github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,273 Commits 55 Branches 109 Tags
b6d14b7fce80b3f686e0b31296b7d1ff9949b6fb
Commit Graph

2273 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
8dd40709ee good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:52 -03:00
Felipe Zimmerle
5367bca1b3 CHANGES: adds info on #1613 2018-09-05 16:27:49 -03:00
Allan Boll
6bb4461911 AppGw WAF version that doesn't block failed body parsing in detect-only mode 2018-09-05 16:08:21 -03:00
Allan Boll
2ae357be88 Let body parsers observe SecRequestBodyNoFilesLimit 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
 2018-09-05 16:08:21 -03:00
Felipe Zimmerle
89f5427c1c potential off by one in parse_arguments 
Issue: #1799
 2018-09-05 15:33:39 -03:00
Felipe Zimmerle
fecc4296e3 Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:40:26 -03:00
Felipe Zimmerle
739048749e Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:02:09 -03:00
Reed Morrison
f66cd4111f Fix ip tree lookup on netmask content 2018-06-07 14:48:18 -03:00
Felipe Zimmerle
71f650ad48 Adds information on #1781 2018-05-28 17:55:37 -03:00
Ryan Kramer
9bfdbc57db IIS: set overrideModeDefault to Allow so that individual websites can add <ModSecurity ...> to their web.config file 2018-05-28 17:54:36 -03:00
Felipe Zimmerle
21adc0a768 Adds information about #1721 2018-05-10 18:42:45 -03:00
Padraig Doran
ec71102197 Fix spelling 
"reachers" should be "reaches"
 2018-05-10 18:35:25 -03:00
Felipe Zimmerle
7aa2f2dd5a Adds information about #1771 2018-05-10 15:32:38 -03:00
Charles Peterson
d6366d12e6 fix when multiple lines for curl version 
example....

### before fix

```bash
# /usr/bin/curl  --version | sed 's/^[^0-9][^[:space:]][^[:space:]]*[[:space:]]*//'
7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
```

### after fix

```bash
 # /usr/bin/curl  --version | sed 's/^[^0-9][^[:space:]][^[:space:]]*[[:space:]]*//' | tr '\r\n' ' '
7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 tftp ftp telnet dict ldap ldaps http file https ftps scp sftp  GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
```
 2018-05-10 15:24:04 -03:00
Robert Paprocki
8d4124eee2 Enable sanitizing JSON request bodies in native audit log format 
f86de56 enabled sanitizing JSON request body data in JSON audit
log formats (the commit message is misleading). This commit supplements
JSON request body sanitization to support sanitized elements in
native audit log formats.
 2018-03-20 11:35:40 -07:00
Robert Paprocki
830f0b7c54 Fix compiler warning in JSON parser 2018-03-20 10:57:19 -07:00
Felipe Zimmerle
203e85e33f Adds information on #1619 2018-02-28 11:20:13 -03:00
Felipe Zimmerle
9ae7b6e1e5 Fix arabic charset in unicode_mapping file 
Contribution from @alaa-ahmed-a
 2018-02-28 11:16:34 -03:00
florian-eichelberger
f86de566d1 Enables sanitizing of json request bodies in the apache module for native log format 2018-02-05 09:36:45 -03:00
Felipe Zimmerle
4ee1d9c179 Adds information on #1538 2017-10-06 16:44:03 +00:00
Felipe Zimmerle
6406e2108d Makes `large stream optimization' optional 2017-10-06 16:43:45 +00:00
Allan Boll
2e9ea0a677 Avoid use of min-macro, as it is not available in all envs 2017-10-05 17:20:41 +00:00
Allan Boll
7fff8938ba Check return value of modsecurity_request_body_store 2017-10-05 17:20:41 +00:00
Allan Boll
6ce7f4d689 Remove the unneeded null termination for the stream_input_data 2017-10-05 17:20:41 +00:00
Allan Boll
023b863853 Ensure memory preallocation for streaming is bounded by SecRequestBodyLimit 2017-10-05 17:20:41 +00:00
Allan Boll
97b51ebfed Renamed local var and initialized local vars. Undid accidental move. 2017-10-05 17:20:40 +00:00
Allan Boll
afae690655 Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream. 2017-10-05 17:20:40 +00:00
Felipe Zimmerle
07c3659ddc Adds information on #1538 2017-10-05 16:40:40 +00:00
Allan Boll
b3a527f593 Fixed a typo in build_yajl.bat 2017-10-05 16:39:57 +00:00
Felipe Zimmerle
d50f840a43 Adds info about #1545 2017-10-05 14:39:32 +00:00
Nic Jansma
a0bd72334d Fixes SecConnWriteStateLimit 2017-10-05 14:38:42 +00:00
Felipe Zimmerle
7fd5439c63 Adds info about #1446 2017-10-05 13:33:11 +00:00
Felipe Zimmerle
934a9fcc02 Verify if chunk exists before access it 2017-10-05 13:28:28 +00:00
Guido Ravagli
b8636a70d1 added "empy chunk" check 2017-10-05 13:24:59 +00:00
Felipe Zimmerle
9c51671b74 Adds information about #1488 2017-10-05 03:25:46 +00:00
Victor Hora
9b90d86f75 Add capture action to @detectXSS operator 2017-10-05 03:24:23 +00:00
Felipe Zimmerle
185ec6f72e Adds information about #1486 2017-10-04 21:24:36 +00:00
Victor Hora
bbe7f8c389 Proposed fix for wildcard op when loading conf files on Nginx / IIS 2017-10-04 21:23:49 +00:00
Felipe Zimmerle
b3c39136c1 Adds info about 94fe3 on our changelogs 2017-10-04 19:36:43 +00:00
Felipe Zimmerle
c917df0f2a Set of fixes to make the build/win to work in our buildbots 2017-10-04 13:48:45 +00:00
Felipe Zimmerle
5731b76918 Adds information about #1510 2017-09-29 18:35:45 +00:00
Marc Stern
89764f12b0 Fixed typos: LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH $log_server_context instead of $log_server_context 2017-09-29 18:34:30 +00:00
Felipe Zimmerle
2ab08a625e Adds information about #1454 2017-09-29 14:00:38 +00:00
David Carlier
7ead7f4d23 Few missing headers, in the <arpa/inet.h> inclusions ones mainly due to the fact APR_HAVE* constants are simply into apr.h 2017-09-29 14:00:32 +00:00
Felipe Zimmerle
b878ece6c6 Version 2.9.2 
Increasing version to 2.9.2 (final)
v2.9.2 		2017-07-18 09:59:59 -07:00
Victor Hora
1e8b4669eb Refactoring of IIS build scripts 2017-07-17 23:34:04 -03:00
Felipe Zimmerle
61bce8d9a9 Cosmetics: moving declaration to the too of the block 2017-07-14 13:47:30 -03:00
Felipe Zimmerle
9f92321afb Fix test case to match new version of curl. 
Error message was changed
 2017-07-14 10:37:58 -03:00
Felipe Zimmerle
cb6dc9ea27 Updates CHANGES to mention commit: fbd57 2017-06-23 16:18:54 -03:00
Allan Boll
04e4a6f9b8 Initialize msre_var pointers 2017-06-23 16:16:23 -03:00