github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,564 Commits 55 Branches 109 Tags
Commit Graph

179 Commits

Author SHA1 Message Date
brenosilva
69551d2d09 Add Google safe browsing lookup 2011-03-15 20:49:10 +00:00
brenosilva
d0c2a5d34c Add verifyCPF 2011-03-03 16:29:36 +00:00
brenosilva
98e6a1c28c Cleanup ipmatch function 2011-03-02 18:56:33 +00:00
brenosilva
7f838acdf9 Ipmatch now is not supported under windows 2011-02-25 19:46:31 +00:00
brenosilva
3f1d911837 Make ipv6 portable 2011-02-25 14:08:10 +00:00
brenosilva
8b907225e5 Make ipv6 portable 2011-02-24 18:41:48 +00:00
brenosilva
025ca49cc3 Change ipmatch to ipMatch 2011-02-18 15:00:51 +00:00
brenosilva
f536ba11a7 Ipmatch mistake 2011-02-17 18:34:46 +00:00
brenosilva
d4d97505da Under CentOS inet_pton return invalid address for valid ip6, remove the return code for now 2011-02-17 18:26:55 +00:00
brenosilva
cd31e80b8c Cleanup ipmatch 2011-02-17 17:44:48 +00:00
brenosilva
882e537c92 MODSEC-140 2011-02-17 16:52:45 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
56fc2ea714 MODSEC-148 fix issues 2010-12-22 13:57:44 +00:00
brenosilva
c8033a59fd MODSEC-148 2010-12-21 13:54:02 +00:00
brenosilva
52c33e7c5a MODEC-105 2010-12-14 21:39:45 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
aa3b20eccb Optimise the unsetting of the previous data capture variables 2009-12-07 18:08:41 +00:00
ivanr
23c3237d1c Added missing log level checks before logging. 2009-12-07 17:27:39 +00:00
b1v1r
9d26b16e23 Merge 2.5.x changes into trunk. 2009-05-16 07:54:17 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
c5e258f0ba Added additional check for XML well formed. 2008-09-10 18:32:24 +00:00
brectanus
f20059b009 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. 2008-09-03 22:16:42 +00:00
brectanus
5298e29540 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
aef091a849 Reverted r950 which moved the periods from the message to after the "[offset ...]" tag. This tag was intended to be interpreted as metadata. 
Enhanced the documentation from r951 to reflect "[offset ...]" as metadata and not the message.
 2008-02-15 23:05:30 +00:00
ivanr
258ef32adb Minor changes to operator messages. 2008-02-14 15:40:38 +00:00
brectanus
cc2110b187 Updates to build on Windows with MS VC++ 8. 2008-02-13 07:10:54 +00:00
brectanus
8e43107827 Add target name to validateUrlEncoding message. 2008-02-08 01:17:46 +00:00
brectanus
16b2821d51 Update string match text for @within to not include the target test. 
Make sure the empty string always matches (it does in @rx and @m so it should in other string operators).
 2008-02-08 00:04:09 +00:00
brectanus
827a5831e2 A pattern of "" (empty string) should always match. 2008-02-07 23:21:31 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
246ed9cbc5 Make sure a zero-length CC# does not verify. 2007-12-20 19:19:34 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
brectanus
4e7c243c39 Make libxml2 *required*. 2007-12-19 18:13:41 +00:00
brectanus
5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). 2007-12-19 00:26:19 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00