github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,246 Commits 55 Branches 109 Tags
Commit Graph

3246 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
8b6f0e72a7 Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. 2007-09-27 21:38:33 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
5022ddcadf Cleanup more subrequest code. 
Do not run with subrequests in phase 3-4.
Still need to look at phase 5 to see what I can cleanup there.
See #135.
 2007-09-26 21:46:06 +00:00
brectanus
86c9a9bf1f Cleanup CHANGES. 2007-09-26 21:39:45 +00:00
brectanus
9f898a0e0b Fixed comment. 2007-09-26 19:49:48 +00:00
brectanus
7c393c4874 Fixed the wrong status being displayed in the error page. See #3. 2007-09-26 19:47:06 +00:00
brectanus
72f8149338 Do not process subrequests in phase 2. See #135. 2007-09-26 18:03:08 +00:00
brectanus
426ce1aea7 Fixed deprecatevar. See #59. 2007-09-25 21:40:04 +00:00
ivanr
a1955d09e3 Add crude performance measurement. 2007-09-24 23:59:42 +00:00
ivanr
009c3b0fa1 Document SecResponseBodyLimitAction. 2007-09-21 23:37:56 +00:00
ivanr
9ed3cf9e5a Added support for partial response body processing. 2007-09-21 23:23:11 +00:00
ivanr
59333a6a81 Update CHANGES. 2007-09-21 22:15:12 +00:00
ivanr
79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. 2007-09-21 19:46:53 +00:00
ivanr
dfe09ff1b0 Fix content injection C++ style comments. 2007-09-21 19:36:57 +00:00
ivanr
2a707d4370 Enable our output filters to intercept bodies of error responses (#65). 2007-09-21 19:06:54 +00:00
brectanus
eb6b456f5b Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255. 2007-09-21 00:20:31 +00:00
brectanus
b217e42624 Merge in fix for ErrorDocument. 2007-09-17 17:10:38 +00:00
brectanus
ad940d1ff9 Partially corrected the filter error code. See #3. 2007-09-14 23:01:58 +00:00
brectanus
53011819d4 Cleanup some doc formatting. 
Prepare trunk for use as 2.5.0-devN tree.
 2007-09-14 21:41:34 +00:00
brectanus
c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). 2007-09-14 21:00:56 +00:00
brectanus
8a54517f0d Updated copyright dates in xsl files. See #253. 2007-09-12 19:04:54 +00:00
brectanus
1e603d8a3e Detect and use new API calls to get the server version/banner when available. 2007-09-11 18:01:28 +00:00
brectanus
8549546b5e Add a cast to unsigned char * to avoid warning. 2007-09-11 17:59:14 +00:00
ivanr
b95cc3b372 Updated the manuals (trunk and the 2.1.x branch) to cover the new multipart stuff. More detail is needed but there is not enough time for that today. Also added back the impedance mismatch stuff and the PHP peculiarities. 2007-09-07 17:03:26 +00:00
ivanr
ba85c17b01 Update minimal configuration template to use strict multipart parsing. 2007-09-07 16:24:31 +00:00
ivanr
fa2b97ddb4 Tidy code. Small bug fixes. 2007-09-07 16:01:28 +00:00
ivanr
0769f2378c More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. 2007-09-07 13:16:40 +00:00
brectanus
d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. 2007-08-22 20:12:41 +00:00
brectanus
70e8246ae4 Update CHANGES. 2007-08-21 23:47:06 +00:00
brectanus
9e08017b32 Force rpaf and similar modules before mod_security2. 2007-08-21 23:44:19 +00:00
ivanr
9301461b33 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). 2007-08-20 16:09:48 +00:00
ivanr
608f7f2b44 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. 2007-08-20 15:25:05 +00:00
ivanr
239fa00957 Fix silly errors, typos. 2007-08-17 16:01:24 +00:00
ivanr
baf6f59dff Multipart parsing improvements. 2007-08-17 15:47:33 +00:00
brectanus
e275162463 Quiet "warning: int format, pid_t arg" type warnings. 2007-08-13 17:49:37 +00:00
ivanr
28d44486e3 Fixed data corruption in the multipart parser. 2007-08-10 15:59:54 +00:00
ivanr
222f1f6f78 Cleanup. MULTIPART_STRICT_ERROR now returns 1 on parsing error too. 2007-08-10 15:04:42 +00:00
ivanr
323f9f81a0 Better discovery of partial quoting evasion. 2007-08-10 14:51:55 +00:00
ivanr
b1949b7ebc Another check for evasion through partial quoting of multipart boundary. 2007-08-10 14:40:22 +00:00
ivanr
d0ac05c3ea Add check for evasion using double quote inside multipart boundary. 2007-08-10 14:37:04 +00:00
ivanr
25fb1b2629 Moved XML request body processor error to debug level 1. 2007-08-10 14:25:44 +00:00
ivanr
5898e9e116 Fixed a potential segmentation fault, introduced with recent changes. 2007-08-10 14:24:13 +00:00
brectanus
7c856eef1f Fix typo and make clearer the intent by using defined(). See #198. 2007-08-10 13:44:55 +00:00
ivanr
716d0fd419 Added a check for nul bytes in multipart part headers. 2007-08-10 10:17:36 +00:00
ivanr
c85773b343 Added MULTIPART_UNMATCHED_BOUNDARY. Not very reliable, as it detects anything that looks like a boundary, which means any line that begins with -- but we don't think it's a boundary. 2007-08-10 09:59:57 +00:00
ivanr
70324713e4 Added checks to detect quoted boundary evasion (although we are not susceptable any more) and to detect duplicate final bounary. 2007-08-10 08:36:24 +00:00
brectanus
32905f9d46 Add ability to compile without API support (-DNO_MODSEC_API). See #198. 2007-08-10 00:46:04 +00:00
brectanus
f4389c9a55 Update docs and CHANGES for logdata action. 2007-08-10 00:44:20 +00:00