github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,582 Commits 55 Branches 109 Tags
Commit Graph

3582 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
brectanus
800cfc2cc2 Added missing #else block for printf attributes. 2007-11-27 00:17:50 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
ivanr
6ca5b831fb Document SecComponentSignature. Update CHANGES. 2007-11-26 16:22:33 +00:00
ivanr
b163864ba7 Implemented SecComponentSignature. 2007-11-26 16:05:56 +00:00
ivanr
e467d3cac0 Unified messages in the error log and in the audit log. 2007-11-26 15:39:37 +00:00
ivanr
f0be2ff6b0 Added warning message when XML request body parser fails. 2007-11-26 15:05:48 +00:00
brectanus
2cefbda2e3 Fix quotes in an example. 2007-11-19 17:19:13 +00:00
brectanus
40c5b2004f Remove extraneous 'void *' cast. 2007-11-15 19:11:59 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
ivanr
b9defc0adb Warn in the debug log when request body processing fails. 2007-11-08 18:20:24 +00:00
ivanr
cd2287a412 Fix for an evasion false positive. 2007-11-08 18:12:51 +00:00
brectanus
83fb4b4da4 Fix more formatting errors/warnings on 64bit systems. 2007-11-07 20:22:09 +00:00
brectanus
7f71ae377c Fix another warning on %u used where %lu needed. 2007-11-07 20:00:26 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
faec5b8e9d Fix a possible loss of data warning when compiling 64bit reported by Marc Stern. 2007-10-23 22:16:39 +00:00
brectanus
2b346dd086 Updated input filter insertion code for sub-requests. 2007-10-17 23:07:00 +00:00
brectanus
8e99090067 Add the input filter if we have read the body (even if a sub-request). See #335. 2007-10-17 22:41:37 +00:00
brectanus
9d49adf028 Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258. 2007-10-17 19:59:28 +00:00
brectanus
974298a76c Added ctl:ruleRemoveById action. See #259. 2007-10-17 19:11:47 +00:00
brectanus
9efa02f423 Change ctl parameters to be case insensitive. 
Initial implementation of ctl:removeRuleById.  See #259.
 2007-10-16 00:14:42 +00:00
ivanr
f66e8c5b38 Document MULTIPART_CRLF_LF_LINES. 2007-10-15 18:27:42 +00:00
ivanr
b0d514478f Fix blocking multipart FP, which affected Safari. 2007-10-15 18:05:12 +00:00
ivanr
d5f3b9ce52 Fix multipart parser blocking FP with Safari ( 
(#317).
 2007-10-15 17:27:51 +00:00
brectanus
793b576701 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. 2007-10-15 16:50:36 +00:00
brectanus
b784e6cb73 Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123. 2007-10-03 00:23:46 +00:00
brectanus
83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. 
Added @containsWord.  See #182.
 2007-10-02 18:50:35 +00:00
ivanr
a6cf7957be Update ModSecurity chroot documentation. 2007-10-01 22:38:19 +00:00
brectanus
da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. 2007-10-01 22:35:52 +00:00
brectanus
e0e031d163 Oops, too fast to blame apr :) This bug was a forgotten NULL in the apr_pstrcat function. Apparently newer APRs can handle this. 2007-10-01 19:05:34 +00:00
brectanus
dc71842cee Revert to apr_psprintf (vs apr_pstrcat) to get around what appears to be an apr bug with FC4. 2007-10-01 18:45:06 +00:00
brectanus
9d4965b29e Fix macro expansion in setvar. See #126. 2007-10-01 17:24:10 +00:00
brectanus
2d526f1434 Fix typo in a comment. 2007-10-01 17:23:38 +00:00
brectanus
b661574973 Document the 'tag' action. See #276. 2007-09-28 22:16:37 +00:00
brectanus
27ba3027b7 Move init of msr->msc_rule_mptmp before msr storage. 2007-09-28 21:06:57 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
8b6f0e72a7 Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. 2007-09-27 21:38:33 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
86c9a9bf1f Cleanup CHANGES. 2007-09-26 21:39:45 +00:00
brectanus
9f898a0e0b Fixed comment. 2007-09-26 19:49:48 +00:00
brectanus
7c393c4874 Fixed the wrong status being displayed in the error page. See #3. 2007-09-26 19:47:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
brectanus
426ce1aea7 Fixed deprecatevar. See #59. 2007-09-25 21:40:04 +00:00
ivanr
a1955d09e3 Add crude performance measurement. 2007-09-24 23:59:42 +00:00
ivanr
009c3b0fa1 Document SecResponseBodyLimitAction. 2007-09-21 23:37:56 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
ivanr
59333a6a81 Update CHANGES. 2007-09-21 22:15:12 +00:00