github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,062 Commits 55 Branches 109 Tags
Commit Graph

1200 Commits

Author SHA1 Message Date
Felipe Zimmerle
3e9e4b39cc
Cosmetics changes top of #1402 2017-05-02 17:14:06 -03:00
Marc Stern
7246998f09
Adds option to disable logging of stopwatches in audit log. 2017-05-02 17:11:58 -03:00
Marc Stern
d7383c39dd
Option to disable logging of dechunking 2017-05-02 11:09:42 -03:00
Felipe Zimmerle
a4724dfdab
Updates the libinjection 2017-04-28 14:56:06 -03:00
Marc Stern
7b86d8c51d
Extends a7731c by adding JSON support 2017-04-26 16:38:12 -03:00
Felipe Zimmerle
3de0dfc5fd
Cosmetics: fix #1381 indentation 2017-04-26 16:04:31 -03:00
Marc Stern
d1376c5525
Adds option to disable logging of Apache handler in audit log 2017-04-26 16:03:58 -03:00
Felipe Zimmerle
67908f45f4
Cosmetics: fix #1380 indentation 2017-04-26 15:28:13 -03:00
Marc Stern
d243818aff
{dis|en}able-collection-delete-problem-logging: Option to disable logging of collection delete problem in audit log when log level < 9 in audit log [Issue #576 - Marc Stern] 2017-04-26 15:27:57 -03:00
Felipe Zimmerle
45b7706f1f
Adds sanity check before print action message in the logs 
This is a sanity check on top of #1379
 2017-04-11 10:04:19 -03:00
Marc Stern
99eb07d944
Fix missing rule id in log See https://github.com/SpiderLabs/ModSecurity/issues/391 2017-04-10 12:28:38 -03:00
Marc Stern
9244cd9824
Option to disable logging of "Server" in audit log when log level < 9. [Issue #1070 - Marc Stern] 2017-04-10 12:13:55 -03:00
Marc Stern
c1c91e24cd
{dis|en}able-filename-logging: Option to disable logging of filename in audit log [Issue #1065 - Marc Stern] 2017-04-07 10:55:08 -03:00
Robert Paprocki
96a1f55e16
Read fuzzy hash databases on init 
Instead of reading the fuzzy db on every invocation, read and store
the db contents during initialization and store the contents in memory.
The only significant behavior change here is that a change in db contents
now (obviously) requires a daemon restart, as no API is provided to
flush the list of ssdeep chunks.
 2017-04-06 13:20:24 -03:00
Robert Paprocki
fd49ca7138
Don't leak an fd on fuzzy hash initialization 
Since we're re-opening this file with every invocation, let's
close our sanity check fd.
 2017-04-06 13:20:24 -03:00
Master Yoda
792a351de6
As of 17 May 2016, the country name "Czechia" replaces this MemberState's former short name of Czech Republic (code 203) 2016-12-01 15:07:46 -03:00
Marc Stern
7ff0e7e7b2
Added ALLOW_ID_NOT_UNIQUE compile flag to allow duplicate rule ids and no id 2016-11-21 09:58:40 -03:00
Robert Paprocki
a34f9eb785
Append a newline to concurrent JSON audit logs 2016-10-20 09:43:22 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
arminabf
fb3bbf37e8
revert error message assignment for older versions 
as errstr is only available since version > 2.2
 2016-10-06 13:28:37 -03:00
arminabf
e7f029b55a
fix error message 
both info->format and fmt (for versions prio 2.4) contain the error message format but not the actual formatted error message
 2016-10-06 13:28:37 -03:00
Robert Paprocki
2b4ece14c6
Remove logdata and msg fields from JSON audit log rule elements 
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
 2016-10-04 09:31:25 -03:00
Ephraim Vider
21a63cb83e
json parser handle cleanup 2016-09-21 00:03:40 -03:00
Chaim sanders
947cef7c8c
Adapted patch from 977 to fix status failing to report in Nginx auditlogs 2016-07-11 13:32:56 -03:00
Robert Paprocki
f2ef2017f1
Fix file upload JSON audit log entry 
Each uploaded file is a separate yajl array, but we forgot to open
the a map for the proper k/v pairs.

This fixes issue #1173.
 2016-07-11 12:14:37 -03:00
root
f9c253952c This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE. 2016-03-16 10:35:22 -03:00
Felipe Zimmerle
88bffb1e3e Version 2.9.1 (final) 
Increasing version to 2.9.1 (final)
 2016-03-09 14:48:29 -03:00
Felipe Zimmerle
ad9257c374 Version 2.9.1 
Increasing version to 2.9.1 and performed small fixes on the
CHANGES file
 2016-02-03 11:04:50 -03:00
Felipe Zimmerle
a157ac2946 Fix compilation issue on "pedantic" compilers 2016-02-03 10:37:24 -03:00
Robert Paprocki
ddc25dbbaa Fix 'is_chained' value for final rule in chain 
'is_chained' should be true for an actionset when the is_chained
member of the struct is true, or when its rule has a valid
chain_starter member.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
5bc75ec871 Do not compile in JSON logging support if yajl is not found 2016-01-29 11:59:52 -03:00
Robert Paprocki
0c95a7a2cd Clean up JSON rule writer 
* Escape rule actionset metadata
* Escape and truncate logdata
* Lazily add actionset tags as an array
* Add negated rule op_param
* Add unparsed rule representation
 2016-01-29 11:59:52 -03:00
Robert Paprocki
8559399ebd Update JSON structure for matched rules 
Create a separate map for each matched rule chain,
making it easier to identify chains in which only a portion
of rules actually matched.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7a39b4b5b9 Make JSON audit logging a configurable option 
Remove compile-time setting for generating audit logs
as JSON, creating a new config option (SecAuditLogFormat).
sec_audit_logger is now a wrapper for sec_audit_logger_json
or sec_audit_logger_native. This has the disadvantage of
making the audit log generation code harder to maintain,
but the logger function itself now is no longer pepper
with binary branches.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
dd79bea0b4 Additional updates for JSON logging 
* Write Stopwatch2 values into a separate map
* Remove legacy Stopwatch
* Proper sanitization of request/response headers
* Lazily open maps for keys that may not have content
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7b2ca1617e first pass at JSON logging implementation 2016-01-29 11:59:52 -03:00
Felipe Zimmerle
0db247f0e9 Replicates CREATEMODE patch to the secondary auditlog file 
At patch 45805be, @littlecho changed the behaviour to set the audit log
index/serial file permission. Before, it was using the default permission now
it is respecting the permission configured via SecAuditLogFileMode. This patch
replicates @littlecho's work to the secundary auditlog file.
 2016-01-26 09:20:25 -03:00
littlecho
b175c5cf60 Update apache2_config.c 
Change third parameter(which is the apr file permission flag) from CREATEMODE to dcfg->auditlog_fileperms. Due to the user can specify the desired file permission setting for the audit log files with setting the value of SecAuditLogFileMode, we should follow the file permission setting from the config file. Therefore, as the dcfg->auditlog_fileperms will be modified in cmd_audit_log_dirmode function, we can use the value while calling apr_file_open to meet the file permission that specified in modsecurity.conf.
 2016-01-26 09:08:13 -03:00
Chaim Sanders
d434a6c043 Fixing missing return value check for hashing response injection failure 2016-01-25 14:54:56 -03:00
Justin Gerace
3f9e2ccc7c Stop buffering when the request is larger than SecRequestBodyLimit and in ProcessPartial mode 2016-01-25 10:37:40 -03:00
Felipe Zimmerle
05bcafd4fc Extends Lua implementation to support Lua 5.3 2016-01-08 18:39:29 -03:00
Athmane Madjoudj
74558b42e4 Fix build issue with Lua >= 5.3 2016-01-07 15:21:20 -03:00
Felipe Zimmerle
c711808ef7 Cosmetic changes on #1031 to avoid compilation warning 2016-01-06 08:24:48 -03:00
Mario D. Santana
e3b3721ee3 Allow mod_proxy's "nocanon" behavior to be specified in proxy actions. 2016-01-06 08:23:52 -03:00
Mario D. Santana
258e5545a2 Perform the intercept_action as well as the disruptive actions. 2016-01-06 08:23:52 -03:00
Wesley M
3a7fdf8fc0 Refactoring conditional directives for if wrappers, alternative if statements and incomplete if conditions. 2016-01-05 08:18:44 -03:00
vfolin
76dfc1a90b Fix apache logging limitation by using correct apache call. Apache 2.4 brought the option to change the ErrorLogFormat. However, many fields remain empty, as ModSecurity uses the wrong apache logging function. This fixes this behaviour with the use of ap_log_rerror. 2015-12-10 12:29:37 -03:00
Andrew Elble
3044ad012b Fix the variable resolution duration (Issue #662) 
apr_time_usec is apparently defined as follows:

Which leads DURATION to not behave as expected when duration exceeds one second.
 2015-10-27 14:40:01 -03:00
Felipe Zimmerle
198032208a Improves #927 by checking earlier if the string is empty or not 2015-10-26 13:49:05 -03:00
Eugene Alekseev
7ba07bd547 Fix buffer overflow on empty strings in key. 
Sometimes apache segfalult on memory copying when key.dptr is some
kind of empty string and key.dsize seems to be 0.
 2015-10-26 13:41:55 -03:00