github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,701 Commits 55 Branches 109 Tags
ecd34cf936267468fbcb101e04cc220f3b9eae39
Commit Graph

3701 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
f5b47a8077 Duplicates the url variable in the disruptive action 
The log message needs to be freed by the consumer. Doing the same with
the url to keep the API consistent.
 2017-06-19 18:32:17 -03:00
Felipe Zimmerle
c3a0d8d9bb Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
3ebc2d61fb Enables random number generation 2017-06-16 23:20:28 -03:00
Felipe Zimmerle
4726912ec8 Audit Log: Adds space after response size 
Reported at #1452
 2017-06-16 22:55:15 -03:00
Felipe Zimmerle
20134ef242 Fix examples/using_bodies_in_chunks compilation 2017-06-10 20:40:12 -03:00
Felipe Zimmerle
e1f52a1cf2 Adds using bodies in chunks example 2017-06-10 09:28:22 -03:00
Felipe Zimmerle
9cb3f23b50 Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
616a95bfe0 Adds -lpthread to the reading_logs_via_rule_message example 2017-06-07 14:22:33 -03:00
Felipe Zimmerle
e795253ecf Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
2a5085255e Using multiple threads in reading logs via rule message example 2017-06-03 16:40:47 -03:00
Felipe Zimmerle
8fbb9e8128 Using pthreads to avoid concurrent access to the collection 2017-06-03 16:07:35 -03:00
Victor Hora
37868d1534 Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
a90b2a3ff7 Code cosmetics: init a vector. 2017-05-28 22:27:10 -03:00
Felipe Zimmerle
e1d3abc8e7 Removes memory leak on the counter variable modificator 2017-05-28 22:10:30 -03:00
Felipe Zimmerle
c49688fd7d Verify if a certain resource exists before do any other sanity check 2017-05-28 22:10:15 -03:00
Felipe Zimmerle
6143eb99e3 Removes LMDB from the default configuration options 2017-05-10 12:50:38 -03:00
Felipe Zimmerle
37619bae77 Removes local cache for transformations 2017-05-10 09:29:08 -03:00
Felipe Zimmerle
0e05b7bb8a Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
77a658c7cd Updates libinjection version 2017-04-27 18:35:01 -03:00
Felipe Zimmerle
6421ff087a Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Michael Simpson
7e59250068 Fix JSON parsing error message 2017-04-24 16:37:35 -03:00
Chaim Sanders
b58f713fe9 add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:49:45 -03:00
Felipe Zimmerle
e2bbe9858f XML Parser: removes unnecessary message from debug logs 
Fix #44
 2017-04-05 09:40:05 -03:00
Felipe Zimmerle
ba070c9eaa Speeds up utils::string::toupper function 2017-03-31 14:35:26 -03:00
Felipe Zimmerle
b3c8e97ff7 Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
c7053e572f Postponing the decision to whenever save or not a log message to the last rule 
Whenever there is a chained rule, the decision of saving a message on the
webserver's log will be taken after the execution of all actions on the chain,
including the default actions.
 2017-03-29 14:51:32 -03:00
Felipe Zimmerle
4d03ef512e Fix TX dictionary element name on logs 
Before this patch the element name was not being shown.
 2017-03-29 14:49:57 -03:00
Felipe Zimmerle
5f60bb5224 Yet another fix on the debuglogs merge 2017-03-28 18:11:31 -03:00
Felipe Zimmerle
cf4deaa3a0 Using uint64_t instead of u_int64_t 2017-03-28 12:55:40 -03:00
Felipe Zimmerle
d15b57895b Fix the Multipart parser error for unknown content type 2017-03-28 09:38:10 -03:00
Felipe Zimmerle
80cfca6fa3 Fix the debug log level merge function 2017-03-27 14:09:42 -03:00
Felipe Zimmerle
2a54bf23e5 Fix the debug log merge function 2017-03-27 11:30:26 -03:00
Felipe Zimmerle
eb12b15146 Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
dbcf5a7198 API CHANGE: Rules::merge signature was change to includes error msg 2017-03-23 09:52:39 -03:00
Felipe Zimmerle
5e59d19121 Improves macro expansion speed and variable set attribution 2017-03-23 08:53:51 -03:00
Felipe Zimmerle
f17da09fc0 Avoids call `toupper' twice while resolving a variable 2017-03-23 08:53:51 -03:00
Andrei Belov
85f98c8a66 Fix "make dist" after recent changes to parser 
In particular, it is now possible to either build ModSecurity
with pre-generated parser, or use "--enable-parser-generation"
configure option to rebuild parser from sources.
 2017-03-09 18:18:00 -03:00
Felipe Zimmerle
c290c73f9b Updates travis' badge 2017-03-08 09:44:17 -03:00
Felipe Zimmerle
53485c7f74 Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e79712095b Minor fix in the decision on whenever the log callback should be called 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
9ea5b475b2 Fix missing initialization on rules-check utility 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
6d61bd6b57 Adds rules-check utility 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d2c5b31b17 Uses FILE instead of _IO_FILE 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2bd87d07d Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
c3cb23f47d Removes the ';' from the x-www-form-urlencoded body-processor comparison 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
d6363607aa Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
39761ce7b8 Discards the `charset' from the C-T while checking for body processors 
Issue #1330
 2017-03-06 15:02:03 -03:00