github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
260 Commits 55 Branches 109 Tags
Commit Graph

199 Commits

Author SHA1 Message Date
brectanus
cbf79d43ba Update version to ready for 2.5.0-rc1. 2007-12-12 23:08:14 +00:00
brectanus
54cac6461b Add IS_NEW and IS_EXPIRED collection variables. See #345. 2007-12-12 22:52:08 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
ivanr
bbcf1d08fc Added an APR-Util variant of character encoding conversion. 2007-12-03 14:46:00 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
brectanus
22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2007-12-02 16:26:05 +00:00
brectanus
2bf4556cd0 Checkin fix to rule removal code to avoid placeholders. 2007-12-02 15:35:09 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
brectanus
a6c2d867f4 Improvements to audit logging matching rules. See #93. 2007-11-30 21:31:12 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00
brectanus
85053718d9 Cleanup log output for skipAfter. See #258. 2007-11-29 23:14:02 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
ivanr
fd5e4fb32c Fix bugs introduced by the recent change to audit logging. 2007-11-29 11:09:38 +00:00
ivanr
ab6a81fe7a Remove unused reqbody_status from modsec_rec. 2007-11-29 10:46:12 +00:00
brectanus
1cfc906fac Fixed apr_size_t formatting warnings by using portable %APR_SIZE_T_FMT instead of %lu. 2007-11-28 01:09:15 +00:00
brectanus
8cec4dd251 Some more debugging and fixes for skipAfter. See #258. 2007-11-28 01:04:26 +00:00
ivanr
4a08d7e6bf Handle out-of-disk-space conditions gracefully when writing to audit log. 2007-11-27 10:52:14 +00:00
brectanus
800cfc2cc2 Added missing #else block for printf attributes. 2007-11-27 00:17:50 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. 2007-11-26 22:27:15 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
ivanr
b163864ba7 Implemented SecComponentSignature. 2007-11-26 16:05:56 +00:00
ivanr
e467d3cac0 Unified messages in the error log and in the audit log. 2007-11-26 15:39:37 +00:00
ivanr
f0be2ff6b0 Added warning message when XML request body parser fails. 2007-11-26 15:05:48 +00:00
brectanus
40c5b2004f Remove extraneous 'void *' cast. 2007-11-15 19:11:59 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
ivanr
b9defc0adb Warn in the debug log when request body processing fails. 2007-11-08 18:20:24 +00:00
ivanr
cd2287a412 Fix for an evasion false positive. 2007-11-08 18:12:51 +00:00
brectanus
83fb4b4da4 Fix more formatting errors/warnings on 64bit systems. 2007-11-07 20:22:09 +00:00
brectanus
7f71ae377c Fix another warning on %u used where %lu needed. 2007-11-07 20:00:26 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
faec5b8e9d Fix a possible loss of data warning when compiling 64bit reported by Marc Stern. 2007-10-23 22:16:39 +00:00
brectanus
2b346dd086 Updated input filter insertion code for sub-requests. 2007-10-17 23:07:00 +00:00
brectanus
8e99090067 Add the input filter if we have read the body (even if a sub-request). See #335. 2007-10-17 22:41:37 +00:00
brectanus
9d49adf028 Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258. 2007-10-17 19:59:28 +00:00
brectanus
974298a76c Added ctl:ruleRemoveById action. See #259. 2007-10-17 19:11:47 +00:00
brectanus
9efa02f423 Change ctl parameters to be case insensitive. 
Initial implementation of ctl:removeRuleById.  See #259.
 2007-10-16 00:14:42 +00:00
ivanr
b0d514478f Fix blocking multipart FP, which affected Safari. 2007-10-15 18:05:12 +00:00
ivanr
d5f3b9ce52 Fix multipart parser blocking FP with Safari ( 
(#317).
 2007-10-15 17:27:51 +00:00
brectanus
793b576701 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. 2007-10-15 16:50:36 +00:00
brectanus
b784e6cb73 Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123. 2007-10-03 00:23:46 +00:00
brectanus
83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. 
Added @containsWord.  See #182.
 2007-10-02 18:50:35 +00:00
brectanus
da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. 2007-10-01 22:35:52 +00:00