github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
760 Commits 55 Branches 109 Tags
Commit Graph

593 Commits

Author SHA1 Message Date
brectanus
8b6f0e72a7 Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. 2007-09-27 21:38:33 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
9f898a0e0b Fixed comment. 2007-09-26 19:49:48 +00:00
brectanus
7c393c4874 Fixed the wrong status being displayed in the error page. See #3. 2007-09-26 19:47:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
brectanus
426ce1aea7 Fixed deprecatevar. See #59. 2007-09-25 21:40:04 +00:00
ivanr
a1955d09e3 Add crude performance measurement. 2007-09-24 23:59:42 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
ivanr
79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. 2007-09-21 19:46:53 +00:00
ivanr
dfe09ff1b0 Fix content injection C++ style comments. 2007-09-21 19:36:57 +00:00
ivanr
2a707d4370 Enable our output filters to intercept bodies of error responses (#65). 2007-09-21 19:06:54 +00:00
brectanus
eb6b456f5b Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255. 2007-09-21 00:20:31 +00:00
brectanus
b217e42624 Merge in fix for ErrorDocument. 2007-09-17 17:10:38 +00:00
brectanus
ad940d1ff9 Partially corrected the filter error code. See #3. 2007-09-14 23:01:58 +00:00
brectanus
53011819d4 Cleanup some doc formatting. 
Prepare trunk for use as 2.5.0-devN tree.
 2007-09-14 21:41:34 +00:00
brectanus
c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). 2007-09-14 21:00:56 +00:00
brectanus
1e603d8a3e Detect and use new API calls to get the server version/banner when available. 2007-09-11 18:01:28 +00:00
brectanus
8549546b5e Add a cast to unsigned char * to avoid warning. 2007-09-11 17:59:14 +00:00
ivanr
fa2b97ddb4 Tidy code. Small bug fixes. 2007-09-07 16:01:28 +00:00
ivanr
0769f2378c More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. 2007-09-07 13:16:40 +00:00
brectanus
d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. 2007-08-22 20:12:41 +00:00
brectanus
9e08017b32 Force rpaf and similar modules before mod_security2. 2007-08-21 23:44:19 +00:00
ivanr
9301461b33 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). 2007-08-20 16:09:48 +00:00
ivanr
608f7f2b44 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. 2007-08-20 15:25:05 +00:00
ivanr
239fa00957 Fix silly errors, typos. 2007-08-17 16:01:24 +00:00
ivanr
baf6f59dff Multipart parsing improvements. 2007-08-17 15:47:33 +00:00
brectanus
e275162463 Quiet "warning: int format, pid_t arg" type warnings. 2007-08-13 17:49:37 +00:00
ivanr
28d44486e3 Fixed data corruption in the multipart parser. 2007-08-10 15:59:54 +00:00
ivanr
222f1f6f78 Cleanup. MULTIPART_STRICT_ERROR now returns 1 on parsing error too. 2007-08-10 15:04:42 +00:00
ivanr
323f9f81a0 Better discovery of partial quoting evasion. 2007-08-10 14:51:55 +00:00
ivanr
b1949b7ebc Another check for evasion through partial quoting of multipart boundary. 2007-08-10 14:40:22 +00:00
ivanr
d0ac05c3ea Add check for evasion using double quote inside multipart boundary. 2007-08-10 14:37:04 +00:00
ivanr
25fb1b2629 Moved XML request body processor error to debug level 1. 2007-08-10 14:25:44 +00:00
ivanr
5898e9e116 Fixed a potential segmentation fault, introduced with recent changes. 2007-08-10 14:24:13 +00:00
brectanus
7c856eef1f Fix typo and make clearer the intent by using defined(). See #198. 2007-08-10 13:44:55 +00:00
ivanr
716d0fd419 Added a check for nul bytes in multipart part headers. 2007-08-10 10:17:36 +00:00
ivanr
c85773b343 Added MULTIPART_UNMATCHED_BOUNDARY. Not very reliable, as it detects anything that looks like a boundary, which means any line that begins with -- but we don't think it's a boundary. 2007-08-10 09:59:57 +00:00
ivanr
70324713e4 Added checks to detect quoted boundary evasion (although we are not susceptable any more) and to detect duplicate final bounary. 2007-08-10 08:36:24 +00:00
brectanus
32905f9d46 Add ability to compile without API support (-DNO_MODSEC_API). See #198. 2007-08-10 00:46:04 +00:00
brectanus
8f6385f784 Added logdata action (still needs byte limit). See #40. 2007-08-10 00:22:15 +00:00
ivanr
765dfd0274 Fixed typo. 2007-08-09 15:30:47 +00:00
brectanus
9cfdd8f0d2 Rename TX_SEVERITY to HIGHEST_SEVERITY, fix and document. 2007-08-09 14:32:02 +00:00
ivanr
c520886e10 Detect and prevent multipart evasion. 2007-08-09 10:50:53 +00:00
ivanr
cb0cb93752 Sorted variables in the registration code. 2007-08-09 10:17:42 +00:00
brectanus
648037fdb5 Added TX_SEVERITY variable. See #60. 2007-08-08 22:11:02 +00:00
brectanus
f41c27a28c Added ARGS_GET, ARGS_POST, ARGS_GET_NAME, ARGS_POST_NAMES variables. See #136. 2007-08-08 20:49:51 +00:00
brectanus
fe8c564ed0 Added MODSEC_BUILD variable. See #38. 2007-08-08 18:25:03 +00:00
brectanus
2ec596e83a Fix error message in validateByteRange to include the target variable name. See #157. 2007-08-08 15:16:26 +00:00