571 Commits

Author	SHA1	Message	Date
Martin Vierula	76c0c864e8	Add CHANGES entry for previous commit	2022-05-05 16:22:54 -07:00
Martin Vierula	0b6bd39a52	Add CHANGES entry for previous merge	2022-04-29 11:29:28 -07:00
Martin Vierula	0be89cc15e	Correct CHANGES entry for previous merge	2022-04-26 19:40:39 -07:00
Martin Vierula	f7f8a9827f	Fix initcol error message wording	2022-04-26 16:40:03 -07:00
Martin Vierula	6e56950cdf	Tolerate other parameters after boundary in multipart C-T	2022-04-26 11:17:46 -07:00
Martin Vierula	3975f0f8fa	Fix minor CHANGES typos	2022-04-21 12:33:24 -07:00
Martin Vierula	1aa7616c18	Add DebugLog message for bad pattern in rx operator	2022-04-21 11:16:01 -07:00
Martin Vierula	f84614fe06	Support PCRE2	2022-04-13 10:44:56 -07:00
Martin Vierula	5519f6cfae	Update CHANGES for SecRequestBodyNoFilesLimit impl	2022-02-25 09:40:29 -08:00
Martin Vierula	378e31c79b	CHANGES: Adds info about #2602	2022-02-09 09:16:42 -08:00
Martin Vierula	4e37985b22	Update CHANGES file for recent commits	2022-01-26 19:09:12 -08:00
Martin Vierula	3ee6e108d6	Fix multiMatch msg, etc, population in audit log	2022-01-14 09:25:07 -08:00
Martin Vierula	1a965a49ad	Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.	2022-01-04 11:47:18 -08:00
Martin Vierula	76ce6739bf	Correct previous CHANGES update	2021-12-30 09:55:44 -08:00
Martin Vierula	630b1e0a46	CHANGES: Adds info about #2635	2021-12-30 09:47:53 -08:00
Martin Vierula	f34b49f666	Multipart names may include single quote if double-quote enclosed	2021-12-23 08:02:43 -08:00
Martin Vierula	0275c8847b	Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended	2021-12-21 06:18:53 -08:00
Martin Vierula	13e8be83c5	CHANGES: Preparing for next version	2021-12-20 06:38:45 -08:00
Martin Vierula	c3d7f4b560	Change release version to v3.0.6	2021-11-19 11:23:27 -08:00
Martin Vierula	ac79c1c29b	Support configurable limit on depth of JSON parsing	2021-11-15 18:51:25 -08:00
Felipe Zimmerle	873a94a73f	CHANGES: Preparing for a next version	2021-07-09 10:21:10 -03:00
Felipe Zimmerle	bf881a4eda	Change release version to v3.0.5	2021-07-07 10:13:14 -03:00
martinhsv	cd5fba8974	Handle URI received with uri-fragment	2021-07-05 14:51:21 -03:00
Felipe Zimmerle	9764b1fb3b	CHANGES: Fix entry for ARGS_NAMES	2021-01-25 14:59:17 -03:00
Dmitri Toubelis	102f4bdd91	Make the configure step more reliable ... Iyt appears that in cross compile environments the location of the "current" directory cannot be assumed. This fix makes it explicit.	2021-01-25 09:26:51 -03:00
martinhsv	fbea73120c	Fix: FILES variable does not use multipart part name for key	2021-01-24 15:06:30 -03:00
Felipe Zimmerle	f1f2527c03	Using setenv instead of putenv on SetEnv action	2021-01-24 14:59:59 -03:00
Felipe Zimmerle	e6bdadeb69	tests: Prints test number on segfault	2021-01-13 13:38:38 -03:00
Felipe Zimmerle	f18595f428	Makes regular expression selection on collections key case insensitive ... This issue was initially reported by @michaelgranzow-avi on #2296. @airween made an initial attempt to provide a fixed at #2107; As a consequence of the pull request review - provided by @victorhora, @zimmerle, and @michaelgranzow-avi - @airween made a second attempt at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed the essential pieces from @airween patch into this one. This patch differs from @airween's because @airween's patches were partially working: Key exclusions with regex weren't covered, same for anchored variables (e.g. ARGS). During the review, I have highlighted the importance of having elementary test cases. A simple test case on ARGS could spot the issue. Since that is an important fix, I don't want to hold this for one more review cycle; therefore, I am committing the fix myself. Thank you all involved in the solution of this very own issue.	2020-12-10 10:05:07 -03:00
martinhsv	d72be1c470	Fix: Only delete Multipart tmp files after rules have run	2020-11-04 13:50:07 -03:00
Michael Granzow	1b7aa42c77	Issue-2423: Meta-actions like 'msg' should be applied at end of chain	2020-10-29 10:33:02 -03:00
martinhsv	2672db103e	Add support for new operator rxGlobal	2020-10-26 08:55:07 -03:00
Felipe Zimmerle	785958f9b5	Fix maxminddb link on FreeBSD ... Issue #2131	2020-10-23 14:44:54 -03:00
martinhsv	8436c78993	Fix IP address logging in Section A	2020-10-16 13:14:42 -07:00
Felipe Zimmerle	9e6d8b7bbc	CHANGES: Adds support to lua 5.4	2020-08-17 11:35:51 -03:00
Felipe Zimmerle	51d06d7a8e	CHANGES: Adds info about #2378	2020-07-30 13:51:33 -03:00
martinhsv	b9620c26a0	rx:exit after full match; fix TX population after unused group	2020-06-29 06:13:45 -07:00
martinhsv	07ce43cceb	Correct CHANGES file entry for #2234	2020-06-18 07:12:25 -07:00
martinhsv	a1547eaa32	Regression tests: audit log compare support and test cases	2020-03-31 15:01:26 -03:00
martinhsv	f57265a3e2	Support configurable limit on number of arguments processed	2020-02-14 11:00:01 -03:00
martinhsv	136db3e582	Multipart Content-Disposition should allow filename* field	2020-02-11 10:29:38 -03:00
martinhsv	1b1fdc055b	Fix rule-update-target exclusions for plain (non-regex) variables	2020-02-11 09:42:37 -03:00
Felipe Zimmerle	f7e4c1d9f5	CHANGES: Adds info about #2235	2020-02-04 11:05:33 -03:00
Felipe Zimmerle	2b09e7e01d	CHANGES: Adds info about #2253	2020-02-04 10:53:22 -03:00
Felipe Zimmerle	7c6bf810e4	CHANGES: Preparing to 3.0.4+	2020-01-14 11:02:44 -03:00
Felipe Zimmerle	753145fbd1	Change release version to v3.0.4	2020-01-10 09:32:41 -03:00
martinhsv	0470168056	Fix: audit log data omitted when nolog,auditlog	2020-01-07 11:16:07 -03:00
root	6624a18a4e	Fixed inspectFile operator does not pass FILES_TMPNAMES ... pass FILES_TMPNAMES variable to lua engine Fixed Lua engine should also be aware of the variable and pass it to the target lua script main function	2019-11-26 08:40:53 -03:00
Felipe Zimmerle	05e9e7cf31	XML: Remove error messages from stderr	2019-11-25 09:27:11 -03:00
Felipe Zimmerle	42a16c71cf	CHANGES: Adds info about #1645	2019-11-22 14:49:50 -03:00