github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,825 Commits 55 Branches 109 Tags
Commit Graph

1825 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Lightsey
e419b50fe7
Store temporaries in the request pool for regexes compiled per-request. 
The code for testing regexes with embedded Apache variables
(rule->re_precomp == 1) during request processing was utilizing the global
engine pool for the storage of temporary values. This approach is not
threadsafe, retains the temporary variables longer than they are usable,
and causes corruption of the global pool's "cleanups" linked-lists when
Apache is configured with a threaded MPM.
 2021-01-14 14:23:39 -03:00
studersi
12cefbd70f Adds a sanity check before use ctl:ruleRemove(TargetById|TargetByMsg) 
This commit closes the issue #2033.
 2019-11-20 09:49:17 -03:00
Felipe Zimmerle
176276a931
Fix the order of error_msg validation 
Reported by @marcstern at #2128
 2019-07-10 14:52:46 -03:00
Felipe Zimmerle
28b4be670f
CHANGES: Adds info on: #2123, #2124 2019-06-26 13:03:35 -03:00
emphazer
f7e4d01b01
added missing Geo Countries 2019-06-26 13:02:25 -03:00
Felipe Zimmerle
ca8e2db5a7
CHANGES: Adds info on: 2092 2019-05-27 14:45:50 -03:00
Rainer Jung
32e185c2ca
When the input filter finishes, check whether we returned data during the last read and if not, delegate to the remaining filter chain. 
Without that, ProcessPartial for the request body breaks forwarding
of uploaded files using mod_proxy_ajp and mod_wl.

See issue #2091.
 2019-05-27 14:45:44 -03:00
Felipe Zimmerle
0d663616f7
CHANGES: Adds info on 2019-05-27 10:33:56 -03:00
Nao YONASHIRO
774ff40c96
fix: care non-null terminated chunk data 2019-05-27 10:29:01 -03:00
Felipe Zimmerle
52532a1bce Fix curl callback function 2018-12-15 00:08:31 -03:00
Felipe Zimmerle
c08d3edb13
CHANGES: Adds info on #1957 2018-12-10 16:55:48 -03:00
Martin.Blapp
b90fa2d063
Use tempfiles for apr_global_mutex_create() to fix segfaults with Apache 2.2. 
Call modsecurity_init() for the first invocation too.
 2018-12-10 16:24:48 -03:00
Felipe Zimmerle
f5dbaae4fb
CHANGES: Adds info on #1980 2018-12-10 15:41:28 -03:00
Ervin Hegedus
0dcbb8b087
Fix inet addr handling on 64 bit big endian systems 
Back port from v3. @zimmerle.
 2018-12-10 15:39:58 -03:00
Felipe Zimmerle
cb33bb4faa
CHANGES: After 2.9.3 2018-12-10 15:16:04 -03:00
Felipe Zimmerle
2c400951a5
Version 2.9.3 
Increasing version to 2.9.3
v2.9.3 		2018-12-04 14:50:34 -03:00
Victor Hora
cc97550b71 Enable optimization for large stream input by default on IIS 2018-12-04 11:44:40 -05:00
Felipe Zimmerle
780f9ddf0f Update issue templates 2018-11-30 10:27:18 -03:00
Allan Boll
f15976f68f
Allow 0 length JSON requests. 0 len XML and multipart already allowed. 2018-11-27 09:01:05 -03:00
Felipe Zimmerle
9b6d4b2bb9
CHANGES: Adds info about: #1576 and #1577 2018-11-26 10:48:49 -03:00
Felipe Zimmerle
25e5543c7f Allow empty arrays in JSON parser 
Issue #1576
 2018-11-26 10:40:46 -03:00
Allan Boll
7af8363fd4 Less strict multipart parsing 2018-11-21 12:47:56 -05:00
Victor Hora
b600669d02 Fix buffer size for utf8toUnicode transformation 2018-11-16 15:05:47 -03:00
Victor Hora
d8c711257b CHANGES: Adds info about: #1714 2018-11-12 19:54:18 -05:00
Victor Hora
1adea9f1e8
Merge pull request #1714 from p0pr0ck5/sanitize-json 2018-11-12 19:45:38 -05:00
Victor Hora
a21f97066b Fix modsecurity.conf for IIS update CHANGES file 2018-11-12 15:54:36 -05:00
Victor Hora
f35075b2a7 IIS: Update Wix installer to bundle a supported CRS version (3.0) 2018-11-12 15:45:47 -05:00
Victor Hora
63cbd91723 IIS: Update dependencies for Windows build 2018-11-11 15:33:29 -05:00
Victor Hora
b7e82aae0e CHANGES: Adds info about: #788 and #1299 2018-11-09 18:10:59 -05:00
Victor Hora
45337265f1 Set SecStreamInBodyInspection by default on IIS builds (#1299) 2018-11-09 18:06:56 -05:00
Victor Hora
22322ce355 Update modsecurity.conf file for IIS build 2018-11-09 17:57:31 -05:00
Victor Hora
9be0a407eb Add sanity check for a couple malloc() and make code more resilient 2018-11-04 22:04:34 -05:00
Victor Hora
b3fa87dc7c Fix NetBSD build by renaming the hmac function to avoid conflicts 2018-11-04 21:20:10 -05:00
Victor Hora
96e21b0f3e CHANGES: Adds info about: #1612 2018-11-04 13:06:37 -05:00
Allan Boll
e97799c9bc Windows build, fixed duplicate YAJL dir in script 2018-11-04 13:04:03 -05:00
Victor Hora
1843b79adb IIS: Make failed MSI installer messages more helpful 2018-11-02 19:01:36 -04:00
Victor Hora
49495f1925 CHANGES: Adds info about: #1917 2018-10-19 19:50:05 -04:00
Allan Boll
a55a9481b3 IIS: Remove body prebuffering again. Unneeded due to no lock on modsecProcessRequest. 2018-10-19 19:49:44 -04:00
Felipe Zimmerle
f93709b66c Update issue templates 2018-10-17 09:21:02 -03:00
Victor Hora
1a28de9cef
CHANGES: Adds info about: #712 2018-10-12 21:27:50 -04:00
Victor Hora
a3dc602128 ju5t patch to fix mpm-itk mod_ruid2 compatibility 2018-10-12 21:20:40 -04:00
Victor Hora
d50650ba4f CHANGES: adds info on #1556 2018-09-22 20:51:27 -04:00
Victor Hora
96756533ba Code cosmetics: Minor change to match commit 2a42cc 2018-09-22 20:40:30 -04:00
Victor Hora
aab128f810 Code cosmetics: checks if actionset is not null before use it 2018-09-22 20:21:23 -04:00
Daniel Muey
a677456078 Issue #1671: Only generate SecHashKey when SecHashEngine is On 2018-09-20 17:46:55 -04:00
Victor Hora
b9bf98f2c1 CHANGES: Adds info about: #1857 2018-09-20 16:43:08 -04:00
Yang Luo
e0a087b540 Update the dependencies in README for Windows based on refactory of 2.9.2 release. 2018-09-20 16:39:28 -04:00
Yang Luo
b76f961aae Reformat the README to Markdown 2018-09-20 16:37:45 -04:00
Felipe Zimmerle
a168669cb5
CHANGES: adds info on #1826 2018-09-06 10:09:12 -03:00
Allan Boll
51a9717601
IIS: no lock on ProcessRequest. No reload of config. (#24) 
IIS: no lock on ProcessRequest. No reload of config.
 2018-09-06 10:08:06 -03:00