github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
791 Commits 55 Branches 109 Tags
658966a433db0006017f3e3ce3256b48dc972a3f
Commit Graph

268 Commits

Author SHA1 Message Date
b1v1r
658966a433 Remove ability to use relative paths to a piped audit logger. 2010-02-14 22:31:59 +00:00
b1v1r
cb2a82fa28 Fix memory leak freeing compiled regex (MODSEC-138). 2010-02-14 22:31:16 +00:00
b1v1r
5769afbef3 Use #pragma instead of #warning as it is not portable and treated as an error on Windows. 2010-02-11 17:44:02 +00:00
b1v1r
1b74aa52a7 Update versions for next release. 2010-02-11 17:43:50 +00:00
b1v1r
04fe141c73 Fixed SecUploadFileMode to set the correct mode (MODSEC-129). 2010-02-05 18:26:43 +00:00
b1v1r
b8509495d9 Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions (MODSEC-78, MODSEC-130) 2010-02-05 18:24:44 +00:00
b1v1r
fa483ce717 Added additional file info definitions introduced in APR 0.9.5 so that we will work with older APRs (IBM HTTP Server v6). 2010-02-05 18:21:09 +00:00
b1v1r
513c87ee45 Added SecUploadFileLimit (MODSEC-116). 2010-02-05 18:15:31 +00:00
b1v1r
3fccc35a5a Rewrote path normalization routine (MODSEC-123). 2010-02-05 18:14:08 +00:00
b1v1r
4b6f8eabe1 Trim whitespace around phrases used with @pmFromFile and allow for both LF and CRLF terminated lines (MODSEC-126). 2010-02-05 18:12:53 +00:00
b1v1r
e6699ca7bf Allow for more robust parsing for multipart header folding. Reported by Sogeti/ESEC R&D (MODSEC-118). Added additional multipart regression tests. 2010-02-05 18:11:36 +00:00
b1v1r
f33137ea66 Make sure to set variable name length. 2010-02-05 18:10:09 +00:00
b1v1r
589274903d Added PCRE limits and studying by default to help alleviate REDoS reported by Sogeti/ESEC R&D (MODSEC-119). 2010-02-05 18:09:19 +00:00
b1v1r
d66760d09c Fixed memory leak in v1 cookie parser reported by Sogeti/ESEC R&D (MODSEC-121). 2010-02-05 18:07:56 +00:00
b1v1r
7262e026d2 Now support macro expansion in numeric operators @eq, @ge, @lt, etc. (MODSEC-109). 2010-02-03 23:50:38 +00:00
b1v1r
bfe41347d2 Update copyright to 2010. 2010-02-03 23:50:24 +00:00
b1v1r
fdade740d4 Reserve Ivan an ID block. 2009-12-21 16:33:27 +00:00
ivanr
13d0245b6b Document changes 2009-12-14 18:49:18 +00:00
b1v1r
92e6c81530 Fix CHANGES. 2009-11-06 21:47:34 +00:00
b1v1r
1f9bd13efc Fix quoting for demo page. 2009-11-06 21:40:54 +00:00
b1v1r
d33f656b93 Fixed parsing quoted strings in multipart Content-Disposition headers. 2009-11-05 19:36:32 +00:00
b1v1r
92cff5c58e Cleanup persistent locking (MODSEC-97). 2009-11-05 01:26:17 +00:00
b1v1r
68b95b3c24 Cleanup mlogc logging and add note recommending against gnutls for SSL/TLS. 2009-11-04 06:58:50 +00:00
b1v1r
a73da836e2 Do not log output filter errors to the error log (MODSEC-70). 2009-11-04 00:12:33 +00:00
b1v1r
76969fea1d Moved output filter to run before other stock filters (MODSEC-89). 2009-11-03 23:49:36 +00:00
b1v1r
0c7559ee6a Cleanup mlogc so it builds on Windows. 2009-09-18 17:57:59 +00:00
b1v1r
c8b28800d2 Cleanup CHANGELOG and version for 2.5.10 release. 2009-09-18 07:36:18 +00:00
b1v1r
3afae2ff91 Attempt to handle Apache filter error codes instead of incorrectly looking them up as APR error codes. 2009-08-27 07:38:26 +00:00
b1v1r
7333260b9b Added SecAuditLogDirMode and SecAuditLogFileMode (MODSEC-82). 
Cleaned up SecUploadFileMode implementation.
 2009-08-25 00:29:56 +00:00
b1v1r
9934c5c26a Cleanup/simplify the build/find_* scripts. 2009-08-13 06:25:06 +00:00
b1v1r
d25d740c94 Update version for 2.5.10-dev2. 2009-08-12 22:24:13 +00:00
b1v1r
0680e9e71a Fixed crash on configuration if SecMarker is used before any rules. 
Fixed SecRuleUpdateActionById so that it will work on chain starters (MODSEC-37).
 2009-08-12 21:41:15 +00:00
b1v1r
9a5cf44fda Cleanup build for mlogc (MODSEC-83). 2009-08-12 18:43:57 +00:00
b1v1r
040f53733b Update version release dates for 2.5.10-dev1. 2009-07-27 22:27:26 +00:00
b1v1r
206eb02bd1 Allow mlogc to periodically flush memory pools (MODSEC-68). 2009-07-24 05:04:55 +00:00
b1v1r
b77784c3ee Always log the message in the auditlog if "auditlog" is used (MODSEC-78). 2009-07-23 21:26:19 +00:00
b1v1r
6ee2c6e5f8 Update CHANGES. 2009-07-22 17:44:37 +00:00
b1v1r
64fcb6e129 Update CHANGES with fix for MODSEC-47. 2009-06-15 21:09:14 +00:00
b1v1r
c99f8fa2c9 Escape and reformat XML errors/warnings to avoid breaking audit log format. 2009-05-31 08:37:47 +00:00
b1v1r
b5204a86ab Fixed an issue where @pm was not ignoring case. 
Documented case insensitivity of @pm.
 2009-05-29 20:46:24 +00:00
b1v1r
13a6b73f80 Truncate long parameters in log message (MODSEC-39). 2009-05-21 06:19:36 +00:00
b1v1r
c13980062e Correctly resolve chained rule actions in logs (MODSEC-53). 2009-05-21 05:32:02 +00:00
b1v1r
3c0cfbd3ef Cleanup code for AIX and better non-gcc support (MODSEC-55). 2009-05-16 10:34:57 +00:00
b1v1r
6359a86a38 Populate GEO:COUNTRY_NAME and GEO:COUNTRY_CONTINENT as documented (MODSEC-45). 
Handle a newer geo database, avoiding a potential crash.
Allow checking &GEO "@eq 0" for a failed @geoLookup.
 2009-05-16 07:44:58 +00:00
b1v1r
a61db59438 Fixed mlogc global mutex locking issue (MODSEC-20 and maybe MODSEC-47). 
Increased default mlogc StartupDelay to 5000 ms.
Added more verbose debugging to mlogc error log level 4 and 5.
 2009-05-16 03:56:16 +00:00
b1v1r
8a11b7cee7 Cleaned up build dependencies and configure options. 2009-04-01 18:51:10 +00:00
b1v1r
9df6afce9c Update CHANGES and fix invalid merge in doc. 2009-03-12 06:12:22 +00:00
b1v1r
97836ef503 Added ability to specify the config script directly using --with-apr and --with-apu. 2009-03-06 05:43:03 +00:00
b1v1r
2370606d70 Updated copyright year to 2009. 2009-03-06 05:32:03 +00:00
b1v1r
993c718eb0 Added macro expansion for append/prepend action. 2009-03-06 05:28:12 +00:00