github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,478 Commits 55 Branches 109 Tags
Commit Graph

1478 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
e20c800044 nginx: fix missing headers while SecResponseBodyAccess was On 
The problem was caused by the fact that ModSecutiry was telling Nginx that
headers had been sent when, in fact, had not. This modification was added in
the past, along with others, in the following commit: fd2c30fa2311e783eecf3bf02bf3dcfbabc3968a
This patch, just removes the "r->header_sent = 1". After that modification
the following regression tests started to work again:

from: action/00-disruptive-actions.t
   3) action - pass in phase:3
   4) action - pass in phase:4
  11) action - deny in phase:3
  12) action - deny in phase:4
  19) action - redirect in phase:3 (get)
  20) action - redirect in phase:4 (get)
  23) action - proxy in phase:3 (get)
  24) action - proxy in phase:4 (get)
from: config/10-response-directives.t
   2) config - SecResponseBodyAccess On
   6) config - SecResponseBodyLimit (greater)
   7) config - SecResponseBodyLimitAction Reject
 2014-01-06 19:10:24 -08:00
Felipe Zimmerle
445783d067 tests: Sleeps over 20 seconds if nginx failed to exit immediately 
Sometimes nginx failed to exit cleanly in the expected time. This patch adds
the capability to wait for more 20 seconds.
 2014-01-03 13:09:44 -08:00
Felipe Zimmerle
fb4e1f1b6b tests: Adds random data to a post making it workable in nginx 
For some reason nginx fails in a post with no body. This patch adds some random
data here. Other platforms should not be affected.
 2014-01-03 09:36:25 -08:00
Felipe Zimmerle
450d621ca9 tests: adds test-regression-nginx to the makefile 
This patch adds the nginx regression test entry to project makefile.
 2014-01-03 09:26:30 -08:00
Felipe Zimmerle
96ad8267ee tests: Marks the run-regression-tests-nginx.pl script as executable. 
This patch just add +x to  run-regression-tests-nginx.pl.
 2014-01-03 09:25:27 -08:00
Felipe Zimmerle
93c5b8c6ac Merge branch 'regression' 2014-01-03 05:20:05 -08:00
Felipe Zimmerle
0ad390d12d Tests: fixes tests/regression/rule/10-xml.t 
SecXmlExternalEntity was not informed. By default its value is Off. This patch
set the SecXmlExternalEntity to On in order to load the external resources
needed for this test case.
 2014-01-01 20:56:06 -08:00
Felipe Zimmerle
ba0818ca32 tests: cleans up the apache configuration file 
Simplified the apache configuration file, so that, we can handle easily
different Apaches versions
 2014-01-01 16:09:21 -08:00
Felipe Zimmerle
6325ed8d41 Tests: fixes regression/misc/10-tfn-cache.t 
Tests were failing because they were writing wrong/outdated.
 2014-01-01 11:49:08 -08:00
Felipe Zimmerle
ddb4fceb63 Tests: fixes regression/rule/20-exceptions.t 
Tests were failing because they were writing wrong/outdated.
 2014-01-01 11:21:37 -08:00
Felipe Zimmerle
0c99063aae Tests: fixes regression/rule/00-basics.t 
Tests were failing because they were writing wrong/outdated.
 2014-01-01 11:02:20 -08:00
Felipe Zimmerle
7c9ebfeb20 Tests: fixes regression/action/10-logging.t 
Tests were failing because they were writing wrong/outdated.
 2014-01-01 10:52:44 -08:00
Felipe Zimmerle
11287a6b95 test: fixes regression/misc/00-multipart-parser.t 
Tests were failing because they were writing wrong/outdated.
 2014-01-01 10:29:21 -08:00
Felipe Zimmerle
b0025c88fa tests: fixes regression/config/10-request-directives.t 
Tests were failing because they were writing wrong/outdated.
 2014-01-01 10:28:56 -08:00
Felipe Zimmerle
e5560a6a43 tests: fixes regression/config/10-misc-directives.t 
SecDefaultAction was failing due to a wrong written test.
 2014-01-01 10:00:08 -08:00
Chase Venters
0ddd2b4639 Add mod_extract_forwarded.c to run before mod_security2.c 
mod_extract_forwarded2.c is already present in this list, but there is a
(seemingly better) alternative for Apache 2.2 which is distributed in
Fedora EPEL that is called mod_extract_forwarded.c.
 2013-12-18 18:05:03 -08:00
ahuango
b788ce2608 Clean the garbage character after the duplicated charset property 
Pull request #148 by zimmerle doesn't fix the problem. '\0' in format
string won't be processed by "ngx_vslprintf".
When the garbage character is '\n' or '\r', http response is cracked and
browsers may go crashing.
 2013-12-18 16:50:44 -08:00
Nick Galbreath
74ec784005 libinjection sync 2013-12-18 04:19:02 +00:00
Felipe Zimmerle
227de9fb8a Reverts commit b1cbccdc6b18a0f3a4edda8a5dfa9f6621485e81 
This belongs to a specific branch as long as it is not stable yet.
 2013-12-18 15:05:01 -08:00
Felipe Zimmerle
2f5af6af73 Merge tag 'refs/tags/v2.7.7' 2013-12-18 14:56:22 -08:00
Felipe Zimmerle
87115e770a Adds a default config script to nginx v2.7.7 2013-12-18 03:48:15 -08:00
Felipe Zimmerle
537b85edf8 Changes SecUnicodeMapFile in recommend configuration 
The parameter was using a deprecated syntax, now it is fixed.
 2013-12-18 03:48:15 -08:00
Felipe Zimmerle
90a44f688d Updates the changes file 2013-12-18 03:48:06 -08:00
Felipe Zimmerle
c473aabb4a Changes release version to 2.7.7 
Release version is now 2.7.7.
 2013-12-18 03:46:36 -08:00
ivanr
b1cbccdc6b Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases). 2013-12-17 07:14:25 -08:00
David Andrews
9543e136ce Fix typo causing build issues 2013-12-16 19:59:03 -03:00
Felipe Zimmerle
4a7d439de5 Merge branch 'release_2_7_6-rc2' 
Release 2.7.6 ready.
 2013-12-16 07:10:24 -08:00
Felipe Zimmerle
6d3606aadb Updates CHANGES files. 
Contains the CHANGES of the 2.7.6 release.
v2.7.6 		2013-12-16 09:47:05 -03:00
Felipe Zimmerle
1cde4d2dd9 Organizes all Makefile.am 
Now using one file per line (sorted). This is the better way
to handle it, since it reduces the possibility of merge conflicts.
 2013-12-13 09:44:51 -08:00
Felipe Zimmerle
351b9cc357 nginx: generates config file using configure input. 
The nginx config file was looking for depedencies by its own,
by doing that it was ignoring the options that were passed to
configure script. This commit deletes this config file and adds
a meta-config which is populated by configure whenever the
standalone-module is enabled.
 2013-12-12 15:35:01 -08:00
Felipe \"Zimmerle\" Costa
da16d9e5d5 nginx: adds lua support 2013-12-12 14:53:49 -08:00
Felipe \"Zimmerle\" Costa
5046c8327e iis: Cosmetics fixies on sqli. 
This is needed to get it compiled with VS2011 on Windows8
 2013-12-12 14:53:49 -08:00
Felipe Zimmerle
ae252ee876 Regression tests: makes configuration compatible with 2.2 and 2.4 (try 2) 2013-12-12 14:53:49 -08:00
Felipe Zimmerle
65d9272fdc nginx: Trying apxs and apxs2 while compiling nginx module 2013-12-12 14:53:49 -08:00
Felipe Zimmerle
35fd75d859 nginx: Trying apxs and apxs2 while compiling nginx module 2013-12-12 14:53:49 -08:00
Felipe Zimmerle
751a9f4e45 macos: Using glibtoolize instead of libtoolize 2013-12-12 14:53:49 -08:00
Felipe Zimmerle
6fc4cac37a regression-tests: makes configuration compatible with 2.2 and 2.4 2013-12-12 14:53:49 -08:00
Felipe Zimmerle
e9813cd0d9 Regression test: get it working with apache 2.4 
Changes in httpd.conf.in to get it working with apache 2.4
 2013-12-12 14:53:49 -08:00
Felipe \"Zimmerle\" Costa
7366f35c1d Code cosmetics. 
Changed to reduce the number of possible fails during
Build Bot compilation.
 2013-12-12 14:53:32 -08:00
Felipe \"Zimmerle\" Costa
9bf2959c91 iis: Waiting for 5 seconds before move curl directory 
Testing buildbot.
 2013-12-12 11:47:11 -08:00
Felipe Zimmerle
f70f6f4281 Redefines unixd_set_global_mutex_perms on tests 
Avoding conflicts with the standalone implementation
 2013-12-04 19:56:54 -08:00
Felipe Zimmerle
cef72855e4 test: Avoids conflict of fuctions definition 2013-12-04 18:53:03 -08:00
Felipe Zimmerle
cc982ae42e test: Makes the unit tests to work again 
The unit tests was not working due to lack update. This patch adds
the necessary stuff to have it work again.
 2013-12-12 11:44:41 -08:00
Felipe \"Zimmerle\" Costa
ad330a44bf iis: Avoids directory link while building 
Build scripts was creating links allowing the project to
be loaded into Visual Studio without care about the
dependencies versions. Sometimes windows refuse to delete
those links leading the script to fail. This patch
moves the sources directories instead of create links
to it.
 2013-12-12 11:43:11 -08:00
Felipe Zimmerle
69c5ccac66 QA: Avoids the utilization of 3rd filedescriptor 
No need to use a 3rd description on the quality check scripts.
Stderr is now redirected to stdout and filtered as needed.
 2013-12-04 08:22:39 -08:00
Felipe Zimmerle
baaf502363 Supports WarningCountingShellCommand in cppcheck and vera 
WarningCountingShellCommand allow us to have some measurements on
the buildbot waterfall.
 2013-12-04 08:05:08 -08:00
Felipe Zimmerle
388943440c Adds verbose quality check 
Vera++ and ccpcheck are not outputing to the stderr instead stdout
allowing the buildbot to extract some numbers about it.
 2013-12-04 06:19:11 -08:00
Felipe Zimmerle
b77e90152d Adds support for coding style and quality check 
Initial effort to get the code on shape. This will be executed
by the buildbots as soon as they get ready for it.
 2013-12-03 11:09:31 -08:00
Felipe \"Zimmerle\" Costa
7b1537058f iis: Using base_rules instead of activated_rules 2013-11-13 18:32:55 -02:00
Felipe \"Zimmerle\" Costa
2ea5a74a7b iis: New improvements on the Wix installer 
- Now the installation is divided in modules: ModSecurity and CRS.
- Added default configuration
- Configuration was moved to "Program Files" folder
- Build_msi script now using candle available in %PATH%
 2013-11-13 17:26:28 -02:00