github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,739 Commits 55 Branches 109 Tags
98b9ae659d780323e22ff3df3c758f968d4028e0
Commit Graph

2739 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
8c66a1b4c2 Adds support to double quotes on debug logs conf 2017-08-15 14:20:39 -03:00
Felipe Zimmerle
0508395f8d Forces REQBODY_ERROR to zero whenever there is a valid XML 2017-07-31 14:12:18 -03:00
Felipe Zimmerle
b36c4260c1 Adds a graceful error if there is no memory for request body inspection 
Issue #1517
 2017-07-31 13:09:09 -03:00
Felipe Zimmerle
9a41942ce1 Optimization on the macro expansion function 2017-07-31 09:26:06 -03:00
Victor Hora
53ff0e1a57 Adds initial support to SecHttpBlKey 2017-07-29 00:12:14 -03:00
Lasse Karstensen
515e073503 Rename FromNowOneAllowType to FromNowOnAllowType. 
This misspelling is confusing (is it allow one more rule, or all of
them?) and since v3 isn't released yet, use the major version bump
opportunity to rectify it.
 2017-07-28 22:46:55 -03:00
Lasse Karstensen
bce5ef7704 Add the missing g in Transaction::GetReponseBodyLenth() 
This commit fixes a typo in the method name for retrieving
the body length.
 2017-07-28 22:30:25 -03:00
Felipe Zimmerle
56baef5f1f Fix test case as consequence of the changes at #1514 2017-07-28 22:24:21 -03:00
Lasse Karstensen
5e06a67fbe Demote log lines to improve debug log SNR. 
The debug logging is verbose and sometimes hard to read.

Demote some of the boilerplate output to log level 9, to make it easier
to see the important parts on lower verbosity levels.
 2017-07-28 22:11:06 -03:00
Lasse Karstensen
5c7892ce89 Reduce use of underscores in log output. 
The use of underscores in log lines makes them harder to read,
without contributing/adding extra information.
 2017-07-28 22:11:06 -03:00
Lasse Karstensen
e3b9e6061f Ignore droppings from make check. 2017-07-28 21:49:33 -03:00
Lasse Karstensen
4d1739a2c3 Ignore built files. 
Clean up git status output so the important parts are visible.
 2017-07-28 21:49:33 -03:00
Felipe Zimmerle
0242646610 Adds test case for the ctl:ruleEngine action 2017-07-27 22:10:58 -03:00
Felipe Zimmerle
4bec6b0019 Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
1f1e8324b1 Includes HTTP version and response code on auditlogs/F 2017-07-25 23:24:36 -03:00
Felipe Zimmerle
43cb8ed652 Adds support to C section on auditlogs 2017-07-25 23:13:23 -03:00
Felipe Zimmerle
15ca5ceab4 Yet another change on the audit log permissions 
The default values are set to 0640 and 0750. That is the real
value in version 2.
 2017-07-25 23:08:59 -03:00
Felipe Zimmerle
b58c8fe7ed Changes the default file creation permission to 1600 
Somewhat related to #1497.
 2017-07-25 15:11:27 -03:00
Felipe Zimmerle
27a8abc052 Changes the auditlog new derectories permission to 1872 
As well noticed on #1497 [by @met3or] we had an inconsistence in the
default permission value for new directories between version 2 and 3.
 2017-07-25 15:06:47 -03:00
Felipe Zimmerle
337216fd87 fix: remove target by {id,tag} are now considering collections 
Fix issue #1409
 2017-07-25 09:19:21 -03:00
Felipe Zimmerle
7c2dbf48cf Typo in the debuglogs for rules::getFinalVars 2017-07-24 22:18:00 -03:00
Felipe Zimmerle
e14dc602e5 Adds support to SecRuleUpdateTargetById 2017-07-04 13:13:13 -07:00
Felipe Zimmerle
9ce7d022c2 Fix memory leak in the regression utility 2017-07-04 11:01:11 -07:00
Felipe Zimmerle
52c5631ae7 Adds test case to UpdateTargetByTag 2017-07-04 11:00:11 -07:00
Felipe Zimmerle
fba9c20ea1 Adds initial support to SecRuleUpdateTargetByTag 2017-07-03 17:42:34 -07:00
Felipe Zimmerle
65bd06fb7f Adds verifyCPF operator to the unit test list 2017-06-28 00:46:00 -03:00
Felipe Zimmerle
74bb022a28 Updates unit test cases 2017-06-28 00:45:12 -03:00
Felipe Zimmerle
25175dd800 Adds support to verify CPF operator 2017-06-28 00:44:42 -03:00
Felipe Zimmerle
787b388f89 Yet another update on the unit test repository 2017-06-28 00:11:35 -03:00
Felipe Zimmerle
ddac1fb6f6 Upgrades the unit test repo to the most recent version 
This update includes the verify ssn test case
 2017-06-27 23:57:49 -03:00
Felipe Zimmerle
a7f7532a2c Adds verify ssn operator to the unit test list 2017-06-27 23:57:22 -03:00
Felipe Zimmerle
ad8182e2a8 Adds support to the verify ssn operator 2017-06-27 23:55:47 -03:00
David Buckle
d465c2f1a3 Removes the beauty of the JSON logging 
The beautify options makes the JSON easy to be read by human eyes.
No need to have pretty print JSON for production, as beautify the JSON
is not a hard task. Atop of that there are some disvantages to use the
JSON in pretty format, as described on the issue: #1472
 2017-06-27 08:39:58 -03:00
Felipe Zimmerle
1edd3570e1 Adds a set of sanity checks to validate API inputs (2 of 2) 2017-06-21 19:11:25 -07:00
Felipe Zimmerle
508a2b5a4a Adds sanity check on SecRemoteRules directive input 2017-06-21 19:08:12 -07:00
Felipe Zimmerle
49b7ea99e6 Adds a set of sanity checks to validate API inputs (1 of 2) 2017-06-21 12:59:19 -07:00
Felipe Zimmerle
5a32b389b4 chunks example: Sets the freed variables to NULL 2017-06-19 19:08:26 -03:00
Felipe Zimmerle
6d77c76b27 Implements intervention support inside using chunks example 
In the example the disruptive action is printed in the console output.
 2017-06-19 18:33:51 -03:00
Felipe Zimmerle
f5b47a8077 Duplicates the url variable in the disruptive action 
The log message needs to be freed by the consumer. Doing the same with
the url to keep the API consistent.
 2017-06-19 18:32:17 -03:00
Felipe Zimmerle
c3a0d8d9bb Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
3ebc2d61fb Enables random number generation 2017-06-16 23:20:28 -03:00
Felipe Zimmerle
4726912ec8 Audit Log: Adds space after response size 
Reported at #1452
 2017-06-16 22:55:15 -03:00
Felipe Zimmerle
20134ef242 Fix examples/using_bodies_in_chunks compilation 2017-06-10 20:40:12 -03:00
Felipe Zimmerle
e1f52a1cf2 Adds using bodies in chunks example 2017-06-10 09:28:22 -03:00
Felipe Zimmerle
9cb3f23b50 Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
616a95bfe0 Adds -lpthread to the reading_logs_via_rule_message example 2017-06-07 14:22:33 -03:00
Felipe Zimmerle
e795253ecf Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
2a5085255e Using multiple threads in reading logs via rule message example 2017-06-03 16:40:47 -03:00
Felipe Zimmerle
8fbb9e8128 Using pthreads to avoid concurrent access to the collection 2017-06-03 16:07:35 -03:00
Victor Hora
37868d1534 Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00