github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 06:36:13 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,452 Commits 55 Branches 109 Tags
Commit Graph

255 Commits

Author SHA1 Message Date
Felipe Zimmerle
b4051246b1 Adds support to SecResponseBodyMimeTypesClear 2017-08-16 22:21:03 -03:00
Felipe Zimmerle
48f1470269 Adds support to SecArgumentSeparator 2017-08-16 18:27:51 -03:00
Felipe Zimmerle
a302538521 parser: Adds SecWebAppId not supported note 2017-08-16 17:31:59 -03:00
Felipe Zimmerle
2c4e65f7ee parser: Adds support to quoted paramenter in SecDataDir 2017-08-16 17:17:39 -03:00
Felipe Zimmerle
bb2fe0e039 parser: Adds note saying that SecServerSignature is not supported 2017-08-16 17:14:42 -03:00
Felipe Zimmerle
e6cfd5379d parser: Adds SecRuleScript not implemented note 2017-08-16 17:00:36 -03:00
Felipe Zimmerle
cd533e00e7 parser: Adds support to quoted arguments on SecUploadDir 2017-08-16 10:17:51 -03:00
Felipe Zimmerle
b5d0dc2409 paser: Adds support for quoted argument on SecTmpDir 2017-08-16 09:51:56 -03:00
Felipe Zimmerle
5ffc5c1633 parser: Adds support to quoted arguments in asorted configurations 2017-08-16 09:37:34 -03:00
Felipe Zimmerle
9abc37157d parser: Adds msg: ContentInjection is not yet supported 2017-08-16 09:21:23 -03:00
Felipe Zimmerle
06447ea3d4 parser: Adds support to double quotes on adit logs file 2017-08-16 00:18:06 -03:00
Felipe Zimmerle
c525cbfb20 parser: Adds ability to inform auditlog status without quotes 2017-08-16 00:17:58 -03:00
Felipe Zimmerle
9ee412735d parser: Improves the reading for the url in the redirect action 2017-08-15 15:18:52 -03:00
Felipe Zimmerle
8c66a1b4c2 Adds support to double quotes on debug logs conf 2017-08-15 14:20:39 -03:00
Victor Hora
53ff0e1a57
Adds initial support to SecHttpBlKey 2017-07-29 00:12:14 -03:00
Felipe Zimmerle
4bec6b0019
Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
e14dc602e5 Adds support to SecRuleUpdateTargetById 2017-07-04 13:13:13 -07:00
Felipe Zimmerle
fba9c20ea1 Adds initial support to SecRuleUpdateTargetByTag 2017-07-03 17:42:34 -07:00
Felipe Zimmerle
508a2b5a4a Adds sanity check on SecRemoteRules directive input 2017-06-21 19:08:12 -07:00
Felipe Zimmerle
c3a0d8d9bb
Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
9cb3f23b50
Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
e795253ecf
Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Victor Hora
37868d1534
Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d
Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
0e05b7bb8a
Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361
Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
6421ff087a
Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Felipe Zimmerle
b3c8e97ff7
Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
e2bd87d07d
Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d6363607aa
Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
f9552ede2b
Adds missing file 2017-03-06 15:02:01 -03:00
Felipe Zimmerle
e95efa05cc
Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f
Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06
PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
c1f11ab4e5
Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ff65d618e4
Adds missing Makefile.am file 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ba6b972ca8
Makes global collection allowed to be set by setVar 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
b516cc6de1
Adds operation unset to setVar action 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e
Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
703da3c4f0
Adds PoC about 1-time variable resolution and draft for offset 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
3eccfaf1f6
Disables parser generation on all builds 
The parser generation is now an configure option
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
03d0570e99
Deletes the Rule object in case of a parser failure 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
1aa2a9c01b
Avoids memory leak by cleaning loc stack on Driver's destructor 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
839ac62585
Fix memory leaks in parser failures 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
a6f07f621d
Makes the lexical errors a little bit more verbose 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
5880524db6
cosmetics: Improves the tokens organization 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
808fd23358
Avoids a second initialization of the Audit Log class 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
60402d8b80
Renames defaultActions to m_defaultActions in RulesProperties 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
7927ddda91
Renames rules to m_rules in RulesProperties 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
5086fef492
Fix parser while continuation line is used between var and op 2017-03-06 15:01:50 -03:00