github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,566 Commits 55 Branches 109 Tags
Commit Graph

180 Commits

Author SHA1 Message Date
brenosilva
a13887065e Gsb matched urls set into tx variable 2011-03-16 14:48:56 +00:00
brenosilva
69551d2d09 Add Google safe browsing lookup 2011-03-15 20:49:10 +00:00
brenosilva
d0c2a5d34c Add verifyCPF 2011-03-03 16:29:36 +00:00
brenosilva
98e6a1c28c Cleanup ipmatch function 2011-03-02 18:56:33 +00:00
brenosilva
7f838acdf9 Ipmatch now is not supported under windows 2011-02-25 19:46:31 +00:00
brenosilva
3f1d911837 Make ipv6 portable 2011-02-25 14:08:10 +00:00
brenosilva
8b907225e5 Make ipv6 portable 2011-02-24 18:41:48 +00:00
brenosilva
025ca49cc3 Change ipmatch to ipMatch 2011-02-18 15:00:51 +00:00
brenosilva
f536ba11a7 Ipmatch mistake 2011-02-17 18:34:46 +00:00
brenosilva
d4d97505da Under CentOS inet_pton return invalid address for valid ip6, remove the return code for now 2011-02-17 18:26:55 +00:00
brenosilva
cd31e80b8c Cleanup ipmatch 2011-02-17 17:44:48 +00:00
brenosilva
882e537c92 MODSEC-140 2011-02-17 16:52:45 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
56fc2ea714 MODSEC-148 fix issues 2010-12-22 13:57:44 +00:00
brenosilva
c8033a59fd MODSEC-148 2010-12-21 13:54:02 +00:00
brenosilva
52c33e7c5a MODEC-105 2010-12-14 21:39:45 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
aa3b20eccb Optimise the unsetting of the previous data capture variables 2009-12-07 18:08:41 +00:00
ivanr
23c3237d1c Added missing log level checks before logging. 2009-12-07 17:27:39 +00:00
b1v1r
9d26b16e23 Merge 2.5.x changes into trunk. 2009-05-16 07:54:17 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
c5e258f0ba Added additional check for XML well formed. 2008-09-10 18:32:24 +00:00
brectanus
f20059b009 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. 2008-09-03 22:16:42 +00:00
brectanus
5298e29540 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
aef091a849 Reverted r950 which moved the periods from the message to after the "[offset ...]" tag. This tag was intended to be interpreted as metadata. 
Enhanced the documentation from r951 to reflect "[offset ...]" as metadata and not the message.
 2008-02-15 23:05:30 +00:00
ivanr
258ef32adb Minor changes to operator messages. 2008-02-14 15:40:38 +00:00
brectanus
cc2110b187 Updates to build on Windows with MS VC++ 8. 2008-02-13 07:10:54 +00:00
brectanus
8e43107827 Add target name to validateUrlEncoding message. 2008-02-08 01:17:46 +00:00
brectanus
16b2821d51 Update string match text for @within to not include the target test. 
Make sure the empty string always matches (it does in @rx and @m so it should in other string operators).
 2008-02-08 00:04:09 +00:00
brectanus
827a5831e2 A pattern of "" (empty string) should always match. 2008-02-07 23:21:31 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
246ed9cbc5 Make sure a zero-length CC# does not verify. 2007-12-20 19:19:34 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
brectanus
4e7c243c39 Make libxml2 *required*. 2007-12-19 18:13:41 +00:00
brectanus
5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). 2007-12-19 00:26:19 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00