github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,091 Commits 55 Branches 109 Tags
Commit Graph

1213 Commits

Author SHA1 Message Date
Coty Sutherland
10fb76ff16
Adding comments around odd looking code to prevent future scrutiny 2017-05-08 21:07:14 -03:00
Felipe Zimmerle
d6bd0badc5
Cosmetics: fix #1400 indentation and help message 2017-05-08 16:01:37 -03:00
Marc Stern
70322304f2
{dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log. 2017-05-08 15:36:58 -03:00
Felipe Zimmerle
da995bb636
Adds sb_handle structure to specific versions of apache 
Fix issue #1407
 2017-05-05 23:06:43 -03:00
Felipe Zimmerle
9b3c32bb54
Makes #1308 compatible to older versions of Apache 2017-05-04 23:23:31 -03:00
Barry Pollard
019edfa1a9
This is a fix for #992 to allow drop to work with mod_http2 2017-05-04 22:19:57 -03:00
Sander Hoentjen
0f59d4e044
query MPM after all config is loaded (fixes #786) 2017-05-04 10:09:07 -03:00
Sander Hoentjen
a2eb4c8b04
Don't update the scoreboard ourself (fixes #1337) 
This is unsafe, and messes up the scoreboard on Apache >= 2.4.25 with Event MPM
 2017-05-04 10:09:07 -03:00
Sander Hoentjen
53edb258bb
get correct worker_score in loop 2017-05-04 10:09:06 -03:00
Sander Hoentjen
8efece97f7
don't use sb_handle on apache 2.4 2017-05-04 10:09:06 -03:00
Sander Hoentjen
f813365f7e
Fix logging for Apache 2.4 2017-05-04 10:09:06 -03:00
Felipe Zimmerle
caadf97524
Cosmetics: Fix 0x0bdda1 indentation issues 2017-05-03 09:34:47 -03:00
Marc Stern
51f312736a
rule id is not logged in case rule has no msg 2017-05-03 09:20:32 -03:00
Felipe Zimmerle
3e9e4b39cc
Cosmetics changes top of #1402 2017-05-02 17:14:06 -03:00
Marc Stern
7246998f09
Adds option to disable logging of stopwatches in audit log. 2017-05-02 17:11:58 -03:00
Marc Stern
d7383c39dd
Option to disable logging of dechunking 2017-05-02 11:09:42 -03:00
Felipe Zimmerle
a4724dfdab
Updates the libinjection 2017-04-28 14:56:06 -03:00
Marc Stern
7b86d8c51d
Extends a7731c by adding JSON support 2017-04-26 16:38:12 -03:00
Felipe Zimmerle
3de0dfc5fd
Cosmetics: fix #1381 indentation 2017-04-26 16:04:31 -03:00
Marc Stern
d1376c5525
Adds option to disable logging of Apache handler in audit log 2017-04-26 16:03:58 -03:00
Felipe Zimmerle
67908f45f4
Cosmetics: fix #1380 indentation 2017-04-26 15:28:13 -03:00
Marc Stern
d243818aff
{dis|en}able-collection-delete-problem-logging: Option to disable logging of collection delete problem in audit log when log level < 9 in audit log [Issue #576 - Marc Stern] 2017-04-26 15:27:57 -03:00
Felipe Zimmerle
45b7706f1f
Adds sanity check before print action message in the logs 
This is a sanity check on top of #1379
 2017-04-11 10:04:19 -03:00
Marc Stern
99eb07d944
Fix missing rule id in log See https://github.com/SpiderLabs/ModSecurity/issues/391 2017-04-10 12:28:38 -03:00
Marc Stern
9244cd9824
Option to disable logging of "Server" in audit log when log level < 9. [Issue #1070 - Marc Stern] 2017-04-10 12:13:55 -03:00
Marc Stern
c1c91e24cd
{dis|en}able-filename-logging: Option to disable logging of filename in audit log [Issue #1065 - Marc Stern] 2017-04-07 10:55:08 -03:00
Robert Paprocki
96a1f55e16
Read fuzzy hash databases on init 
Instead of reading the fuzzy db on every invocation, read and store
the db contents during initialization and store the contents in memory.
The only significant behavior change here is that a change in db contents
now (obviously) requires a daemon restart, as no API is provided to
flush the list of ssdeep chunks.
 2017-04-06 13:20:24 -03:00
Robert Paprocki
fd49ca7138
Don't leak an fd on fuzzy hash initialization 
Since we're re-opening this file with every invocation, let's
close our sanity check fd.
 2017-04-06 13:20:24 -03:00
Master Yoda
792a351de6
As of 17 May 2016, the country name "Czechia" replaces this MemberState's former short name of Czech Republic (code 203) 2016-12-01 15:07:46 -03:00
Marc Stern
7ff0e7e7b2
Added ALLOW_ID_NOT_UNIQUE compile flag to allow duplicate rule ids and no id 2016-11-21 09:58:40 -03:00
Robert Paprocki
a34f9eb785
Append a newline to concurrent JSON audit logs 2016-10-20 09:43:22 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
arminabf
fb3bbf37e8
revert error message assignment for older versions 
as errstr is only available since version > 2.2
 2016-10-06 13:28:37 -03:00
arminabf
e7f029b55a
fix error message 
both info->format and fmt (for versions prio 2.4) contain the error message format but not the actual formatted error message
 2016-10-06 13:28:37 -03:00
Robert Paprocki
2b4ece14c6
Remove logdata and msg fields from JSON audit log rule elements 
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
 2016-10-04 09:31:25 -03:00
Ephraim Vider
21a63cb83e
json parser handle cleanup 2016-09-21 00:03:40 -03:00
Chaim sanders
947cef7c8c
Adapted patch from 977 to fix status failing to report in Nginx auditlogs 2016-07-11 13:32:56 -03:00
Robert Paprocki
f2ef2017f1
Fix file upload JSON audit log entry 
Each uploaded file is a separate yajl array, but we forgot to open
the a map for the proper k/v pairs.

This fixes issue #1173.
 2016-07-11 12:14:37 -03:00
root
f9c253952c This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE. 2016-03-16 10:35:22 -03:00
Felipe Zimmerle
88bffb1e3e Version 2.9.1 (final) 
Increasing version to 2.9.1 (final)
 2016-03-09 14:48:29 -03:00
Felipe Zimmerle
ad9257c374 Version 2.9.1 
Increasing version to 2.9.1 and performed small fixes on the
CHANGES file
 2016-02-03 11:04:50 -03:00
Felipe Zimmerle
a157ac2946 Fix compilation issue on "pedantic" compilers 2016-02-03 10:37:24 -03:00
Robert Paprocki
ddc25dbbaa Fix 'is_chained' value for final rule in chain 
'is_chained' should be true for an actionset when the is_chained
member of the struct is true, or when its rule has a valid
chain_starter member.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
5bc75ec871 Do not compile in JSON logging support if yajl is not found 2016-01-29 11:59:52 -03:00
Robert Paprocki
0c95a7a2cd Clean up JSON rule writer 
* Escape rule actionset metadata
* Escape and truncate logdata
* Lazily add actionset tags as an array
* Add negated rule op_param
* Add unparsed rule representation
 2016-01-29 11:59:52 -03:00
Robert Paprocki
8559399ebd Update JSON structure for matched rules 
Create a separate map for each matched rule chain,
making it easier to identify chains in which only a portion
of rules actually matched.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7a39b4b5b9 Make JSON audit logging a configurable option 
Remove compile-time setting for generating audit logs
as JSON, creating a new config option (SecAuditLogFormat).
sec_audit_logger is now a wrapper for sec_audit_logger_json
or sec_audit_logger_native. This has the disadvantage of
making the audit log generation code harder to maintain,
but the logger function itself now is no longer pepper
with binary branches.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
dd79bea0b4 Additional updates for JSON logging 
* Write Stopwatch2 values into a separate map
* Remove legacy Stopwatch
* Proper sanitization of request/response headers
* Lazily open maps for keys that may not have content
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7b2ca1617e first pass at JSON logging implementation 2016-01-29 11:59:52 -03:00
Felipe Zimmerle
0db247f0e9 Replicates CREATEMODE patch to the secondary auditlog file 
At patch 45805be, @littlecho changed the behaviour to set the audit log
index/serial file permission. Before, it was using the default permission now
it is respecting the permission configured via SecAuditLogFileMode. This patch
replicates @littlecho's work to the secundary auditlog file.
 2016-01-26 09:20:25 -03:00