ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00

Author	SHA1	Message	Date
Felipe Zimmerle	934a9fcc02	Verify if chunk exists before access it	2017-10-05 13:28:28 +00:00
Guido Ravagli	b8636a70d1	added "empy chunk" check	2017-10-05 13:24:59 +00:00
Felipe Zimmerle	9c51671b74	Adds information about #1488	2017-10-05 03:25:46 +00:00
Victor Hora	9b90d86f75	Add capture action to @detectXSS operator	2017-10-05 03:24:23 +00:00
Felipe Zimmerle	185ec6f72e	Adds information about #1486	2017-10-04 21:24:36 +00:00
Victor Hora	bbe7f8c389	Proposed fix for wildcard op when loading conf files on Nginx / IIS	2017-10-04 21:23:49 +00:00
Felipe Zimmerle	b3c39136c1	Adds info about 94fe3 on our changelogs	2017-10-04 19:36:43 +00:00
Felipe Zimmerle	c917df0f2a	Set of fixes to make the build/win to work in our buildbots	2017-10-04 13:48:45 +00:00
Felipe Zimmerle	5731b76918	Adds information about #1510	2017-09-29 18:35:45 +00:00
Marc Stern	89764f12b0	Fixed typos: LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH $log_server_context instead of $log_server_context	2017-09-29 18:34:30 +00:00
Felipe Zimmerle	2ab08a625e	Adds information about #1454	2017-09-29 14:00:38 +00:00
David Carlier	7ead7f4d23	Few missing headers, in the <arpa/inet.h> inclusions ones mainly due to the fact APR_HAVE* constants are simply into apr.h	2017-09-29 14:00:32 +00:00
Felipe Zimmerle	b878ece6c6	Version 2.9.2 Increasing version to 2.9.2 (final) v2.9.2	2017-07-18 09:59:59 -07:00
Victor Hora	1e8b4669eb	Refactoring of IIS build scripts	2017-07-17 23:34:04 -03:00
Felipe Zimmerle	61bce8d9a9	Cosmetics: moving declaration to the too of the block	2017-07-14 13:47:30 -03:00
Felipe Zimmerle	9f92321afb	Fix test case to match new version of curl. Error message was changed	2017-07-14 10:37:58 -03:00
Felipe Zimmerle	cb6dc9ea27	Updates CHANGES to mention commit: fbd57	2017-06-23 16:18:54 -03:00
Allan Boll	04e4a6f9b8	Initialize msre_var pointers	2017-06-23 16:16:23 -03:00
Felipe Zimmerle	13b32aacdf	Updates CHANGES to mention commit: 551314	2017-06-01 08:49:34 -03:00
Andrei Belov	5335587b95	Obtain port from r->connection->local_sockaddr. This eliminates segfaults caused by unset (NULL) r->port_start and non-NULL r->port_end. In fact, r->port_start is always NULL, so it is useless to rely on this pointer.	2017-06-01 08:48:37 -03:00
Felipe Zimmerle	9c0229ce1f	Updates libinjection to v3.10.0	2017-05-31 21:06:33 -03:00
Felipe Zimmerle	53571a860d	Updates libinjection. This is not yet their v3.10.0. But I belive it is close to be. See #124 at client9/libinjection for further information.	2017-05-30 10:48:11 -03:00
Felipe Zimmerle	e5dbe59336	Adds info about pull request #1432	2017-05-30 08:14:44 -03:00
Victor Hora	1684400eee	Fixes issue #1432 by not logging normal behavior to error.log and using APLOG_DEBUG instead	2017-05-30 08:13:11 -03:00
Felipe Zimmerle	624bd2bf82	Adds info about pull request #1071	2017-05-22 18:59:20 -03:00
Hideaki Hayashi	6473cf626d	Make url path absolute for SecHashEngine only when it is relative in the first place. Fix #752	2017-05-22 18:56:37 -03:00
Felipe Zimmerle	6f49bad748	Fix the hex digit size for SHA1 on msc_crypt implementation Fix #1354	2017-05-22 18:48:20 -03:00
Felipe Zimmerle	a249574692	Avoids to flush xml buffer while assembling the injected html Fix #742	2017-05-22 18:44:22 -03:00
Daniel Stelter-Gliese	72f632e9b6	Avoid additional operator invokation if last transform of a multimatch doesn't modify the input Fixes #1086	2017-05-22 15:13:54 -03:00
Felipe Zimmerle	9ac9ff8223	Adds a sanity check before use ctl:ruleRemoveTargetByTag This commit closes the issue #1353	2017-05-22 09:23:58 -03:00
Felipe Zimmerle	112ba45e7a	Makes global mutex for collections optional	2017-05-21 08:53:11 -03:00
Mladen Turk	c6f6dffed2	Move locking before table update	2017-05-19 17:16:08 -03:00
Mladen Turk	84d2f30cc8	Use global mutex instead sdbm file lock to fix issues with threaded mpm's	2017-05-19 17:16:08 -03:00
Felipe Zimmerle	2de5175b9c	Fix collection naming problem As reported on #1274 we had a problem while merging the collections. Turns out that the collection name was wrong while passing the information to setvar.	2017-05-19 10:29:30 -03:00
Victor Hora	63462668a9	Refactoring on the doxygen generation	2017-05-16 16:27:46 -03:00
Felipe Zimmerle	a5bbb8345f	Fix compilation for 2.2.x and standalone after #1289	2017-05-11 09:14:49 -03:00
Felipe Zimmerle	4b5a6350af	Adds info about pull request #1289	2017-05-08 21:21:08 -03:00
Robert Bost	4f55b5d1a7	Change from using rand() to thread-safe ap_random_pick.	2017-05-08 21:19:23 -03:00
Felipe Zimmerle	cd4218bd40	Adds info about pull request #1279	2017-05-08 21:09:51 -03:00
Coty Sutherland	10fb76ff16	Adding comments around odd looking code to prevent future scrutiny	2017-05-08 21:07:14 -03:00
Felipe Zimmerle	d6bd0badc5	Cosmetics: fix #1400 indentation and help message	2017-05-08 16:01:37 -03:00
Marc Stern	70322304f2	{dis\|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log.	2017-05-08 15:36:58 -03:00
Felipe Zimmerle	da995bb636	Adds sb_handle structure to specific versions of apache Fix issue #1407	2017-05-05 23:06:43 -03:00
Felipe Zimmerle	aa1a56f23f	Adds information about pull request #1308	2017-05-04 23:51:27 -03:00
Felipe Zimmerle	9b3c32bb54	Makes #1308 compatible to older versions of Apache	2017-05-04 23:23:31 -03:00
Barry Pollard	019edfa1a9	This is a fix for #992 to allow drop to work with mod_http2	2017-05-04 22:19:57 -03:00
Felipe Zimmerle	b6293988fe	Adds ap_log_cerror_ to the standalone implementation	2017-05-04 13:30:47 -03:00
Felipe Zimmerle	7bdb79a1a2	Adds information about pull request #1340	2017-05-04 10:29:51 -03:00
Sander Hoentjen	0f59d4e044	query MPM after all config is loaded (fixes #786 )	2017-05-04 10:09:07 -03:00
Sander Hoentjen	a2eb4c8b04	Don't update the scoreboard ourself (fixes #1337 ) This is unsafe, and messes up the scoreboard on Apache >= 2.4.25 with Event MPM	2017-05-04 10:09:07 -03:00

... 6 7 8 9 10 ...

2091 Commits