ivanr
|
8de8e44e09
|
Removed RESPONSE_CONTENT_ENCODING, which never worked as intended.
|
2007-06-20 11:10:47 +00:00 |
|
ivanr
|
5cb4823c4b
|
Documented that we do not support atomic updates of persistent variables at this time.
|
2007-06-20 10:59:37 +00:00 |
|
ivanr
|
1c639cf7dd
|
Added two payload examples for XPath expression examples.
|
2007-06-20 10:10:05 +00:00 |
|
brectanus
|
efe52d4e77
|
Initialize rules tmp pool properly.
Update to latest core rules.
|
2007-06-14 18:48:35 +00:00 |
|
brectanus
|
a4835b73ff
|
Fix bad merge of mem pool fix from trunk.
Update to latest core rules.
|
2007-06-14 18:46:58 +00:00 |
|
brectanus
|
6569c444d8
|
Make rules/README UNIX style EOL.
Merge another branch/2.1.x change.
|
2007-06-14 16:42:04 +00:00 |
|
brectanus
|
d55e023bf7
|
Revert msr_log as macro (still work-in-progress)
|
2007-06-14 16:13:53 +00:00 |
|
brectanus
|
81d0f84ad3
|
Update copyright text to Breach Security, Inc.
Merge in changes from branches/2.1.x
|
2007-06-14 16:05:45 +00:00 |
|
ivanr
|
c39723c3aa
|
Document SecPdfProtectMethod.
|
2007-06-14 15:48:53 +00:00 |
|
ivanr
|
74738b29b0
|
Added new directive (SecPdfProtectMethod) to enable the user to choose between
using token redirection (falling back on forced download in some cases) and
forced download (in all cases).
|
2007-06-14 15:26:08 +00:00 |
|
ivanr
|
8b843127ba
|
Revert incorrect change to GET/HEAD detection code. This will teach me to always compile before I commit.
|
2007-06-14 14:59:48 +00:00 |
|
ivanr
|
c7f5dc3355
|
Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented.
|
2007-06-14 14:54:23 +00:00 |
|
ivanr
|
eec279c8d9
|
Cleanup code.
|
2007-06-14 14:43:35 +00:00 |
|
brectanus
|
6350e2badc
|
Do not log alert message for subrequests. See #124.
Cleanup CHANGES.
|
2007-06-11 21:28:03 +00:00 |
|
brectanus
|
23bd6b4331
|
Do not pause if we are not the main request. See #124.
|
2007-06-11 21:20:07 +00:00 |
|
brectanus
|
46d7a5ec6f
|
Move transformation cache rec def re.h from modsecurity.h
|
2007-06-11 21:15:14 +00:00 |
|
ivanr
|
71eb6e17a4
|
Added XPath references.
|
2007-06-08 15:48:02 +00:00 |
|
brectanus
|
dd6755985c
|
Move the transformation cache recort into re.h. See #14.
|
2007-06-05 18:20:44 +00:00 |
|
brectanus
|
11456dd87a
|
Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16.
|
2007-06-04 20:16:48 +00:00 |
|
brectanus
|
e5c00d156a
|
Added rule file/line to audit log messages. See #49.
|
2007-06-01 15:32:08 +00:00 |
|
brectanus
|
f1607d007b
|
Cleanup message output. See #16.
|
2007-06-01 15:21:04 +00:00 |
|
brectanus
|
86f648d267
|
Remove extraneous debug log message.
|
2007-06-01 13:04:13 +00:00 |
|
brectanus
|
84c0ca303e
|
Fixed patch for subrequests to be more complete. See #124.
|
2007-05-31 15:42:42 +00:00 |
|
brectanus
|
e887faac2b
|
Add @pm/@pmfile operators (parallel patch). See #16.
|
2007-05-30 22:02:35 +00:00 |
|
brectanus
|
f53c4241fd
|
Add entry to CHANGES.
|
2007-05-30 16:13:22 +00:00 |
|
brectanus
|
db04c64420
|
Cleanup
|
2007-05-30 16:10:17 +00:00 |
|
brectanus
|
af6160b9c4
|
Fixed problem with subrequests not being intercepted. See #124.
|
2007-05-30 14:14:00 +00:00 |
|
brectanus
|
c594c205c3
|
Fix new string operators to all resolve macros.
Rename startsWith operator in code to match docs.
See #54.
|
2007-05-29 14:58:05 +00:00 |
|
brectanus
|
6cc0173cfa
|
Add caching for transformations. See #14.
|
2007-05-25 21:14:59 +00:00 |
|
brectanus
|
61238ca22f
|
Argh! That last one was not meant to be checked in - reverting 281.
|
2007-05-25 21:01:11 +00:00 |
|
brectanus
|
e11ff85421
|
Fixed log_escape_raw when length was <= 0
|
2007-05-25 20:56:03 +00:00 |
|
brectanus
|
220abd3444
|
Quiet uninitialized warning.
|
2007-05-24 21:56:34 +00:00 |
|
brectanus
|
a1a0c24b88
|
Do not compile on Solaris with visibility attributes.
|
2007-05-23 16:04:25 +00:00 |
|
brectanus
|
3fbf2b93c9
|
Modify docs for t:urlDecodeUni. (See #122)
|
2007-05-21 17:25:47 +00:00 |
|
brectanus
|
a627e96c75
|
Lessen "capture" debug log messages.
|
2007-05-17 12:02:59 +00:00 |
|
brectanus
|
eaa8e444dd
|
Fixed decoding full-width unicode in t:urlDecodeUni for ASCII range 0xFF01-0xFF5E. Probably need more work/testing. (See #122)
|
2007-05-16 20:09:28 +00:00 |
|
brectanus
|
97a1718d39
|
Only calculate debug data when we are debugging.
NOTE: Last commit message was wrong.
|
2007-05-16 19:55:13 +00:00 |
|
brectanus
|
e03ea11f9a
|
Only calculate debug data when we are debugging.
|
2007-05-16 19:48:21 +00:00 |
|
brectanus
|
b60f206976
|
Remove use of GNU extention strnlen().
Fix CHANGES.
|
2007-05-16 19:37:27 +00:00 |
|
brectanus
|
a68eb04884
|
Add geo lookup support. See #22.
|
2007-05-11 16:14:11 +00:00 |
|
ivanr
|
d8abb48ad9
|
Fixed a problem with content injection that resulted in content being injected twice.
|
2007-05-11 11:04:34 +00:00 |
|
brectanus
|
2733cc739a
|
Do not try to intercept a request after a failed rule. (See #53)
|
2007-05-10 04:28:37 +00:00 |
|
ivanr
|
dfde8169e6
|
Documented the PDF XSS protection functionality. It's not much but it will do for now.
|
2007-05-03 17:02:37 +00:00 |
|
ivanr
|
f1d4e0e2ff
|
Documented RESPONSE_CONTENT_LENGTH and RESPONSE_CONTENT_TYPE.
|
2007-05-03 16:47:34 +00:00 |
|
ivanr
|
d8418c3aa3
|
Documented SecContentInjection, append, and prepend.
|
2007-05-03 16:41:12 +00:00 |
|
brectanus
|
c0c5d8d894
|
Removed extraneous symbols from dso via DSOLOCAL.
|
2007-05-03 16:17:42 +00:00 |
|
ivanr
|
fca9eabafe
|
Merged the PDF XSS protection functionality into ModSecurity.
|
2007-05-03 12:09:24 +00:00 |
|
brectanus
|
c559f3ee21
|
Change @eq to @streq. See #54.
|
2007-05-03 03:41:29 +00:00 |
|
brectanus
|
2aa6e61605
|
Exported API for registering custom variables. See #120.
Simple example in api/mod_var_remote_host_port.c
|
2007-05-03 03:26:30 +00:00 |
|
brectanus
|
b47059a5b3
|
Remove docs for HTTP_* vars. See #23.
|
2007-05-03 01:52:47 +00:00 |
|