github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
678 Commits 55 Branches 109 Tags
8af7f4ed4125b114e15f2a97989c22f01ea1b4f5
Commit Graph

96 Commits

Author SHA1 Message Date
b1v1r
2370606d70 Updated copyright year to 2009. 2009-03-06 05:32:03 +00:00
ivanr
ecd1750cce Tidy up the code for the performance-measurement mode. Remove the per-phase measurements, which don't seem to work (at least not in my case). 2008-09-01 09:36:31 +00:00
ivanr
3dd0185d3c From trunk: make PERFORMANCE_MEASUREMENT more accurate. 2008-08-29 16:14:17 +00:00
ivanr
3f26e3d384 Tidy up. 2008-07-31 10:09:35 +00:00
ivanr
7edd9cc7f7 Update licensing headers in all source code files. 2008-07-31 09:30:59 +00:00
brectanus
c066e8b3c4 Fixed VAR_CACHE/VAR_DONT_CACHE values with reasons for DONT. 
Added a DEBUG_MEM define to disable optimization and for future enhcement.
Prevented "counting" vars from being cached.
Prevented vars from being cached unless they are marked "available" in phase.
Now use var->value as the cache hash key as a unique value.
Fixed which pools we are using for rule processing.
Updated regression tests for tfns.
Updated regression test script to handle extra APR_POOL_DEBUG output.
See #364.
 2008-07-30 22:35:52 +00:00
brectanus
40b6cd3ebe Cleanup. See #364. 2008-07-29 05:47:14 +00:00
brectanus
6ebc5ad6e7 Transformation caching fixes. See #364. 2008-07-29 00:18:16 +00:00
ivanr
f417680065 Minor code cleanup. 2008-06-05 14:00:28 +00:00
brectanus
22f1c61f1d Fixed issue where logging was not occuring unless "auditlog" was enabled. See #497, #4, #451 and #445. 2008-06-02 23:34:31 +00:00
brectanus
a9fca34107 Enable "auditlog" action by default. See #445 and #451. 2008-06-02 23:31:27 +00:00
brectanus
0c28f30876 Fix a transformation caching bug. See #490. 2008-05-05 21:57:28 +00:00
brectanus
6b970c9185 Added back support for HTTP_* targets by aliasing it to REQUEST_HEADERS:*. 
Fixed the severity warning message to only be displayed at a warn log level.
 2008-03-19 21:31:41 +00:00
brectanus
024e854725 Fixed a bug in transformation caching, which would prevent a match in certian cases. 
Updated docs on "pass" action to explicitly state that we execute all targets.
 2008-03-07 20:23:16 +00:00
brectanus
e0f503a133 Add a needed function prototype for compiling in performance testing mode. 2008-03-05 20:42:41 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
e2ad283fdb Fix some sprintf formatters so they do not generate warnings. 2008-02-04 21:50:10 +00:00
brectanus
3232a2d41e Fix debug log "Expanded" msg to only print when expanded. 2008-02-04 18:21:27 +00:00
brectanus
ed581b56f4 Revert part of the noauditlog fix in changelog:878. See #451. 2008-01-28 22:10:12 +00:00
brectanus
4c6dccada2 Fixed noauditlog. See #451. 2008-01-25 05:52:49 +00:00
brectanus
52ccced72b Cleanup building actionsets and use minimal default. See #445. 
Fully resolve all rules before logging.
 2008-01-25 04:52:49 +00:00
brectanus
946a350043 Fixed removing cained rules with ctl action. 2008-01-24 22:39:13 +00:00
brectanus
09ada31a28 Fixed potential crash if actionset was NULL. See #441 and #442. 2008-01-24 18:08:39 +00:00
brectanus
a3584993f5 Implement "block" pseudo-action. See #441. 2008-01-24 05:16:35 +00:00
brectanus
18e9ef0808 Remove default transformations. See #445. 2008-01-22 05:50:42 +00:00
brectanus
c4e1ede358 Fixed merging actionsets so we can build a more accurate rule for auditing. 2008-01-22 05:39:33 +00:00
brectanus
0d24a08f33 Implemented SecRuleUpdateActionById. See #442. 2008-01-19 02:23:41 +00:00
brectanus
f4a44bc320 Remove an extraneous debug log. 2008-01-18 01:02:29 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
99c41afc3d Added a check that SecServerSignature actually worked (Apache changed some of this code as of 2.2.4 and could potentially change it again and break this). 
Cleaned up some configure code.
Cleaned up some extraneous cache logging.
Cleaned up the output from the test script.
 2008-01-14 22:32:53 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
106a54f876 Fixed partial transformation caching and reduced some debugging output. 2008-01-09 00:52:51 +00:00
brectanus
31e3ada844 Fixed phase 5 rules not being excludable. 2008-01-08 20:45:54 +00:00
brectanus
c622e7ec93 Expand PERFORMANCE_MEASUREMENT output to break down the full rule timing into transformation, operator and full. 
Add a "Transformation completed in N usec." debug line to compliment the operator timing.
 2008-01-08 16:21:40 +00:00
ivanr
2068357af8 Added m.getvars() and finalised Lua support. 2007-12-21 12:50:03 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
ivanr
4cecdf4c5b Added support for Lua to the exec action. 2007-12-20 12:06:30 +00:00
ivanr
e357bb55af Add quoting to unparsed rule generation. 2007-12-19 16:11:32 +00:00
ivanr
aef5a460b6 Fix Lua support. Enable logging from Lua scripts (using m.log()). 2007-12-19 12:50:21 +00:00
ivanr
afd3cbf14f Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. 2007-12-19 11:22:52 +00:00
ivanr
6f6934e9d3 Code polish. 2007-12-19 09:22:58 +00:00
brectanus
8360aacc22 Use use new msr->rule_was_intercepted flag. See #425. 2007-12-17 19:58:35 +00:00
brectanus
cd51a10046 Allow all rules to run in phase 5. See #425. 2007-12-14 22:34:16 +00:00
brectanus
4c11791a94 Escape cache value in log. 2007-12-14 00:42:04 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
brectanus
2bf4556cd0 Checkin fix to rule removal code to avoid placeholders. 2007-12-02 15:35:09 +00:00
brectanus
a6c2d867f4 Improvements to audit logging matching rules. See #93. 2007-11-30 21:31:12 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00