github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,699 Commits 55 Branches 109 Tags
Commit Graph

1699 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
da995bb636
Adds sb_handle structure to specific versions of apache 
Fix issue #1407
 2017-05-05 23:06:43 -03:00
Felipe Zimmerle
aa1a56f23f
Adds information about pull request #1308 2017-05-04 23:51:27 -03:00
Felipe Zimmerle
9b3c32bb54
Makes #1308 compatible to older versions of Apache 2017-05-04 23:23:31 -03:00
Barry Pollard
019edfa1a9
This is a fix for #992 to allow drop to work with mod_http2 2017-05-04 22:19:57 -03:00
Felipe Zimmerle
b6293988fe
Adds ap_log_cerror_ to the standalone implementation 2017-05-04 13:30:47 -03:00
Felipe Zimmerle
7bdb79a1a2
Adds information about pull request #1340 2017-05-04 10:29:51 -03:00
Sander Hoentjen
0f59d4e044
query MPM after all config is loaded (fixes #786) 2017-05-04 10:09:07 -03:00
Sander Hoentjen
a2eb4c8b04
Don't update the scoreboard ourself (fixes #1337) 
This is unsafe, and messes up the scoreboard on Apache >= 2.4.25 with Event MPM
 2017-05-04 10:09:07 -03:00
Sander Hoentjen
53edb258bb
get correct worker_score in loop 2017-05-04 10:09:06 -03:00
Sander Hoentjen
8efece97f7
don't use sb_handle on apache 2.4 2017-05-04 10:09:06 -03:00
Sander Hoentjen
f813365f7e
Fix logging for Apache 2.4 2017-05-04 10:09:06 -03:00
Felipe Zimmerle
caadf97524
Cosmetics: Fix 0x0bdda1 indentation issues 2017-05-03 09:34:47 -03:00
Marc Stern
51f312736a
rule id is not logged in case rule has no msg 2017-05-03 09:20:32 -03:00
Marc Stern
7f647e85ad
Adds missing $log_handler in MODSEC_EXTRA_CFLAGS 2017-05-02 21:45:42 -03:00
Felipe Zimmerle
3e9e4b39cc
Cosmetics changes top of #1402 2017-05-02 17:14:06 -03:00
Marc Stern
7246998f09
Adds option to disable logging of stopwatches in audit log. 2017-05-02 17:11:58 -03:00
Felipe Zimmerle
41ae8db571
Fix configure help added in #1403 2017-05-02 11:11:47 -03:00
Marc Stern
d7383c39dd
Option to disable logging of dechunking 2017-05-02 11:09:42 -03:00
Felipe Zimmerle
a4724dfdab
Updates the libinjection 2017-04-28 14:56:06 -03:00
Felipe Zimmerle
2c07a17fa3
Fix help message on configuration option added by #1381 2017-04-26 16:47:48 -03:00
Marc Stern
7b86d8c51d
Extends a7731c by adding JSON support 2017-04-26 16:38:12 -03:00
Felipe Zimmerle
3de0dfc5fd
Cosmetics: fix #1381 indentation 2017-04-26 16:04:31 -03:00
Marc Stern
d1376c5525
Adds option to disable logging of Apache handler in audit log 2017-04-26 16:03:58 -03:00
Felipe Zimmerle
f44852b4e0
Fix the issue number on Marc's CHANGE log entry 2017-04-26 15:57:48 -03:00
Felipe Zimmerle
1a5ff4e371
Fix help message on configuration option added by #1380 2017-04-26 15:28:20 -03:00
Felipe Zimmerle
67908f45f4
Cosmetics: fix #1380 indentation 2017-04-26 15:28:13 -03:00
Marc Stern
d243818aff
{dis|en}able-collection-delete-problem-logging: Option to disable logging of collection delete problem in audit log when log level < 9 in audit log [Issue #576 - Marc Stern] 2017-04-26 15:27:57 -03:00
Felipe Zimmerle
53a8bb2e18
Adds information about pull request #1379 2017-04-11 11:12:14 -03:00
Felipe Zimmerle
45b7706f1f
Adds sanity check before print action message in the logs 
This is a sanity check on top of #1379
 2017-04-11 10:04:19 -03:00
Marc Stern
99eb07d944
Fix missing rule id in log See https://github.com/SpiderLabs/ModSecurity/issues/391 2017-04-10 12:28:38 -03:00
Marc Stern
9244cd9824
Option to disable logging of "Server" in audit log when log level < 9. [Issue #1070 - Marc Stern] 2017-04-10 12:13:55 -03:00
Marc Stern
c1c91e24cd
{dis|en}able-filename-logging: Option to disable logging of filename in audit log [Issue #1065 - Marc Stern] 2017-04-07 10:55:08 -03:00
Felipe Zimmerle
42c819d1b9
Adds information about pull request #1339 2017-04-06 13:21:32 -03:00
Robert Paprocki
96a1f55e16
Read fuzzy hash databases on init 
Instead of reading the fuzzy db on every invocation, read and store
the db contents during initialization and store the contents in memory.
The only significant behavior change here is that a change in db contents
now (obviously) requires a daemon restart, as no API is provided to
flush the list of ssdeep chunks.
 2017-04-06 13:20:24 -03:00
Robert Paprocki
fd49ca7138
Don't leak an fd on fuzzy hash initialization 
Since we're re-opening this file with every invocation, let's
close our sanity check fd.
 2017-04-06 13:20:24 -03:00
Felipe Zimmerle
6cce8a2764
Adds information about pull request #1374 2017-04-06 09:37:52 -03:00
Chaim Sanders
5e4e2af7a6
add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:34:54 -03:00
Felipe Zimmerle
eb798d8c55
Adds information about pull request #1373 2017-04-03 16:23:33 -03:00
Andrei Belov
1bb2ffcd6b
Fix building with nginx >= 1.11.11 
Closes SpiderLabs/ModSecurity#1359

See also:
http://hg.nginx.org/nginx/rev/e662cbf1b932
 2017-04-03 16:19:15 -03:00
Felipe Zimmerle
b6053df941
Adds information about pull request #1258 2016-12-01 15:14:39 -03:00
Master Yoda
792a351de6
As of 17 May 2016, the country name "Czechia" replaces this MemberState's former short name of Czech Republic (code 203) 2016-12-01 15:07:46 -03:00
Felipe Zimmerle
3e6f6e63bc
Adds information about pull request #1150 2016-11-21 11:02:13 -03:00
Felipe Zimmerle
3fce12a96c
Fix on the patch proposal #1150 
That is a fix on the top of #1150 without this fix the patch won't work
as expected.
 2016-11-21 10:58:43 -03:00
Marc Stern
7ff0e7e7b2
Added ALLOW_ID_NOT_UNIQUE compile flag to allow duplicate rule ids and no id 2016-11-21 09:58:40 -03:00
Felipe Zimmerle
bb577950bf
Adds information about pull request #1233 2016-10-20 09:44:25 -03:00
Robert Paprocki
a34f9eb785
Append a newline to concurrent JSON audit logs 2016-10-20 09:43:22 -03:00
Felipe Zimmerle
c95d93483b
Adds information about pull request #1223 2016-10-10 12:34:04 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
Felipe Zimmerle
8559dd3b8b
Adds information about pull request #1216 2016-10-06 13:30:25 -03:00
arminabf
fb3bbf37e8
revert error message assignment for older versions 
as errstr is only available since version > 2.2
 2016-10-06 13:28:37 -03:00