github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,668 Commits 55 Branches 109 Tags
Commit Graph

1668 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marc Stern
c1c91e24cd
{dis|en}able-filename-logging: Option to disable logging of filename in audit log [Issue #1065 - Marc Stern] 2017-04-07 10:55:08 -03:00
Felipe Zimmerle
42c819d1b9
Adds information about pull request #1339 2017-04-06 13:21:32 -03:00
Robert Paprocki
96a1f55e16
Read fuzzy hash databases on init 
Instead of reading the fuzzy db on every invocation, read and store
the db contents during initialization and store the contents in memory.
The only significant behavior change here is that a change in db contents
now (obviously) requires a daemon restart, as no API is provided to
flush the list of ssdeep chunks.
 2017-04-06 13:20:24 -03:00
Robert Paprocki
fd49ca7138
Don't leak an fd on fuzzy hash initialization 
Since we're re-opening this file with every invocation, let's
close our sanity check fd.
 2017-04-06 13:20:24 -03:00
Felipe Zimmerle
6cce8a2764
Adds information about pull request #1374 2017-04-06 09:37:52 -03:00
Chaim Sanders
5e4e2af7a6
add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:34:54 -03:00
Felipe Zimmerle
eb798d8c55
Adds information about pull request #1373 2017-04-03 16:23:33 -03:00
Andrei Belov
1bb2ffcd6b
Fix building with nginx >= 1.11.11 
Closes SpiderLabs/ModSecurity#1359

See also:
http://hg.nginx.org/nginx/rev/e662cbf1b932
 2017-04-03 16:19:15 -03:00
Felipe Zimmerle
b6053df941
Adds information about pull request #1258 2016-12-01 15:14:39 -03:00
Master Yoda
792a351de6
As of 17 May 2016, the country name "Czechia" replaces this MemberState's former short name of Czech Republic (code 203) 2016-12-01 15:07:46 -03:00
Felipe Zimmerle
3e6f6e63bc
Adds information about pull request #1150 2016-11-21 11:02:13 -03:00
Felipe Zimmerle
3fce12a96c
Fix on the patch proposal #1150 
That is a fix on the top of #1150 without this fix the patch won't work
as expected.
 2016-11-21 10:58:43 -03:00
Marc Stern
7ff0e7e7b2
Added ALLOW_ID_NOT_UNIQUE compile flag to allow duplicate rule ids and no id 2016-11-21 09:58:40 -03:00
Felipe Zimmerle
bb577950bf
Adds information about pull request #1233 2016-10-20 09:44:25 -03:00
Robert Paprocki
a34f9eb785
Append a newline to concurrent JSON audit logs 2016-10-20 09:43:22 -03:00
Felipe Zimmerle
c95d93483b
Adds information about pull request #1223 2016-10-10 12:34:04 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
Felipe Zimmerle
8559dd3b8b
Adds information about pull request #1216 2016-10-06 13:30:25 -03:00
arminabf
fb3bbf37e8
revert error message assignment for older versions 
as errstr is only available since version > 2.2
 2016-10-06 13:28:37 -03:00
arminabf
e7f029b55a
fix error message 
both info->format and fmt (for versions prio 2.4) contain the error message format but not the actual formatted error message
 2016-10-06 13:28:37 -03:00
Felipe Zimmerle
137331748c
Adds information about pull request #1220 2016-10-05 12:35:13 -03:00
culyerr
b83c1109ad
Fixed IPv4+Port address parsing 2016-10-04 13:23:46 -03:00
Felipe Zimmerle
b1ee051cee
Adds information about pull request #1190 2016-10-04 09:41:16 -03:00
Robert Paprocki
2b4ece14c6
Remove logdata and msg fields from JSON audit log rule elements 
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
 2016-10-04 09:31:25 -03:00
Felipe Zimmerle
5f4a098f08
Adds information about pull request #1204 2016-09-21 00:05:13 -03:00
Ephraim Vider
21a63cb83e
json parser handle cleanup 2016-09-21 00:03:40 -03:00
Felipe Zimmerle
923c3c6793
Adds information about pull request #1171 2016-07-11 13:36:16 -03:00
Chaim sanders
947cef7c8c
Adapted patch from 977 to fix status failing to report in Nginx auditlogs 2016-07-11 13:32:56 -03:00
Felipe Zimmerle
2538d90e5f
Adds information about pull request #1181 2016-07-11 12:17:31 -03:00
Robert Paprocki
f2ef2017f1
Fix file upload JSON audit log entry 
Each uploaded file is a separate yajl array, but we forgot to open
the a map for the proper k/v pairs.

This fixes issue #1173.
 2016-07-11 12:14:37 -03:00
Felipe Zimmerle
a2bb610d7c
Adds information about #1158 2016-06-14 15:19:00 -03:00
Thomas Deutschmann
692712cc95
configure: Move verbose_output declaration up to the beginning 
Macros like "find_curl" are using "verbose_output" variable but because some
of them are called before we define the variable we are seeing errors like

  ./configure: line 13855: test: : integer expression expected

This commit will fix the problem by moving the "verbose_output" declaration
up to the beginning so that the variable is available for every macro.
 2016-06-14 13:48:01 -03:00
Thomas Deutschmann
c729b6d0ab
configure: Fix detection whether libcurl is linked against gnutls 
The find_curl macro is also checking whether libcurl is linked against
gnutls. However the check depends on "CURL_LIBS" which wasn't defined
by the macro.

This commit will define "CURL_LIBS" so that the check works as expected.
 2016-06-14 13:48:01 -03:00
Felipe Zimmerle
808ea48263 Adds information about the pull request #1060 on the CHANGES file 2016-03-16 10:37:01 -03:00
root
f9c253952c This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE. 2016-03-16 10:35:22 -03:00
Felipe Zimmerle
88bffb1e3e Version 2.9.1 (final) 
Increasing version to 2.9.1 (final)
v2.9.1 		2016-03-09 14:48:29 -03:00
Felipe Zimmerle
ad9257c374 Version 2.9.1 
Increasing version to 2.9.1 and performed small fixes on the
CHANGES file
v2.9.1-rc1 		2016-02-03 11:04:50 -03:00
Felipe Zimmerle
a157ac2946 Fix compilation issue on "pedantic" compilers 2016-02-03 10:37:24 -03:00
Chaim Sanders
eef2c03e64 Fixed broken link in readme #1059 2016-02-01 11:16:13 -05:00
Felipe Zimmerle
c131dcc93c Adds information about the pull request #914 on the CHANGES file 2016-01-29 13:27:30 -03:00
Robert Paprocki
374871e10e Updates to parse_modsec.pl 2016-01-29 11:59:52 -03:00
Robert Paprocki
2307a8b55b Add JSON log parse script 2016-01-29 11:59:52 -03:00
Robert Paprocki
8f8645f3d6 Whitespace fix for pull request 2016-01-29 11:59:52 -03:00
Robert Paprocki
ddc25dbbaa Fix 'is_chained' value for final rule in chain 
'is_chained' should be true for an actionset when the is_chained
member of the struct is true, or when its rule has a valid
chain_starter member.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
5bc75ec871 Do not compile in JSON logging support if yajl is not found 2016-01-29 11:59:52 -03:00
Robert Paprocki
0c95a7a2cd Clean up JSON rule writer 
* Escape rule actionset metadata
* Escape and truncate logdata
* Lazily add actionset tags as an array
* Add negated rule op_param
* Add unparsed rule representation
 2016-01-29 11:59:52 -03:00
Robert Paprocki
8559399ebd Update JSON structure for matched rules 
Create a separate map for each matched rule chain,
making it easier to identify chains in which only a portion
of rules actually matched.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7a39b4b5b9 Make JSON audit logging a configurable option 
Remove compile-time setting for generating audit logs
as JSON, creating a new config option (SecAuditLogFormat).
sec_audit_logger is now a wrapper for sec_audit_logger_json
or sec_audit_logger_native. This has the disadvantage of
making the audit log generation code harder to maintain,
but the logger function itself now is no longer pepper
with binary branches.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
dd79bea0b4 Additional updates for JSON logging 
* Write Stopwatch2 values into a separate map
* Remove legacy Stopwatch
* Proper sanitization of request/response headers
* Lazily open maps for keys that may not have content
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7b2ca1617e first pass at JSON logging implementation 2016-01-29 11:59:52 -03:00