github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,634 Commits 55 Branches 109 Tags
Commit Graph

1634 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mihai Pitu
a662d8fe4c modsecurity loader 2016-01-29 10:39:56 -03:00
Mihai Pitu
b1755c5b84 Write request & response callbacks 2016-01-29 10:39:56 -03:00
Mihai Pitu
1637bcb774 Response headers & body 2016-01-29 10:39:56 -03:00
Mihai Pitu
8f3b3eb468 Support for file upload & request/response java wrappers 2016-01-29 10:39:56 -03:00
Mihai Pitu
b9080aad18 Java test WebApp 2016-01-29 10:39:56 -03:00
Mihai Pitu
a6c1627987 Read request headers and body 2016-01-29 10:39:56 -03:00
Mihai Pitu
9863fca181 read request headers and body 2016-01-29 10:39:56 -03:00
Mihai Pitu
455cbbac9e JNI calls for log 2016-01-29 10:39:56 -03:00
Mihai Pitu
c18fe9ea8a Java solution 2016-01-29 10:39:56 -03:00
Mihai Pitu
065437e1d1 GSOC Proposal 2016-01-29 10:39:56 -03:00
Mihai Pitu
3336ebd57d GSOC Proposal 2016-01-29 10:39:56 -03:00
Mihai Pitu
f61a9b1556 GSOC Proposal 2016-01-29 10:39:56 -03:00
Mihai Pitu
3d07d3ebee GSOC Proposal 2016-01-29 10:39:56 -03:00
Mihai Pitu
8509ff6f83 VS12 solution 2016-01-29 10:39:56 -03:00
Mihai Pitu
da5948033f VS12 solution 2016-01-29 10:39:56 -03:00
Mihai Pitu
821930c8a6 VS12 solution 2016-01-29 10:39:55 -03:00
Felipe Zimmerle
4eb095ad25 Adds information about the pull request #852 on the CHANGES file 2016-01-26 09:28:20 -03:00
Felipe Zimmerle
0db247f0e9 Replicates CREATEMODE patch to the secondary auditlog file 
At patch 45805be, @littlecho changed the behaviour to set the audit log
index/serial file permission. Before, it was using the default permission now
it is respecting the permission configured via SecAuditLogFileMode. This patch
replicates @littlecho's work to the secundary auditlog file.
 2016-01-26 09:20:25 -03:00
littlecho
b175c5cf60 Update apache2_config.c 
Change third parameter(which is the apr file permission flag) from CREATEMODE to dcfg->auditlog_fileperms. Due to the user can specify the desired file permission setting for the audit log files with setting the value of SecAuditLogFileMode, we should follow the file permission setting from the config file. Therefore, as the dcfg->auditlog_fileperms will be modified in cmd_audit_log_dirmode function, we can use the value while calling apr_file_open to meet the file permission that specified in modsecurity.conf.
 2016-01-26 09:08:13 -03:00
Felipe Zimmerle
35fbc76ecc Adds information about the pull request #1041 on the CHANGES file 2016-01-25 14:58:24 -03:00
Chaim Sanders
d434a6c043 Fixing missing return value check for hashing response injection failure 2016-01-25 14:54:56 -03:00
Felipe Zimmerle
b3f197dd1f Adds information about the pull request #709 on the CHANGES file 2016-01-25 13:40:46 -03:00
Justin Gerace
3f9e2ccc7c Stop buffering when the request is larger than SecRequestBodyLimit and in ProcessPartial mode 2016-01-25 10:37:40 -03:00
Chaim Sanders
1068da464c Updated recommended conf to enter XML processor when content-type is application/xml 2016-01-11 10:43:05 -05:00
Chaim Sanders
880b2764a3 Updated Licensing information to reflect year 2016-01-11 10:09:41 -05:00
Felipe Zimmerle
05bcafd4fc Extends Lua implementation to support Lua 5.3 2016-01-08 18:39:29 -03:00
Athmane Madjoudj
74558b42e4 Fix build issue with Lua >= 5.3 2016-01-07 15:21:20 -03:00
Felipe Zimmerle
cb91850bcd Adds information about the pull request #881 on the CHANGES file 2016-01-06 15:02:41 -03:00
Ishwor Gurung
bd7ee39d2e Allow user to choose between TLS versions(TLSProtocol option introduced). 2016-01-06 15:00:08 -03:00
Felipe Zimmerle
831282ee2c Adds information about the pull request #1031 on the CHANGES file 2016-01-06 08:27:40 -03:00
Felipe Zimmerle
c711808ef7 Cosmetic changes on #1031 to avoid compilation warning 2016-01-06 08:24:48 -03:00
Mario D. Santana
e3b3721ee3 Allow mod_proxy's "nocanon" behavior to be specified in proxy actions. 2016-01-06 08:23:52 -03:00
Mario D. Santana
258e5545a2 Perform the intercept_action as well as the disruptive actions. 2016-01-06 08:23:52 -03:00
Felipe Zimmerle
59851fff2b Adds information about the issue #996 on the CHANGES file 2016-01-05 08:18:52 -03:00
Wesley M
3a7fdf8fc0 Refactoring conditional directives for if wrappers, alternative if statements and incomplete if conditions. 2016-01-05 08:18:44 -03:00
Felipe Zimmerle
c373256d46 Adds information about the pull request #775 on the CHANGES file 2016-01-04 15:02:31 -03:00
Elia Pinto
b3ce3da2fc mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir files with Apache 2.4 
Setting SecAuditLogType concurrent the files created by modsecurity in the directory SecAuditLogStorageDir
are of the type

%Y%m%d-%H%M%S-UNIQUE_ID

where UNIQUE_ID is produced by the module mod_unique_id. In apache 2.2
UNIQUE_ID was 24 characters long while in apache 2.4 is 27 characters long,
as a result of the new version of mod_unique_id. This patch extends
the regular expression for searching these  log files for apache 2.4 and apache 2.2,
and also with future releases, at least with regard to the length of UNIQUE_ID

Signed-off-by: Elia Pinto <elia.pinto@gmail.com>
 2016-01-04 14:57:43 -03:00
Felipe Zimmerle
51f1ff6ebf iis-installer: Adds IIS 10 on the suported list 
As reported on issue #931 the installer was marking ModSecurity as incompatible
with IIS 10.
 2016-01-04 10:41:09 -03:00
Felipe Zimmerle
8defe8ac3d Adds information about the pull request #840 on the CHANGES file 2015-12-10 12:32:30 -03:00
Christian Folini
8f3bc3cbac Introduced ap_log_rerror declaration to standalone/server.c 2015-12-10 12:29:43 -03:00
vfolin
76dfc1a90b Fix apache logging limitation by using correct apache call. Apache 2.4 brought the option to change the ErrorLogFormat. However, many fields remain empty, as ModSecurity uses the wrong apache logging function. This fixes this behaviour with the use of ap_log_rerror. 2015-12-10 12:29:37 -03:00
Felipe Zimmerle
fecefbe8b4 Adds information about the issue #883 on the CHANGES file 2015-10-30 14:03:19 -03:00
Kurt Newman
9dbb31b6ce Fix WITH_APU_CRYPTO check on 32-bit Linux platform 
All of the apr flags needed to compile APU_HAVE_CRYPTO check
in configure.ac aren't passed.  While this works fine for 64-bit
machines (because _LARGEFILE64_SOURCE is already defined),
this does not work on 32-bit.  This in-turn breaks the apr_off_t
definition in apr.h.

By passing along the apr --cflags and --cppflags to compile,
32-bit machines will allow WITH_APU_CRYPTO to be set if there's
support for it.
 2015-10-30 10:04:27 -03:00
Felipe Zimmerle
2e7ae24b16 Adds information about the issue #662 on the CHANGES file 2015-10-27 14:40:01 -03:00
Andrew Elble
3044ad012b Fix the variable resolution duration (Issue #662) 
apr_time_usec is apparently defined as follows:

Which leads DURATION to not behave as expected when duration exceeds one second.
 2015-10-27 14:40:01 -03:00
Felipe Zimmerle
6d458be8ca Fix typo in CHANGES file 2015-10-27 14:39:56 -03:00
Felipe Zimmerle
18d79b6221 Adds information about the issue #927 on the CHANGES file 2015-10-26 13:57:10 -03:00
Felipe Zimmerle
198032208a Improves #927 by checking earlier if the string is empty or not 2015-10-26 13:49:05 -03:00
Eugene Alekseev
7ba07bd547 Fix buffer overflow on empty strings in key. 
Sometimes apache segfalult on memory copying when key.dptr is some
kind of empty string and key.dsize seems to be 0.
 2015-10-26 13:41:55 -03:00
Felipe Zimmerle
fdcab3a60d Adds information about the issue #836 on the CHANGES file 2015-10-16 11:15:30 -03:00