impedance mismatch stuff and the PHP peculiarities. 2007-09-07 17:03:26 +00:00
ivanr
ba85c17b01 Update minimal configuration template to use strict multipart parsing. 2007-09-07 16:24:31 +00:00
ivanr
fa2b97ddb4 Tidy code. Small bug fixes. 2007-09-07 16:01:28 +00:00
ivanr
0769f2378c More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. 2007-09-07 13:16:40 +00:00
brectanus
d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. 2007-08-22 20:12:41 +00:00
brectanus
70e8246ae4 Update CHANGES. 2007-08-21 23:47:06 +00:00
brectanus
9e08017b32 Force rpaf and similar modules before mod_security2. 2007-08-21 23:44:19 +00:00
ivanr
9301461b33 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). 2007-08-20 16:09:48 +00:00
ivanr
608f7f2b44 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. 2007-08-20 15:25:05 +00:00
ivanr
239fa00957 Fix silly errors, typos. 2007-08-17 16:01:24 +00:00
ivanr
baf6f59dff Multipart parsing improvements. 2007-08-17 15:47:33 +00:00
brectanus
e275162463 Quiet "warning: int format, pid_t arg" type warnings. 2007-08-13 17:49:37 +00:00
ivanr
28d44486e3 Fixed data corruption in the multipart parser. 2007-08-10 15:59:54 +00:00