ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 23:17:10 +03:00

Author	SHA1	Message	Date
b1v1r	589274903d	Added PCRE limits and studying by default to help alleviate REDoS reported by Sogeti/ESEC R&D (MODSEC-119).	2010-02-05 18:09:19 +00:00
b1v1r	bfe41347d2	Update copyright to 2010.	2010-02-03 23:50:24 +00:00
ivanr	34ee235d73	Change SECACTION_TARGETS and SECMARKET_TARGETS to REMOTE_ADDR	2009-12-13 08:43:56 +00:00
b1v1r	d33f656b93	Fixed parsing quoted strings in multipart Content-Disposition headers.	2009-11-05 19:36:32 +00:00
b1v1r	7333260b9b	Added SecAuditLogDirMode and SecAuditLogFileMode (MODSEC-82). Cleaned up SecUploadFileMode implementation.	2009-08-25 00:29:56 +00:00
b1v1r	b77784c3ee	Always log the message in the auditlog if "auditlog" is used (MODSEC-78).	2009-07-23 21:26:19 +00:00
b1v1r	2370606d70	Updated copyright year to 2009.	2009-03-06 05:32:03 +00:00
b1v1r	a78d2613c3	Merge in atomic counter updates and some cleanup from trunk.	2009-03-06 04:53:40 +00:00
brectanus	d8be195989	Revert r1205 as it was fixed in mod_jk upstream.	2008-09-17 16:54:31 +00:00
brectanus	f173301b39	Worked around mod_jk issue where a 401 response was not including the WWW-Authentication header (MODSEC-16).	2008-09-15 19:51:06 +00:00
brectanus	f2f160e10c	Allow ability to force request body buffering to memory. Fixes MODSEC-2.	2008-09-03 20:42:28 +00:00
brectanus	c47c3583e0	Added mlogc source.	2008-09-02 23:10:36 +00:00
brectanus	492ffd9897	Sync up branches/2.5.x and trunk.	2008-07-31 22:36:24 +00:00
brectanus	bab6fdba35	Prepare 2.5.x branch for next release.	2008-07-31 20:30:03 +00:00
ivanr	7edd9cc7f7	Update licensing headers in all source code files.	2008-07-31 09:30:59 +00:00
brectanus	c066e8b3c4	Fixed VAR_CACHE/VAR_DONT_CACHE values with reasons for DONT. Added a DEBUG_MEM define to disable optimization and for future enhcement. Prevented "counting" vars from being cached. Prevented vars from being cached unless they are marked "available" in phase. Now use var->value as the cache hash key as a unique value. Fixed which pools we are using for rule processing. Updated regression tests for tfns. Updated regression test script to handle extra APR_POOL_DEBUG output. See #364.	2008-07-30 22:35:52 +00:00
brectanus	40b6cd3ebe	Cleanup. See #364 .	2008-07-29 05:47:14 +00:00
brectanus	dc043e82f2	Update versions for the 2.5.6 release.	2008-07-29 04:46:45 +00:00
brectanus	6ebc5ad6e7	Transformation caching fixes. See #364 .	2008-07-29 00:18:16 +00:00
brectanus	e1342ff011	Backport trunk changes for changeset:1072 and changeset:1073 to 2.5, but leave out the error filter code until more testing is completed. See #498 .	2008-06-05 16:55:53 +00:00
brectanus	896ae59e1f	Re-enable error output filter with a fix after more testing/tracing of code. See #498 . Update versions to ready for release of 2.5.5.	2008-06-03 20:28:05 +00:00
brectanus	0c3f6bd2c2	Change version/date for release of 2.5.4.	2008-05-07 16:25:07 +00:00
brectanus	6dea0f90da	Update version to 2.5.3 for tagging.	2008-04-24 16:59:18 +00:00
brectanus	8e75cdb884	Update versions for release.	2008-04-02 16:10:47 +00:00
brectanus	e13d3dab8b	Make sure all filehandles are closed at the end of a trasaction. See #464 and #465 . Fixes a few typos in some error messages when we are over the limits.	2008-03-28 20:00:37 +00:00
brectanus	6b970c9185	Added back support for HTTP_* targets by aliasing it to REQUEST_HEADERS:*. Fixed the severity warning message to only be displayed at a warn log level.	2008-03-19 21:31:41 +00:00
brectanus	b2cf7d1329	Change version to 2.5.1 for tagging.	2008-03-14 23:03:13 +00:00
brectanus	d38f5da865	Change branch version back to -rc1 for re-taging.	2008-03-07 20:50:00 +00:00
brectanus	5e08b6e4d3	2.5.1-breach2 not 2.5.0-breach2	2008-03-07 20:46:16 +00:00
brectanus	57e8fc57d9	Change version to 2.5.1-breach2 for appliance.	2008-03-07 20:41:27 +00:00
brectanus	024e854725	Fixed a bug in transformation caching, which would prevent a match in certian cases. Updated docs on "pass" action to explicitly state that we execute all targets.	2008-03-07 20:23:16 +00:00
brectanus	69a547ccf9	Create a 2.5.1-breach1 for the M1100.	2008-03-05 18:16:23 +00:00
brectanus	20274563fb	Make a severity in a default action just a warning instead of a fatal error.	2008-03-04 22:55:39 +00:00
brectanus	abbab078d5	Fix the module name macro to not end in "-" when there is no "-rc", etc.	2008-03-04 22:40:35 +00:00
brectanus	1e991d6fcd	Add searching for lua in /usr/lib{64\|32}. Do not default to using -Werror (warnings are errors).	2008-02-27 23:18:03 +00:00
brectanus	1fbf0c97f2	Update CHANGES, versions and dates for 2.5.0.	2008-02-15 22:51:01 +00:00
brectanus	cc2110b187	Updates to build on Windows with MS VC++ 8.	2008-02-13 07:10:54 +00:00
brectanus	f428d37680	Cleanup - remove extraneous whitespace and tabs.	2008-02-07 21:45:05 +00:00
brectanus	fd8f4e319f	Update CHANGES and versions for 2.5.0-rc3.	2008-02-05 00:55:16 +00:00
brectanus	588b4fba81	Fix apr_size_t formatting. Do not bother with formatting errors on solaris.	2008-01-29 22:15:48 +00:00
brectanus	f8adea949c	Implemented SecUploadFileMode. See #448 .	2008-01-24 22:10:37 +00:00
brectanus	00731cc70f	Update versions in preparation for 2.5.0-rc2.	2008-01-22 07:00:32 +00:00
brectanus	b5033e6e29	It is 2008 now :)	2008-01-11 00:00:31 +00:00
brectanus	4e7c243c39	Make libxml2 required.	2007-12-19 18:13:41 +00:00
brectanus	8360aacc22	Use use new msr->rule_was_intercepted flag. See #425 .	2007-12-17 19:58:35 +00:00
ivanr	b9a28882b2	Enhanced allow.	2007-12-17 11:22:47 +00:00
brectanus	cbf79d43ba	Update version to ready for 2.5.0-rc1.	2007-12-12 23:08:14 +00:00
brectanus	715a8eae58	Implement SecMarker. See #416 .	2007-12-11 17:53:50 +00:00
ivanr	c25071b832	Initial experimental implementation of SecRequestEncoding. See #390 for more details.	2007-12-03 14:04:53 +00:00
brectanus	dcdce0cbc5	Added matching rules to audit log data. See #93 .	2007-11-30 00:52:21 +00:00

1 2

88 Commits