github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
784 Commits 55 Branches 109 Tags
b8509495d93c8c5822a249458a9ade8c45f2ad91
Commit Graph

85 Commits

Author SHA1 Message Date
b1v1r
b8509495d9 Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions (MODSEC-78, MODSEC-130) 2010-02-05 18:24:44 +00:00
b1v1r
ade2c6bcf5 Cleanup some regression tests. 2010-02-05 18:17:18 +00:00
b1v1r
513c87ee45 Added SecUploadFileLimit (MODSEC-116). 2010-02-05 18:15:31 +00:00
b1v1r
3fccc35a5a Rewrote path normalization routine (MODSEC-123). 2010-02-05 18:14:08 +00:00
b1v1r
e6699ca7bf Allow for more robust parsing for multipart header folding. Reported by Sogeti/ESEC R&D (MODSEC-118). Added additional multipart regression tests. 2010-02-05 18:11:36 +00:00
b1v1r
589274903d Added PCRE limits and studying by default to help alleviate REDoS reported by Sogeti/ESEC R&D (MODSEC-119). 2010-02-05 18:09:19 +00:00
b1v1r
efc9d4e68f Fixed parsing quoted strings in multipart Content-Disposition headers (part2). 2009-11-05 19:49:30 +00:00
b1v1r
d33f656b93 Fixed parsing quoted strings in multipart Content-Disposition headers. 2009-11-05 19:36:32 +00:00
b1v1r
dc548f01cf Cleanup test scripts. 2009-09-18 08:34:12 +00:00
b1v1r
0680e9e71a Fixed crash on configuration if SecMarker is used before any rules. 
Fixed SecRuleUpdateActionById so that it will work on chain starters (MODSEC-37).
 2009-08-12 21:41:15 +00:00
b1v1r
4a248f3202 Update regression tests. 2009-07-27 21:56:33 +00:00
b1v1r
c99f8fa2c9 Escape and reformat XML errors/warnings to avoid breaking audit log format. 2009-05-31 08:37:47 +00:00
b1v1r
c13980062e Correctly resolve chained rule actions in logs (MODSEC-53). 2009-05-21 05:32:02 +00:00
b1v1r
2d9e56bede Cleanup regression tests. 2009-05-16 11:17:36 +00:00
b1v1r
6359a86a38 Populate GEO:COUNTRY_NAME and GEO:COUNTRY_CONTINENT as documented (MODSEC-45). 
Handle a newer geo database, avoiding a potential crash.
Allow checking &GEO "@eq 0" for a failed @geoLookup.
 2009-05-16 07:44:58 +00:00
b1v1r
ce288d5567 Remove an unreliable unit test. 2009-05-16 06:27:03 +00:00
b1v1r
bf4b7e3b43 Added regression test for zero length part name. 2009-05-16 04:47:30 +00:00
b1v1r
993c718eb0 Added macro expansion for append/prepend action. 2009-03-06 05:28:12 +00:00
b1v1r
a78d2613c3 Merge in atomic counter updates and some cleanup from trunk. 2009-03-06 04:53:40 +00:00
b1v1r
fa96c349e5 Merge 2.5 changes. 2009-03-05 21:50:55 +00:00
b1v1r
b566ad5a17 Prepare 2.5.8 release fixing MODSEC-27. 2009-03-05 17:57:50 +00:00
brectanus
67c48bfdfb Added ability to use ctl:requestBodyAccess=off in phase:1 to avoid limit check. 
Added regression tests for this as well.
 2008-09-10 19:45:13 +00:00
brectanus
7b5d35c462 Added ability to use ctl:requestBodyAccess=off in phase:1 to avoid limit check. 
Added regression tests for this as well.
 2008-09-10 19:45:13 +00:00
brectanus
c5e258f0ba Added additional check for XML well formed. 2008-09-10 18:32:24 +00:00
brectanus
a8933475b7 Added additional check for XML well formed. 2008-09-10 18:32:24 +00:00
brectanus
f20059b009 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. 2008-09-03 22:16:42 +00:00
brectanus
28bda503a3 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. 2008-09-03 22:16:42 +00:00
brectanus
15b043e1c2 Update a regression test due to changed error message. 2008-08-15 21:04:12 +00:00
brectanus
ab5cd92618 Update a regression test due to changed error message. 2008-08-15 21:04:12 +00:00
brectanus
5298e29540 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
abbde8f1e7 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
458fe8423c Add parity transformations. See #516. 2008-08-14 23:49:39 +00:00
brectanus
77aa445d27 Add parity transformations. See #516. 2008-08-14 23:49:39 +00:00
brectanus
bb2e4b9a3e Fix cssDecode. See #512. 2008-08-14 23:37:40 +00:00
brectanus
e3ddb2403b Updated regression suite to use full path to LoadModule. 2008-08-08 22:50:47 +00:00
brectanus
5f648db898 Updated regression suite to use full path to LoadModule. 2008-08-08 22:50:47 +00:00
brectanus
492ffd9897 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
eadc2832fe Cleanup regression suite to make it a bit more user-friendly. 2008-07-31 16:59:37 +00:00
brectanus
c066e8b3c4 Fixed VAR_CACHE/VAR_DONT_CACHE values with reasons for DONT. 
Added a DEBUG_MEM define to disable optimization and for future enhcement.
Prevented "counting" vars from being cached.
Prevented vars from being cached unless they are marked "available" in phase.
Now use var->value as the cache hash key as a unique value.
Fixed which pools we are using for rule processing.
Updated regression tests for tfns.
Updated regression test script to handle extra APR_POOL_DEBUG output.
See #364.
 2008-07-30 22:35:52 +00:00
brectanus
6a33fedc81 Regression suite cleanup merged from 2.5.x. 2008-07-29 05:50:03 +00:00
brectanus
40b6cd3ebe Cleanup. See #364. 2008-07-29 05:47:14 +00:00
brectanus
dde8e6c6a0 Typo. 2008-07-29 04:52:58 +00:00
brectanus
6ebc5ad6e7 Transformation caching fixes. See #364. 2008-07-29 00:18:16 +00:00
brectanus
ade22567bf Backport regression suite to 2.5. 2008-07-25 23:15:08 +00:00
brectanus
478389d5a4 Added regression tests for ctl:ruleRemoveById and disruptive actions in DetectionOnly mode. 2008-07-22 17:03:30 +00:00
brectanus
326208d02c Newer apaches default to text/plain instead of null. 
Make matching files a bit more robust.
 2008-06-16 17:20:50 +00:00
brectanus
493e71a9ec Tweak some regression tests. 2008-06-05 16:44:18 +00:00
brectanus
230837d4a3 Update/reorg some regression tests. 2008-06-03 20:24:14 +00:00
brectanus
e209cb7688 More regression testing updates. 2008-06-02 23:13:45 +00:00