github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,784 Commits 55 Branches 109 Tags
Commit Graph

61 Commits

Author SHA1 Message Date
Allan Boll
2ae357be88
Let body parsers observe SecRequestBodyNoFilesLimit 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
 2018-09-05 16:08:21 -03:00
Felipe Zimmerle
6406e2108d
Makes `large stream optimization' optional 2017-10-06 16:43:45 +00:00
Allan Boll
2e9ea0a677
Avoid use of min-macro, as it is not available in all envs 2017-10-05 17:20:41 +00:00
Allan Boll
7fff8938ba
Check return value of modsecurity_request_body_store 2017-10-05 17:20:41 +00:00
Allan Boll
023b863853
Ensure memory preallocation for streaming is bounded by SecRequestBodyLimit 2017-10-05 17:20:41 +00:00
Allan Boll
97b51ebfed
Renamed local var and initialized local vars. Undid accidental move. 2017-10-05 17:20:40 +00:00
Allan Boll
afae690655
Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream. 2017-10-05 17:20:40 +00:00
Felipe Zimmerle
61bce8d9a9
Cosmetics: moving declaration to the too of the block 2017-07-14 13:47:30 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Ulisses Albuquerque
c23097ce18 Added support for JSON body processor 2014-03-31 16:22:09 -07:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
0840b13612 Fixed: chuck null pointer when unknown CT is sent and over in-memory limit 2013-04-04 11:04:22 -04:00
brenosilva
040d4469df Enable warning message with over SecRequestBodyNoFilesLimit 2012-08-30 16:22:23 +00:00
brenosilva
bdcecf50fa MODSEC-328 2012-08-09 17:20:21 +00:00
brenosilva
f92f8219d4 fix stream vars memory leak 2011-12-05 17:01:51 +00:00
brenosilva
de02ea5e4f Add new unicode map settings and fix requet body truncate bug 2011-06-30 13:22:39 +00:00
brenosilva
d4d3497539 clean stream buffer 2011-04-28 17:49:05 +00:00
brenosilva
0ee85b3485 clean stream buffer 2011-04-28 16:57:26 +00:00
brenosilva
0cc30904b9 Fix issue in input stream 2011-04-28 16:32:41 +00:00
brenosilva
1aa4cace65 Fix compiler warnings 2011-04-27 21:54:16 +00:00
brenosilva
3b4c46f27b Improvements in detection only 2011-04-05 21:16:58 +00:00
brenosilva
cb3353f13d Improvements in detection only 2011-04-05 00:18:37 +00:00
brenosilva
3377831b36 Improvements in detection only 2011-04-04 22:07:27 +00:00
brenosilva
50205ebf62 Improvements in detection only 2011-04-04 21:02:13 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
a2f01d31a4 Experimental reallocation memory for rsub 2011-03-26 14:53:04 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
d0e2546f9b MODSEC-21 2011-01-14 16:22:15 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
058283fb5a Add the ability to build custom request body parser extensions. 
Add an example for a request body parser extension.
 2010-05-05 23:01:11 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
6d5e752cb3 Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered 2009-12-12 14:21:17 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
ivanr
aa1e053025 Fix typo 2009-08-28 16:56:44 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
ivanr
5740f7a3eb Tidy up. 2008-09-10 14:15:37 +00:00
brectanus
f5af5ef429 Remove declaration of an unused variable. 2008-09-03 21:20:06 +00:00
brectanus
34798e9abe Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
ivanr
c8e35797fd Improve request body processing error messages (#504). 2008-05-30 12:13:27 +00:00
brectanus
aa6be1614e Make sure all filehandles are closed at the end of a trasaction. See #464 and #465. 
Fixes a few typos in some error messages when we are over the limits.
 2008-03-28 20:00:37 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
e2ad283fdb Fix some sprintf formatters so they do not generate warnings. 2008-02-04 21:50:10 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
4e7c243c39 Make libxml2 *required*. 2007-12-19 18:13:41 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
ivanr
f0be2ff6b0 Added warning message when XML request body parser fails. 2007-11-26 15:05:48 +00:00