github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
608 Commits 55 Branches 109 Tags
Commit Graph

70 Commits

Author SHA1 Message Date
ivanr
b8837bbfb2 Change the format string from m (already taken) to M. 2010-02-02 12:45:28 +00:00
ivanr
9bd9f33594 Run phase 5 prior to mod_log_config. Now for real. 2010-02-01 14:01:33 +00:00
ivanr
a4d5d50be9 Integrate with mod_log_config (MODSEC-108). 2010-02-01 11:01:17 +00:00
ivanr
7b56982f26 Implemented a new time-measuring mechanism. Added Stopwatch2. 2010-02-01 09:42:23 +00:00
ivanr
f740b4f228 Run phase 5 prior to mod_log_config. 2010-01-26 12:12:14 +00:00
ivanr
6a29308202 Remove one missed reference to the PDF UXSS filter 2009-12-09 16:57:10 +00:00
ivanr
7916942fe3 Remove unused variable 2009-12-07 11:45:23 +00:00
ivanr
839b7f81e0 Removed the obsolete PDF UXSS functionality (MODSEC-96). 2009-12-04 23:33:47 +00:00
ivanr
cb8b76f4ef Process phase 1 in the same Apache hook as phase 2 (MODSEC-98) 2009-11-07 10:14:40 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
b1v1r
a16eb9677c Merge 2.5.x changes into trunk. 2009-05-16 10:42:32 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
67c48bfdfb Added ability to use ctl:requestBodyAccess=off in phase:1 to avoid limit check. 
Added regression tests for this as well.
 2008-09-10 19:45:13 +00:00
brectanus
20cc395510 Added mlogc source. 2008-09-02 23:10:36 +00:00
brectanus
225339525d Allow disabling processing of request body size limit in phase 1. See #518. 2008-08-15 20:21:25 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
ivanr
c3fd0231d0 Prevent phases from being processed more than once. 2008-06-05 14:52:48 +00:00
brectanus
83ff6c4796 Re-enable error output filter with a fix after more testing/tracing of code. See #498. 
Update versions to ready for release of 2.5.5.
 2008-06-03 20:28:05 +00:00
brectanus
0c1f2f2e09 Fixed blocking in phase 3 by reverting changeset:591 (for now). See #65 and #498. 2008-05-30 19:31:22 +00:00
brectanus
8f7b861d94 Added mod_rpaf-2.0 and mod_custom_header to the beforeme list. 2008-05-09 15:50:17 +00:00
brectanus
fa3462f48f Add the MODSEC_2.5 define to 2.6 for compatibility. 2008-04-11 20:06:48 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
e2ad283fdb Fix some sprintf formatters so they do not generate warnings. 2008-02-04 21:50:10 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
99c41afc3d Added a check that SecServerSignature actually worked (Apache changed some of this code as of 2.2.4 and could potentially change it again and break this). 
Cleaned up some configure code.
Cleaned up some extraneous cache logging.
Cleaned up the output from the test script.
 2008-01-14 22:32:53 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
61e4623bae Move around some code to make unit tests easier to build. 2007-12-19 20:44:56 +00:00
brectanus
a99357ad5b Add ability to use <IfDefine MODSEC_2.5>. See #436. 2007-12-17 19:06:08 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
ivanr
e467d3cac0 Unified messages in the error log and in the audit log. 2007-11-26 15:39:37 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
2b346dd086 Updated input filter insertion code for sub-requests. 2007-10-17 23:07:00 +00:00
brectanus
8e99090067 Add the input filter if we have read the body (even if a sub-request). See #335. 2007-10-17 22:41:37 +00:00
brectanus
27ba3027b7 Move init of msr->msc_rule_mptmp before msr storage. 2007-09-28 21:06:57 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
ivanr
2a707d4370 Enable our output filters to intercept bodies of error responses (#65). 2007-09-21 19:06:54 +00:00
brectanus
b217e42624 Merge in fix for ErrorDocument. 2007-09-17 17:10:38 +00:00
brectanus
c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). 2007-09-14 21:00:56 +00:00
brectanus
1e603d8a3e Detect and use new API calls to get the server version/banner when available. 2007-09-11 18:01:28 +00:00
brectanus
d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. 2007-08-22 20:12:41 +00:00
brectanus
9e08017b32 Force rpaf and similar modules before mod_security2. 2007-08-21 23:44:19 +00:00
brectanus
e275162463 Quiet "warning: int format, pid_t arg" type warnings. 2007-08-13 17:49:37 +00:00