github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
97 Commits 55 Branches 109 Tags
Commit Graph

75 Commits

Author SHA1 Message Date
ivanr
74738b29b0 Added new directive (SecPdfProtectMethod) to enable the user to choose between 
using token redirection (falling back on forced download in some cases) and
forced download (in all cases).
 2007-06-14 15:26:08 +00:00
ivanr
8b843127ba Revert incorrect change to GET/HEAD detection code. This will teach me to always compile before I commit. 2007-06-14 14:59:48 +00:00
ivanr
c7f5dc3355 Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented. 2007-06-14 14:54:23 +00:00
ivanr
eec279c8d9 Cleanup code. 2007-06-14 14:43:35 +00:00
brectanus
6350e2badc Do not log alert message for subrequests. See #124. 
Cleanup CHANGES.
 2007-06-11 21:28:03 +00:00
brectanus
23bd6b4331 Do not pause if we are not the main request. See #124. 2007-06-11 21:20:07 +00:00
brectanus
46d7a5ec6f Move transformation cache rec def re.h from modsecurity.h 2007-06-11 21:15:14 +00:00
brectanus
dd6755985c Move the transformation cache recort into re.h. See #14. 2007-06-05 18:20:44 +00:00
brectanus
11456dd87a Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16. 2007-06-04 20:16:48 +00:00
brectanus
e5c00d156a Added rule file/line to audit log messages. See #49. 2007-06-01 15:32:08 +00:00
brectanus
f1607d007b Cleanup message output. See #16. 2007-06-01 15:21:04 +00:00
brectanus
86f648d267 Remove extraneous debug log message. 2007-06-01 13:04:13 +00:00
brectanus
84c0ca303e Fixed patch for subrequests to be more complete. See #124. 2007-05-31 15:42:42 +00:00
brectanus
e887faac2b Add @pm/@pmfile operators (parallel patch). See #16. 2007-05-30 22:02:35 +00:00
brectanus
db04c64420 Cleanup 2007-05-30 16:10:17 +00:00
brectanus
af6160b9c4 Fixed problem with subrequests not being intercepted. See #124. 2007-05-30 14:14:00 +00:00
brectanus
c594c205c3 Fix new string operators to all resolve macros. 
Rename startsWith operator in code to match docs.
See #54.
 2007-05-29 14:58:05 +00:00
brectanus
6cc0173cfa Add caching for transformations. See #14. 2007-05-25 21:14:59 +00:00
brectanus
61238ca22f Argh! That last one was not meant to be checked in - reverting 281. 2007-05-25 21:01:11 +00:00
brectanus
e11ff85421 Fixed log_escape_raw when length was <= 0 2007-05-25 20:56:03 +00:00
brectanus
220abd3444 Quiet uninitialized warning. 2007-05-24 21:56:34 +00:00
brectanus
a1a0c24b88 Do not compile on Solaris with visibility attributes. 2007-05-23 16:04:25 +00:00
brectanus
a627e96c75 Lessen "capture" debug log messages. 2007-05-17 12:02:59 +00:00
brectanus
eaa8e444dd Fixed decoding full-width unicode in t:urlDecodeUni for ASCII range 0xFF01-0xFF5E. Probably need more work/testing. (See #122) 2007-05-16 20:09:28 +00:00
brectanus
97a1718d39 Only calculate debug data when we are debugging. 
NOTE: Last commit message was wrong.
 2007-05-16 19:55:13 +00:00
brectanus
e03ea11f9a Only calculate debug data when we are debugging. 2007-05-16 19:48:21 +00:00
brectanus
b60f206976 Remove use of GNU extention strnlen(). 
Fix CHANGES.
 2007-05-16 19:37:27 +00:00
brectanus
a68eb04884 Add geo lookup support. See #22. 2007-05-11 16:14:11 +00:00
ivanr
d8abb48ad9 Fixed a problem with content injection that resulted in content being injected twice. 2007-05-11 11:04:34 +00:00
brectanus
2733cc739a Do not try to intercept a request after a failed rule. (See #53) 2007-05-10 04:28:37 +00:00
brectanus
c0c5d8d894 Removed extraneous symbols from dso via DSOLOCAL. 2007-05-03 16:17:42 +00:00
ivanr
fca9eabafe Merged the PDF XSS protection functionality into ModSecurity. 2007-05-03 12:09:24 +00:00
brectanus
c559f3ee21 Change @eq to @streq. See #54. 2007-05-03 03:41:29 +00:00
brectanus
2aa6e61605 Exported API for registering custom variables. See #120. 
Simple example in api/mod_var_remote_host_port.c
 2007-05-03 03:26:30 +00:00
brectanus
0c234c115e Cleanup debug log output: add rev to 'Invoking rule' line, remove clearing mem pool line. 2007-05-02 16:00:20 +00:00
ivanr
e0a8602929 Added experiemental support for content injection. 2007-05-02 11:22:09 +00:00
ivanr
20c0b11dd9 Added experimental RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE. 2007-05-02 10:02:20 +00:00
ivanr
3661a294a4 Added experimental RESPONSE_CONTENT_ENCODING. 2007-05-02 09:06:39 +00:00
brectanus
3f7fc7c758 Added string comparison operators: @contains, @is, @beginsWith and @endsWith with support for macro expansion. See #54. 2007-05-01 22:00:34 +00:00
brectanus
0a1610f850 More debug log enhancements - quote values to easier see whitespace. 2007-05-01 21:52:47 +00:00
brectanus
a3c3f25ae0 Fix macro expansion. See #118. 
Fix some debug log output to escape NULs properly in preparation for #54.
Up version to prepare for 2.2.0 pre-releases.
 2007-05-01 21:36:24 +00:00
brectanus
b93eef9db3 Added t:length to transform a value to its character length. See #55. 2007-05-01 15:59:52 +00:00
brectanus
5482606c37 Added t:trimLeft, t:trimRight, t:trim to remove whitespace from a value on the left, right or both. (see trac #117) 2007-05-01 15:55:35 +00:00
brectanus
d9a26780ab Add SecAuditLog2 directive (trac #102) 2007-04-25 20:46:23 +00:00
brectanus
00dcb2714f Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. (trac #57) 2007-04-05 01:54:03 +00:00
brectanus
a93c77e9a2 Updated line/num/id debug output with a format that is easier to parse. (trac #47) 2007-03-27 18:00:04 +00:00
brectanus
383119a147 Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. (trac #51) 2007-03-27 17:22:35 +00:00
brectanus
f6de76b053 Removed CGI style HTTP_* variables in favor of REQUEST_HEADERS:Header-Name. (trac #23) 2007-03-27 17:18:21 +00:00
brectanus
485c664a42 Enhance debug log output for capturing to detect all regex/capture mismatches (trac #21). 2007-03-27 17:13:42 +00:00
brectanus
891859f9c5 Revert back to using captured regex execution as it seems to be more effecient as the ovector can be used for working space even if it is not used for captures. 
Warn when captures are used in the regex, but "capture" not specified.
 2007-03-27 15:32:53 +00:00