ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00

Author	SHA1	Message	Date
Felipe Zimmerle	b048794f4e	Adds support to unconditional rules	2015-09-04 15:55:53 -03:00
Chaim Sanders	4e8bb276b8	Fixing compilation problem on newer versions of gcc (Fedora 22+)	2015-09-04 11:08:15 -03:00
Felipe Zimmerle	010c18f63f	Adds support to SecDefaultAction configuration directive	2015-09-04 10:56:04 -03:00
Felipe Zimmerle	f2ed890ea6	Now accept SecRules regardless of the letter case	2015-09-03 11:09:40 -03:00
Chaim Sanders	8675383c0d	Updated build instructions for Fedora	2015-09-03 09:42:01 -03:00
Chaim Sanders	9a0c9d4938	Updated build instructions for Fedora	2015-09-03 09:42:01 -03:00
Chaim Sanders	84eba7ad1a	Updated build instructions for Fedora	2015-09-03 09:42:01 -03:00
Chaim Sanders	9cd9f7f11e	Updated readme to reflect required Fedora packages	2015-09-03 09:42:01 -03:00
Chaim Sanders	d963e2dc23	Updated readme to reflect required Fedora packages	2015-09-03 09:42:01 -03:00
Chaim Sanders	3cd54e753d	Updated readme to reflect required Fedora packages	2015-09-03 09:42:01 -03:00
Felipe Zimmerle	7afd93196d	Adds contains to the list of operators compatibles with the capture action	2015-09-03 09:38:19 -03:00
Felipe Zimmerle	3de845fac1	Fix macro expansion string replacement It was removing more characters from the string than the actual %{variable}%	2015-09-03 09:38:19 -03:00
Felipe Zimmerle	45d81e1c04	Adds sanity check to the rule id action	2015-09-03 09:38:12 -03:00
Felipe Zimmerle	6ab88472b1	Adds a simple regression test for the operator @rx	2015-09-02 18:50:19 -03:00
Felipe Zimmerle	a63aa50f1b	Changes the default operator to be @rx not @pm For some reason the default operator was @pm, which was a huge mistake. The default operator is @rx, thanks for Sanders who have noticed that.	2015-09-02 18:31:02 -03:00
Felipe Zimmerle	ea4cd53221	Accepts phases with its name instead of a number	2015-09-02 18:31:02 -03:00
Felipe Zimmerle	035040cd13	Adds sanity check to confirm that the rule has an ID and it is not duplicated	2015-09-02 18:30:41 -03:00
Felipe Zimmerle	aae8036c0c	Cosmetics: Fix debug log message	2015-09-02 10:55:35 -03:00
Felipe Zimmerle	5d24b237bd	Fix default parts to be logged on audit logs	2015-09-02 10:55:35 -03:00
Felipe Zimmerle	fa4f72d90d	Adds support to ctl:auditLogParts variation	2015-09-02 10:55:29 -03:00
Felipe Zimmerle	e89e395a32	Fix various minor issues on the auditlog schema	2015-08-27 17:50:42 -03:00
Felipe Zimmerle	24b7d72666	DebugLogs are now being redirected to the correct files	2015-08-27 15:36:56 -03:00
Felipe Zimmerle	01542e28c3	Allows blank line (or line with space) at the end of a rules file	2015-08-25 15:50:40 -03:00
Felipe Zimmerle	e76af0eab9	Correctly handling nginx configuration merge	2015-08-25 15:50:27 -03:00
Felipe Zimmerle	004ef066ed	Fix rules chain and action execution - Rules chains are respecting the phase of the first rule in chain. - The actions are only executed if all chain match.	2015-08-25 13:44:20 -03:00
Felipe Zimmerle	f2da6bb81d	Fix the ruturn value while loading the rules	2015-08-25 10:20:58 -03:00
Felipe Zimmerle	c586ba0178	Removes an unused state from the seclang parser	2015-08-25 08:15:27 -03:00
Felipe Zimmerle	15893e312b	Fix regression test and example: checking if rules are loaded ok It was checking only the amount of rules loaded, which could be 0 if only configuration directives are loaded.	2015-08-25 07:48:37 -03:00
Felipe Zimmerle	e94226f1d8	Fix some build issues Optional dependencies were temporarily marked as mandatory, in order to sort any build problem, later it will be marked as optional again.	2015-08-25 00:25:33 -03:00
Felipe Zimmerle	fd8578351d	Fix segmentation fault in the regression tests	2015-08-25 00:24:28 -03:00
Felipe Zimmerle	a168502717	Adds missing file	2015-08-24 11:32:12 -03:00
Felipe Zimmerle	1065e297b2	Fix several minor issues on the seclang grammar	2015-08-22 11:06:28 -03:00
Felipe Zimmerle	e78d7f5b91	Makes the parser understand some missing configuration directives Directives: - SecPcreMatchLimitRecursion - SecPcreMatchLimit - SecResponseBodyMimeType - SecTmpDir - SecDataDir - SecArgumentSeparator - SecCookieFormat - SecStatusEngine Those are not implemented yet, but the parser is now able to understand it.	2015-08-20 13:04:54 -03:00
Felipe Zimmerle	a453a656c3	Fix continuation line and VARIABLENOCOLON	2015-08-19 23:12:34 -03:00
Felipe Zimmerle	0b225f0239	Parser: adds support to SecRequestBodyInMemoryLimit	2015-08-19 22:42:46 -03:00
Felipe Zimmerle	2d56aa521b	Cosmetics: fix actions on yy file - added action for: ctl:requestBodyProcessor=XML ctl:requestBodyProcessor=JSON - added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT	2015-08-19 22:36:31 -03:00
Felipe Zimmerle	a230a4ff3c	parser: Adds support for continuation lines	2015-08-19 17:20:43 -03:00
Felipe Zimmerle	ef99615401	parser: Understanding @pm if no operator is provided	2015-08-19 16:58:14 -03:00
Felipe Zimmerle	101fddfc9b	Extends DICT_ELEMENT to support "-"	2015-08-18 22:19:32 -03:00
Felipe Zimmerle	d5bf955028	Using DetectionOnly instead of DetectOnly	2015-08-18 22:16:38 -03:00
Felipe Zimmerle	b7fb65fe65	seclanguage: ignore lines starting with "#"	2015-08-18 22:10:55 -03:00
Felipe Zimmerle	cff74e7cea	Fix ValidateUrlEncoding corner case	2015-08-14 00:40:44 -03:00
Felipe Zimmerle	1de6d07dfd	Adds support to the @detectSQLi operator	2015-08-14 00:30:28 -03:00
Felipe Zimmerle	4baee88eb3	Adds support to the @detectXSS operator	2015-08-13 23:38:57 -03:00
Felipe Zimmerle	f0535ae11b	Adds libinjection repo as submodule	2015-08-13 23:38:57 -03:00
Felipe Zimmerle	ad65a1abea	Adds @noMatch operator	2015-08-13 23:38:50 -03:00
Felipe Zimmerle	73c6c8cf7c	build: searching for pcre/geoip on /opt/local directory	2015-08-13 16:27:20 -03:00
Felipe Zimmerle	d5fe21ce3c	Code cosmetics: reduce the amount of cppcheck warnings	2015-08-12 22:40:26 -03:00
Felipe Zimmerle	21400ba454	Adds support to the @verifyCC operator	2015-08-12 13:14:33 -03:00
Felipe Zimmerle	1b0a918330	Adds support to the @validateUrlEncoding operator	2015-08-11 18:01:39 -03:00

1 2 3 4 5 ...

1868 Commits