github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,777 Commits 55 Branches 109 Tags
Commit Graph

868 Commits

Author SHA1 Message Date
Felipe Zimmerle
91daeee9f6
Only calling server log if the message is not disruptive 
The disruptive message is already part of the interception object
 2018-10-25 18:04:27 -03:00
Felipe Zimmerle
448897d297
Marking message as disruptive before generate log msg 2018-10-25 18:04:07 -03:00
Felipe Zimmerle
973c1f1028
Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
fa5f3784f2
Using shared_ptr instead of unique_ptr on rules exceptions 2018-10-23 17:03:18 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
23e0d35d2d
Fix the SecUnicodeMapFile and SecUnicodeCodePage 2018-10-23 17:00:11 -03:00
Felipe Zimmerle
69cd61439d
Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Victor Hora
8088d6af71
Fix crash in msc_rules_add_file() when using disruptive action in child rule inside of chain 2018-10-23 16:39:21 -03:00
Wenfeng Liu
ec1112c648
Fix memory leak in AuditLog::init() 2018-10-23 16:39:15 -03:00
Felipe Zimmerle
8bda7c0a45
Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
120108fd33
Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
a5a40a71a9
Makes matchedvars inline 2018-10-23 16:37:49 -03:00
Felipe Zimmerle
b58018e778
Fix multimatch behavior to match what we have on v2 2018-10-23 16:37:42 -03:00
Felipe Zimmerle
dba73f5367
Using values after transformation at MATCHED_VARS 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48
Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8
Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Victor Hora
20ef01d75c Allow LuaJIT 2.1 to be used 2018-10-12 17:32:10 -04:00
Victor Hora
28f6f2201f Match m_id JSON log with RuleMessage and v2 format 2018-10-12 13:10:11 -04:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
4dd2812757
Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0
Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
98b9ae659d
Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
6f458b5203 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 2018-09-19 19:41:49 -04:00
jxm
45cdb0ed90 fix: function m.setvar not work in lua script 2018-09-19 19:34:13 -04:00
Felipe Zimmerle
c2bc695265
parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
9c73c09abd
parser: Updates the generated parser file 2018-09-11 21:01:13 -03:00
Victor Hora
a719871458
Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095
Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Victor Hora
0c0b09ec52
Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Victor Hora
d97688804e
Fix parser to support GeoLookup with MaxMind 2018-09-11 20:40:28 -03:00
Felipe Zimmerle
764a2e43ff
parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Felipe Zimmerle
d7b9726357
good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Felipe Zimmerle
a85ca00a55
Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Victor Hora
aa158ceef3
Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
Victor Hora
f999f54eda
Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Robert Paprocki
dee9898449 Implement support for Lua 5.1 2018-07-27 15:43:12 -04:00
michaelgranzow-avi
d810de9166
#1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97
Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Felipe Zimmerle
e51297b436
Improvements on top of #1787 2018-06-12 15:43:08 -03:00
Ervin Hegedus
edb5993d5f
Fixed LMDB collection errors 2018-06-12 14:47:44 -03:00
Ervin Hegedus
4d0ca94490
Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c
Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Reed Morrison
95048d5fcf
Fix ip tree lookup on netmask content 2018-06-07 14:29:27 -03:00
Felipe Zimmerle
202a15bea8
Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
892beb5360
Refactoring on {global,ip,resources,session,tx,user} collections 
Now using the same name schema and interface for these "special"
collection.

Fix: #1754, #1778
 2018-05-29 23:48:05 -03:00
Felipe Zimmerle
f928e44765
Revert "Fix memory leak in msc_rules_* C APIs" 
This reverts commit 58701e7e11a4f65ee5edc2c142c507e578ff7c1b.

It was breaking the multi-thread examples.
 2018-05-28 18:59:55 -03:00
Wenfeng Liu
b85a645610
Fix race condition in UniqueId::uniqueId() 2018-05-28 18:09:50 -03:00