github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
553 Commits 55 Branches 109 Tags
d8be1959892f281a74c9edb94c5b0d235cc645a3
Commit Graph

410 Commits

Author SHA1 Message Date
brectanus
d8be195989 Revert r1205 as it was fixed in mod_jk upstream. 2008-09-17 16:54:31 +00:00
brectanus
f173301b39 Worked around mod_jk issue where a 401 response was not including the WWW-Authentication header (MODSEC-16). 2008-09-15 19:51:06 +00:00
brectanus
7b5d35c462 Added ability to use ctl:requestBodyAccess=off in phase:1 to avoid limit check. 
Added regression tests for this as well.
 2008-09-10 19:45:13 +00:00
brectanus
a8933475b7 Added additional check for XML well formed. 2008-09-10 18:32:24 +00:00
brectanus
a920630d1c Added a comment. 2008-09-10 17:39:18 +00:00
brectanus
d257fd7910 Change from ctl:requestBodyBuffering to ctl:forceRequestBodyVariable. 2008-09-10 17:11:20 +00:00
ivanr
d6cbd4d973 Tidy up. 2008-09-10 14:15:37 +00:00
ivanr
29948745e9 Document css_inplace_decode(). 2008-09-10 12:44:41 +00:00
ivanr
c469947b43 Tidy up. 2008-09-10 11:34:16 +00:00
brectanus
28bda503a3 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. 2008-09-03 22:16:42 +00:00
brectanus
d33d6132c3 Remove declaration of an unused variable. 2008-09-03 21:20:06 +00:00
brectanus
f2f160e10c Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
brectanus
866a809129 Fixed MODSEC-2 by using the msr->hostname (ap_get_server_name(r)) vs r->hostname in the log. 2008-09-02 23:43:15 +00:00
brectanus
c47c3583e0 Added mlogc source. 2008-09-02 23:10:36 +00:00
ivanr
ecd1750cce Tidy up the code for the performance-measurement mode. Remove the per-phase measurements, which don't seem to work (at least not in my case). 2008-09-01 09:36:31 +00:00
ivanr
3dd0185d3c From trunk: make PERFORMANCE_MEASUREMENT more accurate. 2008-08-29 16:14:17 +00:00
brectanus
ca0d625bef Update configure to better find lua libs. 2008-08-18 16:00:29 +00:00
brectanus
15b043e1c2 Update a regression test due to changed error message. 2008-08-15 21:04:12 +00:00
brectanus
383f4aa2f8 Update test stup with new msr_log_* wrappers. 2008-08-15 20:45:28 +00:00
brectanus
efba0e87a4 Backport cssDecode part 2. See #512. 2008-08-15 20:44:36 +00:00
brectanus
e26d44a6bd Allow disabling processing of request body size limit in phase 1. See #518. 2008-08-15 20:21:25 +00:00
brectanus
aa948b6639 Backport t:cssDecode to 2.5. 2008-08-15 20:14:16 +00:00
brectanus
abbde8f1e7 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
77aa445d27 Add parity transformations. See #516. 2008-08-14 23:49:39 +00:00
brectanus
e3ddb2403b Updated regression suite to use full path to LoadModule. 2008-08-08 22:50:47 +00:00
brectanus
492ffd9897 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
bab6fdba35 Prepare 2.5.x branch for next release. 2008-07-31 20:30:03 +00:00
brectanus
eadc2832fe Cleanup regression suite to make it a bit more user-friendly. 2008-07-31 16:59:37 +00:00
brectanus
4e6aaeb864 Added configure for convieniance of those w/o auto tools. 2008-07-31 15:07:36 +00:00
ivanr
3f26e3d384 Tidy up. 2008-07-31 10:09:35 +00:00
ivanr
7edd9cc7f7 Update licensing headers in all source code files. 2008-07-31 09:30:59 +00:00
brectanus
c066e8b3c4 Fixed VAR_CACHE/VAR_DONT_CACHE values with reasons for DONT. 
Added a DEBUG_MEM define to disable optimization and for future enhcement.
Prevented "counting" vars from being cached.
Prevented vars from being cached unless they are marked "available" in phase.
Now use var->value as the cache hash key as a unique value.
Fixed which pools we are using for rule processing.
Updated regression tests for tfns.
Updated regression test script to handle extra APR_POOL_DEBUG output.
See #364.
 2008-07-30 22:35:52 +00:00
brectanus
507f17e75f Update licensing. 2008-07-29 15:38:32 +00:00
ivanr
4332d5f19f Execute msr_log only if the debug log level is higher or equal to that of the log message. 2008-07-29 15:19:07 +00:00
brectanus
40b6cd3ebe Cleanup. See #364. 2008-07-29 05:47:14 +00:00
brectanus
dde8e6c6a0 Typo. 2008-07-29 04:52:58 +00:00
brectanus
dc043e82f2 Update versions for the 2.5.6 release. 2008-07-29 04:46:45 +00:00
brectanus
6ebc5ad6e7 Transformation caching fixes. See #364. 2008-07-29 00:18:16 +00:00
brectanus
ade22567bf Backport regression suite to 2.5. 2008-07-25 23:15:08 +00:00
brectanus
cf88454f13 Fixed warning for mixed CRLF/LF lines and LF lines in changeset:1070. See #504. 2008-06-05 18:03:20 +00:00
brectanus
0606b84efa Remove an extraneous debug statement and update version date. 2008-06-05 17:29:29 +00:00
brectanus
cc4ff45ffa Fix a minor typo in a comment. 2008-06-05 17:01:42 +00:00
brectanus
e1342ff011 Backport trunk changes for changeset:1072 and changeset:1073 to 2.5, but leave out the error filter code until more testing is completed. See #498. 2008-06-05 16:55:53 +00:00
ivanr
f417680065 Minor code cleanup. 2008-06-05 14:00:28 +00:00
ivanr
8cd12fb673 Log strict multipart errors at level 4. 2008-06-05 13:52:30 +00:00
brectanus
896ae59e1f Re-enable error output filter with a fix after more testing/tracing of code. See #498. 
Update versions to ready for release of 2.5.5.
 2008-06-03 20:28:05 +00:00
brectanus
22f1c61f1d Fixed issue where logging was not occuring unless "auditlog" was enabled. See #497, #4, #451 and #445. 2008-06-02 23:34:31 +00:00
brectanus
a9fca34107 Enable "auditlog" action by default. See #445 and #451. 2008-06-02 23:31:27 +00:00
brectanus
0389a88b6a Backport fix to improve request body processing error messages. See #504. 2008-05-30 20:16:34 +00:00
brectanus
3632dae024 Backported changeset:1056 to 2.5.x which handles a lacking new line after the final multipart boundary. See #502. 2008-05-30 20:07:47 +00:00