github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,784 Commits 55 Branches 109 Tags
Commit Graph

1784 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marc Stern
7246998f09
Adds option to disable logging of stopwatches in audit log. 2017-05-02 17:11:58 -03:00
Felipe Zimmerle
41ae8db571
Fix configure help added in #1403 2017-05-02 11:11:47 -03:00
Marc Stern
d7383c39dd
Option to disable logging of dechunking 2017-05-02 11:09:42 -03:00
Felipe Zimmerle
a4724dfdab
Updates the libinjection 2017-04-28 14:56:06 -03:00
Felipe Zimmerle
2c07a17fa3
Fix help message on configuration option added by #1381 2017-04-26 16:47:48 -03:00
Marc Stern
7b86d8c51d
Extends a7731c by adding JSON support 2017-04-26 16:38:12 -03:00
Felipe Zimmerle
3de0dfc5fd
Cosmetics: fix #1381 indentation 2017-04-26 16:04:31 -03:00
Marc Stern
d1376c5525
Adds option to disable logging of Apache handler in audit log 2017-04-26 16:03:58 -03:00
Felipe Zimmerle
f44852b4e0
Fix the issue number on Marc's CHANGE log entry 2017-04-26 15:57:48 -03:00
Felipe Zimmerle
1a5ff4e371
Fix help message on configuration option added by #1380 2017-04-26 15:28:20 -03:00
Felipe Zimmerle
67908f45f4
Cosmetics: fix #1380 indentation 2017-04-26 15:28:13 -03:00
Marc Stern
d243818aff
{dis|en}able-collection-delete-problem-logging: Option to disable logging of collection delete problem in audit log when log level < 9 in audit log [Issue #576 - Marc Stern] 2017-04-26 15:27:57 -03:00
Felipe Zimmerle
53a8bb2e18
Adds information about pull request #1379 2017-04-11 11:12:14 -03:00
Felipe Zimmerle
45b7706f1f
Adds sanity check before print action message in the logs 
This is a sanity check on top of #1379
 2017-04-11 10:04:19 -03:00
Marc Stern
99eb07d944
Fix missing rule id in log See https://github.com/SpiderLabs/ModSecurity/issues/391 2017-04-10 12:28:38 -03:00
Marc Stern
9244cd9824
Option to disable logging of "Server" in audit log when log level < 9. [Issue #1070 - Marc Stern] 2017-04-10 12:13:55 -03:00
Marc Stern
c1c91e24cd
{dis|en}able-filename-logging: Option to disable logging of filename in audit log [Issue #1065 - Marc Stern] 2017-04-07 10:55:08 -03:00
Felipe Zimmerle
42c819d1b9
Adds information about pull request #1339 2017-04-06 13:21:32 -03:00
Robert Paprocki
96a1f55e16
Read fuzzy hash databases on init 
Instead of reading the fuzzy db on every invocation, read and store
the db contents during initialization and store the contents in memory.
The only significant behavior change here is that a change in db contents
now (obviously) requires a daemon restart, as no API is provided to
flush the list of ssdeep chunks.
 2017-04-06 13:20:24 -03:00
Robert Paprocki
fd49ca7138
Don't leak an fd on fuzzy hash initialization 
Since we're re-opening this file with every invocation, let's
close our sanity check fd.
 2017-04-06 13:20:24 -03:00
Felipe Zimmerle
6cce8a2764
Adds information about pull request #1374 2017-04-06 09:37:52 -03:00
Chaim Sanders
5e4e2af7a6
add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:34:54 -03:00
Felipe Zimmerle
eb798d8c55
Adds information about pull request #1373 2017-04-03 16:23:33 -03:00
Andrei Belov
1bb2ffcd6b
Fix building with nginx >= 1.11.11 
Closes SpiderLabs/ModSecurity#1359

See also:
http://hg.nginx.org/nginx/rev/e662cbf1b932
 2017-04-03 16:19:15 -03:00
Felipe Zimmerle
b6053df941
Adds information about pull request #1258 2016-12-01 15:14:39 -03:00
Master Yoda
792a351de6
As of 17 May 2016, the country name "Czechia" replaces this MemberState's former short name of Czech Republic (code 203) 2016-12-01 15:07:46 -03:00
Felipe Zimmerle
3e6f6e63bc
Adds information about pull request #1150 2016-11-21 11:02:13 -03:00
Felipe Zimmerle
3fce12a96c
Fix on the patch proposal #1150 
That is a fix on the top of #1150 without this fix the patch won't work
as expected.
 2016-11-21 10:58:43 -03:00
Marc Stern
7ff0e7e7b2
Added ALLOW_ID_NOT_UNIQUE compile flag to allow duplicate rule ids and no id 2016-11-21 09:58:40 -03:00
Felipe Zimmerle
bb577950bf
Adds information about pull request #1233 2016-10-20 09:44:25 -03:00
Robert Paprocki
a34f9eb785
Append a newline to concurrent JSON audit logs 2016-10-20 09:43:22 -03:00
Felipe Zimmerle
c95d93483b
Adds information about pull request #1223 2016-10-10 12:34:04 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
Felipe Zimmerle
8559dd3b8b
Adds information about pull request #1216 2016-10-06 13:30:25 -03:00
arminabf
fb3bbf37e8
revert error message assignment for older versions 
as errstr is only available since version > 2.2
 2016-10-06 13:28:37 -03:00
arminabf
e7f029b55a
fix error message 
both info->format and fmt (for versions prio 2.4) contain the error message format but not the actual formatted error message
 2016-10-06 13:28:37 -03:00
Felipe Zimmerle
137331748c
Adds information about pull request #1220 2016-10-05 12:35:13 -03:00
culyerr
b83c1109ad
Fixed IPv4+Port address parsing 2016-10-04 13:23:46 -03:00
Felipe Zimmerle
b1ee051cee
Adds information about pull request #1190 2016-10-04 09:41:16 -03:00
Robert Paprocki
2b4ece14c6
Remove logdata and msg fields from JSON audit log rule elements 
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
 2016-10-04 09:31:25 -03:00
Felipe Zimmerle
5f4a098f08
Adds information about pull request #1204 2016-09-21 00:05:13 -03:00
Ephraim Vider
21a63cb83e
json parser handle cleanup 2016-09-21 00:03:40 -03:00
Felipe Zimmerle
923c3c6793
Adds information about pull request #1171 2016-07-11 13:36:16 -03:00
Chaim sanders
947cef7c8c
Adapted patch from 977 to fix status failing to report in Nginx auditlogs 2016-07-11 13:32:56 -03:00
Felipe Zimmerle
2538d90e5f
Adds information about pull request #1181 2016-07-11 12:17:31 -03:00
Robert Paprocki
f2ef2017f1
Fix file upload JSON audit log entry 
Each uploaded file is a separate yajl array, but we forgot to open
the a map for the proper k/v pairs.

This fixes issue #1173.
 2016-07-11 12:14:37 -03:00
Felipe Zimmerle
a2bb610d7c
Adds information about #1158 2016-06-14 15:19:00 -03:00
Thomas Deutschmann
692712cc95
configure: Move verbose_output declaration up to the beginning 
Macros like "find_curl" are using "verbose_output" variable but because some
of them are called before we define the variable we are seeing errors like

  ./configure: line 13855: test: : integer expression expected

This commit will fix the problem by moving the "verbose_output" declaration
up to the beginning so that the variable is available for every macro.
 2016-06-14 13:48:01 -03:00
Thomas Deutschmann
c729b6d0ab
configure: Fix detection whether libcurl is linked against gnutls 
The find_curl macro is also checking whether libcurl is linked against
gnutls. However the check depends on "CURL_LIBS" which wasn't defined
by the macro.

This commit will define "CURL_LIBS" so that the check works as expected.
 2016-06-14 13:48:01 -03:00
Felipe Zimmerle
808ea48263 Adds information about the pull request #1060 on the CHANGES file 2016-03-16 10:37:01 -03:00