558 Commits

Author	SHA1	Message	Date
Martin Vierula	76ce6739bf	Correct previous CHANGES update	2021-12-30 09:55:44 -08:00
Martin Vierula	630b1e0a46	CHANGES: Adds info about #2635	2021-12-30 09:47:53 -08:00
Martin Vierula	f34b49f666	Multipart names may include single quote if double-quote enclosed	2021-12-23 08:02:43 -08:00
Martin Vierula	0275c8847b	Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended	2021-12-21 06:18:53 -08:00
Martin Vierula	13e8be83c5	CHANGES: Preparing for next version	2021-12-20 06:38:45 -08:00
Martin Vierula	c3d7f4b560	Change release version to v3.0.6	2021-11-19 11:23:27 -08:00
Martin Vierula	ac79c1c29b	Support configurable limit on depth of JSON parsing	2021-11-15 18:51:25 -08:00
Felipe Zimmerle	873a94a73f	CHANGES: Preparing for a next version	2021-07-09 10:21:10 -03:00
Felipe Zimmerle	bf881a4eda	Change release version to v3.0.5	2021-07-07 10:13:14 -03:00
martinhsv	cd5fba8974	Handle URI received with uri-fragment	2021-07-05 14:51:21 -03:00
Felipe Zimmerle	9764b1fb3b	CHANGES: Fix entry for ARGS_NAMES	2021-01-25 14:59:17 -03:00
Dmitri Toubelis	102f4bdd91	Make the configure step more reliable ... Iyt appears that in cross compile environments the location of the "current" directory cannot be assumed. This fix makes it explicit.	2021-01-25 09:26:51 -03:00
martinhsv	fbea73120c	Fix: FILES variable does not use multipart part name for key	2021-01-24 15:06:30 -03:00
Felipe Zimmerle	f1f2527c03	Using setenv instead of putenv on SetEnv action	2021-01-24 14:59:59 -03:00
Felipe Zimmerle	e6bdadeb69	tests: Prints test number on segfault	2021-01-13 13:38:38 -03:00
Felipe Zimmerle	f18595f428	Makes regular expression selection on collections key case insensitive ... This issue was initially reported by @michaelgranzow-avi on #2296. @airween made an initial attempt to provide a fixed at #2107; As a consequence of the pull request review - provided by @victorhora, @zimmerle, and @michaelgranzow-avi - @airween made a second attempt at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed the essential pieces from @airween patch into this one. This patch differs from @airween's because @airween's patches were partially working: Key exclusions with regex weren't covered, same for anchored variables (e.g. ARGS). During the review, I have highlighted the importance of having elementary test cases. A simple test case on ARGS could spot the issue. Since that is an important fix, I don't want to hold this for one more review cycle; therefore, I am committing the fix myself. Thank you all involved in the solution of this very own issue.	2020-12-10 10:05:07 -03:00
martinhsv	d72be1c470	Fix: Only delete Multipart tmp files after rules have run	2020-11-04 13:50:07 -03:00
Michael Granzow	1b7aa42c77	Issue-2423: Meta-actions like 'msg' should be applied at end of chain	2020-10-29 10:33:02 -03:00
martinhsv	2672db103e	Add support for new operator rxGlobal	2020-10-26 08:55:07 -03:00
Felipe Zimmerle	785958f9b5	Fix maxminddb link on FreeBSD ... Issue #2131	2020-10-23 14:44:54 -03:00
martinhsv	8436c78993	Fix IP address logging in Section A	2020-10-16 13:14:42 -07:00
Felipe Zimmerle	9e6d8b7bbc	CHANGES: Adds support to lua 5.4	2020-08-17 11:35:51 -03:00
Felipe Zimmerle	51d06d7a8e	CHANGES: Adds info about #2378	2020-07-30 13:51:33 -03:00
martinhsv	b9620c26a0	rx:exit after full match; fix TX population after unused group	2020-06-29 06:13:45 -07:00
martinhsv	07ce43cceb	Correct CHANGES file entry for #2234	2020-06-18 07:12:25 -07:00
martinhsv	a1547eaa32	Regression tests: audit log compare support and test cases	2020-03-31 15:01:26 -03:00
martinhsv	f57265a3e2	Support configurable limit on number of arguments processed	2020-02-14 11:00:01 -03:00
martinhsv	136db3e582	Multipart Content-Disposition should allow filename* field	2020-02-11 10:29:38 -03:00
martinhsv	1b1fdc055b	Fix rule-update-target exclusions for plain (non-regex) variables	2020-02-11 09:42:37 -03:00
Felipe Zimmerle	f7e4c1d9f5	CHANGES: Adds info about #2235	2020-02-04 11:05:33 -03:00
Felipe Zimmerle	2b09e7e01d	CHANGES: Adds info about #2253	2020-02-04 10:53:22 -03:00
Felipe Zimmerle	7c6bf810e4	CHANGES: Preparing to 3.0.4+	2020-01-14 11:02:44 -03:00
Felipe Zimmerle	753145fbd1	Change release version to v3.0.4	2020-01-10 09:32:41 -03:00
martinhsv	0470168056	Fix: audit log data omitted when nolog,auditlog	2020-01-07 11:16:07 -03:00
root	6624a18a4e	Fixed inspectFile operator does not pass FILES_TMPNAMES ... pass FILES_TMPNAMES variable to lua engine Fixed Lua engine should also be aware of the variable and pass it to the target lua script main function	2019-11-26 08:40:53 -03:00
Felipe Zimmerle	05e9e7cf31	XML: Remove error messages from stderr	2019-11-25 09:27:11 -03:00
Felipe Zimmerle	42a16c71cf	CHANGES: Adds info about #1645	2019-11-22 14:49:50 -03:00
martinhsv	ea7cacf289	Additional adjustment to Cookie header parsing	2019-11-21 16:50:27 -03:00
martinhsv	6395fe07ce	Restore chained rule logging to be more like 2.9	2019-11-21 08:21:59 -03:00
Ervin Hegedus	038522ad9b	Small fixes in log messages to help debugging	2019-11-20 15:24:30 -03:00
martinhsv	b8160cce6b	Fix Cookie header parsing issues	2019-11-20 08:51:06 -03:00
martinhsv	199a9db3e2	Fix nolog rules logging to part H	2019-11-11 13:50:44 -03:00
martinhsv	9cac167faf	Fix argument key-value pair parsing cases	2019-11-05 13:06:29 -03:00
martinhsv	68c995ca98	Fix: audit log part for response body for JSON format to be E	2019-10-25 09:51:26 -03:00
Victor Hora	d4dc3dbf2a	Make sure m_rulesMessages is filled after successfull match	2019-10-16 09:40:04 -03:00
Felipe Zimmerle	beedddd6c6	Fix @pm lookup for possible matches on offset zero	2019-10-02 08:05:14 -07:00
Felipe Zimmerle	341a5d01e1	CHANGES: Regex lookup on the key name instead of COLLECTION:key	2019-06-26 11:01:43 -03:00
Felipe Zimmerle	74eee9330b	CHANGES: Adds info about #2106	2019-06-17 14:57:13 -03:00
Felipe Zimmerle	cbd15ec138	CHANGES: Adds info about #2113, #2111	2019-06-04 10:30:19 -03:00
Felipe Zimmerle	f50700e9d4	CHANGES: Adds info about #1960	2019-06-03 19:56:24 -03:00