ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00

Author	SHA1	Message	Date
brectanus	32905f9d46	Add ability to compile without API support (-DNO_MODSEC_API). See #198 .	2007-08-10 00:46:04 +00:00
brectanus	8f6385f784	Added logdata action (still needs byte limit). See #40 .	2007-08-10 00:22:15 +00:00
ivanr	765dfd0274	Fixed typo.	2007-08-09 15:30:47 +00:00
brectanus	9cfdd8f0d2	Rename TX_SEVERITY to HIGHEST_SEVERITY, fix and document.	2007-08-09 14:32:02 +00:00
ivanr	c520886e10	Detect and prevent multipart evasion.	2007-08-09 10:50:53 +00:00
ivanr	cb0cb93752	Sorted variables in the registration code.	2007-08-09 10:17:42 +00:00
brectanus	648037fdb5	Added TX_SEVERITY variable. See #60 .	2007-08-08 22:11:02 +00:00
brectanus	f41c27a28c	Added ARGS_GET, ARGS_POST, ARGS_GET_NAME, ARGS_POST_NAMES variables. See #136 .	2007-08-08 20:49:51 +00:00
brectanus	fe8c564ed0	Added MODSEC_BUILD variable. See #38 .	2007-08-08 18:25:03 +00:00
brectanus	2ec596e83a	Fix error message in validateByteRange to include the target variable name. See #157 .	2007-08-08 15:16:26 +00:00
brectanus	5a6ce01429	Added logging of target variable expansion. See #62 .	2007-08-08 14:48:49 +00:00
brectanus	820ba5f1d2	Add debug message when not buffering response body due to MIME type not configured. See trac #63 .	2007-08-06 20:51:21 +00:00
ivanr	892938dee4	Enhanced multipart parsing to support quotted boundaries and LF line terminators (RFC demands CRLF but some applications use only LF).	2007-08-06 14:55:18 +00:00
brectanus	9695f2b816	Improvements in transformation cache (add options, document). Update CHANGES.	2007-08-03 20:25:30 +00:00
brectanus	72832c1b32	Working on cache enhancements. See trac #14 .	2007-08-02 20:25:06 +00:00
brectanus	3e5e2a06b7	Stricter validation for @validateUtf8Encoding. Capture the match in TX:0 when using "capture" action w/@pm operators.	2007-07-31 19:04:07 +00:00
ivanr	bafe8ad773	Remove old comment.	2007-07-27 13:31:31 +00:00
brectanus	8b9d914ed0	Merge in code fixes to create msr context on request failure.	2007-07-23 22:14:09 +00:00
brectanus	4d03b029f1	Remove the error message on a failed request so we can handle it in a pater phase.	2007-07-19 14:45:43 +00:00
brectanus	e251a9bd57	Add back code to send an alert on request failure.	2007-07-19 13:33:46 +00:00
brectanus	7fbf664ec8	Added cygwin to list of compilers that do not support hidden visibility attribute.	2007-07-02 14:49:56 +00:00
brectanus	19887f9cc6	Added @within string comparison operator with support for macro expansion. See #134 .	2007-06-21 02:21:06 +00:00
brectanus	b58efb3466	Update CHANGES. Reversion from 2.2. to 2.5. Update @pmFromFile to base relative filenames off of rule file path.	2007-06-20 19:58:01 +00:00
ivanr	8de8e44e09	Removed RESPONSE_CONTENT_ENCODING, which never worked as intended.	2007-06-20 11:10:47 +00:00
brectanus	efe52d4e77	Initialize rules tmp pool properly. Update to latest core rules.	2007-06-14 18:48:35 +00:00
brectanus	6569c444d8	Make rules/README UNIX style EOL. Merge another branch/2.1.x change.	2007-06-14 16:42:04 +00:00
brectanus	d55e023bf7	Revert msr_log as macro (still work-in-progress)	2007-06-14 16:13:53 +00:00
brectanus	81d0f84ad3	Update copyright text to Breach Security, Inc. Merge in changes from branches/2.1.x	2007-06-14 16:05:45 +00:00
ivanr	74738b29b0	Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases).	2007-06-14 15:26:08 +00:00
ivanr	8b843127ba	Revert incorrect change to GET/HEAD detection code. This will teach me to always compile before I commit.	2007-06-14 14:59:48 +00:00
ivanr	c7f5dc3355	Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented.	2007-06-14 14:54:23 +00:00
ivanr	eec279c8d9	Cleanup code.	2007-06-14 14:43:35 +00:00
brectanus	6350e2badc	Do not log alert message for subrequests. See #124 . Cleanup CHANGES.	2007-06-11 21:28:03 +00:00
brectanus	23bd6b4331	Do not pause if we are not the main request. See #124 .	2007-06-11 21:20:07 +00:00
brectanus	46d7a5ec6f	Move transformation cache rec def re.h from modsecurity.h	2007-06-11 21:15:14 +00:00
brectanus	dd6755985c	Move the transformation cache recort into re.h. See #14 .	2007-06-05 18:20:44 +00:00
brectanus	11456dd87a	Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16 .	2007-06-04 20:16:48 +00:00
brectanus	e5c00d156a	Added rule file/line to audit log messages. See #49 .	2007-06-01 15:32:08 +00:00
brectanus	f1607d007b	Cleanup message output. See #16 .	2007-06-01 15:21:04 +00:00
brectanus	86f648d267	Remove extraneous debug log message.	2007-06-01 13:04:13 +00:00
brectanus	84c0ca303e	Fixed patch for subrequests to be more complete. See #124 .	2007-05-31 15:42:42 +00:00
brectanus	e887faac2b	Add @pm/@pmfile operators (parallel patch). See #16 .	2007-05-30 22:02:35 +00:00
brectanus	db04c64420	Cleanup	2007-05-30 16:10:17 +00:00
brectanus	af6160b9c4	Fixed problem with subrequests not being intercepted. See #124 .	2007-05-30 14:14:00 +00:00
brectanus	c594c205c3	Fix new string operators to all resolve macros. Rename startsWith operator in code to match docs. See #54.	2007-05-29 14:58:05 +00:00
brectanus	6cc0173cfa	Add caching for transformations. See #14 .	2007-05-25 21:14:59 +00:00
brectanus	61238ca22f	Argh! That last one was not meant to be checked in - reverting 281.	2007-05-25 21:01:11 +00:00
brectanus	e11ff85421	Fixed log_escape_raw when length was <= 0	2007-05-25 20:56:03 +00:00
brectanus	220abd3444	Quiet uninitialized warning.	2007-05-24 21:56:34 +00:00
brectanus	a1a0c24b88	Do not compile on Solaris with visibility attributes.	2007-05-23 16:04:25 +00:00

... 3 4 5 6 7

303 Commits