github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 19:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,700 Commits 55 Branches 109 Tags
70322304f289645ca4e4dc95fc5adc310275e7d6
Commit Graph

1011 Commits

Author SHA1 Message Date
ivanr
dc081c5df1 Removed some code that implemented SecRequestEncoding. Left the directive in, as well as the structure member as they are harmless. 2007-12-17 15:09:59 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
9b0ce5ae67 Move an extraneous debug log line from level 4 to level 9. 2007-12-17 05:43:49 +00:00
brectanus
8a1687bf36 Make phase 5 more strict and catch an inherited disruptive action. See #429. 2007-12-17 05:13:49 +00:00
brectanus
32100608e5 Handle actionset being NULL. See #66 and #429. 2007-12-15 00:42:39 +00:00
brectanus
476684e6ec Stricter configuration parsing. See #66 and #429. 2007-12-14 22:45:01 +00:00
brectanus
cd51a10046 Allow all rules to run in phase 5. See #425. 2007-12-14 22:34:16 +00:00
brectanus
5065852dfe More efficient collection persistance and deletion on retrieval. See #345 and #426. 2007-12-14 19:53:23 +00:00
brectanus
4c11791a94 Escape cache value in log. 2007-12-14 00:42:04 +00:00
brectanus
aa68fff104 Fixed decoding \9 with t:escapeSeqDecode. See #423. 2007-12-14 00:30:25 +00:00
brectanus
8aa31fd099 Change jsDecodeuni to jsDecode which also decodes all the other JS escapes. See #193. 2007-12-14 00:19:46 +00:00
brectanus
b0de659133 Added t:jsDecodeUni handling unicode similar to t:urlDecodeUni. See #193. 2007-12-13 00:58:02 +00:00
brectanus
cbf79d43ba Update version to ready for 2.5.0-rc1. 2007-12-12 23:08:14 +00:00
brectanus
54cac6461b Add IS_NEW and IS_EXPIRED collection variables. See #345. 2007-12-12 22:52:08 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
ivanr
bbcf1d08fc Added an APR-Util variant of character encoding conversion. 2007-12-03 14:46:00 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
brectanus
22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2007-12-02 16:26:05 +00:00
brectanus
2bf4556cd0 Checkin fix to rule removal code to avoid placeholders. 2007-12-02 15:35:09 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
brectanus
a6c2d867f4 Improvements to audit logging matching rules. See #93. 2007-11-30 21:31:12 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00
brectanus
85053718d9 Cleanup log output for skipAfter. See #258. 2007-11-29 23:14:02 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
ivanr
fd5e4fb32c Fix bugs introduced by the recent change to audit logging. 2007-11-29 11:09:38 +00:00
ivanr
ab6a81fe7a Remove unused reqbody_status from modsec_rec. 2007-11-29 10:46:12 +00:00
brectanus
1cfc906fac Fixed apr_size_t formatting warnings by using portable %APR_SIZE_T_FMT instead of %lu. 2007-11-28 01:09:15 +00:00
brectanus
8cec4dd251 Some more debugging and fixes for skipAfter. See #258. 2007-11-28 01:04:26 +00:00
ivanr
4a08d7e6bf Handle out-of-disk-space conditions gracefully when writing to audit log. 2007-11-27 10:52:14 +00:00
brectanus
800cfc2cc2 Added missing #else block for printf attributes. 2007-11-27 00:17:50 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
ivanr
b163864ba7 Implemented SecComponentSignature. 2007-11-26 16:05:56 +00:00
ivanr
e467d3cac0 Unified messages in the error log and in the audit log. 2007-11-26 15:39:37 +00:00
ivanr
f0be2ff6b0 Added warning message when XML request body parser fails. 2007-11-26 15:05:48 +00:00
brectanus
40c5b2004f Remove extraneous 'void *' cast. 2007-11-15 19:11:59 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
ivanr
b9defc0adb Warn in the debug log when request body processing fails. 2007-11-08 18:20:24 +00:00
ivanr
cd2287a412 Fix for an evasion false positive. 2007-11-08 18:12:51 +00:00
brectanus
83fb4b4da4 Fix more formatting errors/warnings on 64bit systems. 2007-11-07 20:22:09 +00:00
brectanus
7f71ae377c Fix another warning on %u used where %lu needed. 2007-11-07 20:00:26 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00