github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,777 Commits 55 Branches 109 Tags
Commit Graph

89 Commits

Author SHA1 Message Date
Allan Boll
2ae357be88
Let body parsers observe SecRequestBodyNoFilesLimit 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
 2018-09-05 16:08:21 -03:00
Felipe Zimmerle
6406e2108d
Makes `large stream optimization' optional 2017-10-06 16:43:45 +00:00
Allan Boll
7fff8938ba
Check return value of modsecurity_request_body_store 2017-10-05 17:20:41 +00:00
Allan Boll
afae690655
Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream. 2017-10-05 17:20:40 +00:00
Felipe Zimmerle
934a9fcc02
Verify if chunk exists before access it 2017-10-05 13:28:28 +00:00
Guido Ravagli
b8636a70d1
added "empy chunk" check 2017-10-05 13:24:59 +00:00
root
f9c253952c This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE. 2016-03-16 10:35:22 -03:00
Chaim Sanders
d434a6c043 Fixing missing return value check for hashing response injection failure 2016-01-25 14:54:56 -03:00
Justin Gerace
3f9e2ccc7c Stop buffering when the request is larger than SecRequestBodyLimit and in ProcessPartial mode 2016-01-25 10:37:40 -03:00
Breno Silva
0fc4142a31 Change strncpy to memcpy 2013-07-05 02:45:05 -07:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
451041cd8c Change names of HMAC feature to HASH 2012-10-30 18:19:11 -04:00
Breno Silva
53d422e9de Change names of HMAC feature to HASH 2012-10-30 18:02:22 -04:00
brenosilva
bdcecf50fa MODSEC-328 2012-08-09 17:20:21 +00:00
brenosilva
866cb6d6b4 Update trunk for 2.7 2012-05-10 23:18:39 +00:00
brenosilva
f92f8219d4 fix stream vars memory leak 2011-12-05 17:01:51 +00:00
brenosilva
de02ea5e4f Add new unicode map settings and fix requet body truncate bug 2011-06-30 13:22:39 +00:00
brenosilva
b2a486e4bd Only reinject stream if data is changed by rsub 2011-06-15 17:33:14 +00:00
brenosilva
ad168c801d Only reinject stream if data is changed by rsub 2011-06-15 14:38:42 +00:00
brenosilva
c78903e988 Fix problem when buffering in input filter 2011-05-04 21:12:48 +00:00
brenosilva
241f222a18 Wrong lenght information in input filter when forward stream variable 2011-05-04 18:59:01 +00:00
brenosilva
1bfbe0c14a Fix issue counting requet body len 2011-05-04 16:49:11 +00:00
brenosilva
21c81331c6 Uncomment input stream 2011-05-04 15:06:09 +00:00
brenosilva
0cc30904b9 Fix issue in input stream 2011-04-28 16:32:41 +00:00
brenosilva
1aa4cace65 Fix compiler warnings 2011-04-27 21:54:16 +00:00
brenosilva
9ca34a3224 Change apr_cpystr to strncpy 2011-04-11 14:56:05 +00:00
brenosilva
6047658d07 Cleaning stream out buf 2011-04-11 14:44:29 +00:00
brenosilva
d98231e114 Cleaning stream out buf 2011-04-11 13:28:05 +00:00
brenosilva
3b4c46f27b Improvements in detection only 2011-04-05 21:16:58 +00:00
brenosilva
9c5e0a4f98 Improvements in detection only 2011-04-05 17:41:52 +00:00
brenosilva
b8828ad3f1 Improvements in detection only 2011-04-05 17:22:02 +00:00
brenosilva
cb3353f13d Improvements in detection only 2011-04-05 00:18:37 +00:00
brenosilva
50205ebf62 Improvements in detection only 2011-04-04 21:02:13 +00:00
brenosilva
0d32c17c30 Memory pool fixes and code cleanup 2011-04-03 03:57:02 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
a2f01d31a4 Experimental reallocation memory for rsub 2011-03-26 14:53:04 +00:00
brenosilva
3c5eae03bd fix free function because of double free 2011-03-25 23:58:26 +00:00
brenosilva
117cc13525 revert free operation 2011-03-25 23:54:25 +00:00
brenosilva
c0a097304e Remove free function because of double free 2011-03-25 23:50:57 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
69551d2d09 Add Google safe browsing lookup 2011-03-15 20:49:10 +00:00
brenosilva
caa6d89f85 revert MODSEC-171 2011-03-14 13:11:46 +00:00
brenosilva
fa8c45e7cb MODSEC-171 2011-03-11 17:24:44 +00:00
brenosilva
74666fe2ca MODSEC-181 2011-03-02 17:41:36 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
5040c5568f MODSEC-70 change loglevel to 3 2011-01-06 14:44:00 +00:00
brenosilva
1260d2b097 MODSEC-104 2010-12-23 12:27:57 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
ivanr
98982e2962 Added the SecDisableBackendCompression directive 2010-03-19 20:00:59 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00