75 Commits

Author	SHA1	Message	Date
Robert Bost	f1264bec86	Added SecCollectionGCFrequency option for configuring frequncy at which garbage collection runs for persistent collections	2017-05-21 17:44:01 -03:00
Felipe Zimmerle	112ba45e7a	Makes global mutex for collections optional	2017-05-21 08:53:11 -03:00
Mladen Turk	84d2f30cc8	Use global mutex instead sdbm file lock to fix issues with threaded mpm's	2017-05-19 17:16:08 -03:00
Felipe Zimmerle	a5bbb8345f	Fix compilation for 2.2.x and standalone after #1289	2017-05-11 09:14:49 -03:00
Robert Bost	4f55b5d1a7	Change from using rand() to thread-safe ap_random_pick.	2017-05-08 21:19:23 -03:00
Michael Bunk	f0112604a6	Remove misguided call to srand() ... A random number generator needs to be initialized once per process after a fork, but not after each request, more so with an argument that changes only once per second. This fixes SpiderLabs#778 This is a copy of my commit deec149ca363dd14213afd1f9d7f71a71959ef31.	2015-10-16 11:14:54 -03:00
Felipe Zimmerle	87a401af05	Fix remote resources download while hosting SSL site on Apache ... As reported by Christian Folin and Walter Hop on our dev mailing list, Apache mod_ssl was failing if a remote resource was utilized. That was happening because Curl clean up was also cleaning up the OpenSSL data used by mod_ssl. This patch moves Curl initialization to happens while ModSecurity is initialized.	2014-12-11 12:39:27 -08:00
Felipe Zimmerle	9b836b652a	Initial support to load rules from a remote server ... New directive `SecRemoteRules' was added. It allows the user to load a set of rules from a given HTTP server.	2014-11-14 11:53:40 -08:00
Felipe Zimmerle	8d4c3e4f5c	Makes the build system to look for yajl using a macro file ... Now searching for yajl using find_yajl.m4 macro file instead of using pkg-config directly. If YAJL was not found or if it was disabled in the configure phase, the code will be compiled without JSON support.	2014-03-31 16:22:09 -07:00
Ulisses Albuquerque	c23097ce18	Added support for JSON body processor	2014-03-31 16:22:09 -07:00
Felipe Zimmerle	d93ce9ceee	Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables ... This variable is a combination from REQUEST_LINE, REQUEST_HEADERS and REQUEST_BODY (if any). Expects for \n\n in between each of those values.	2014-03-31 07:14:55 -07:00
Breno Silva	f8d441cd25	Fix Chunked string case sensitive issue - CVE-2013-5705	2013-09-04 08:57:07 -03:00
Breno Silva	3901128f17	Revert "Fix Chuncked string case sensitive issue" ... This reverts commit 16a815a3c2735f62238ef99af26090a2b8430d3d.	2013-09-04 08:53:40 -03:00
Breno Silva	16a815a3c2	Fix Chuncked string case sensitive issue	2013-09-04 08:43:34 -03:00
Breno Silva	eb95384577	Fixed: SecPerfRuleTimes storing unwanted rules	2013-04-23 18:52:20 -04:00
Breno Silva	aa18ec7f45	Updated copyright dates	2013-04-19 03:20:46 -04:00
Breno Silva	213cd1e840	Fixed: detect comma plus white space as a cookie separator - change variable names	2013-01-05 12:11:18 -04:00
Breno Silva	80146b2c74	Fixed: detect comma plus white space as a cookie separator	2013-01-05 09:48:49 -04:00
brenosilva	dc83528526	MODSEC-261	2012-10-04 15:53:40 +00:00
brenosilva	919e3f5e29	Reverted SecCookiev0Separator	2012-10-03 17:33:37 +00:00
brenosilva	aee22ea461	MODSEC-261	2012-10-03 13:49:00 +00:00
brenosilva	592ec392d1	Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget*	2012-08-02 18:04:53 +00:00
brenosilva	f0fab2a803	Fix apache 2.4 compilation issue during make test	2012-05-14 23:08:11 +00:00
brenosilva	866cb6d6b4	Update trunk for 2.7	2012-05-10 23:18:39 +00:00
brenosilva	d4079971c6	MODSEC-160	2011-10-14 13:32:30 +00:00
brenosilva	3d69126de0	Build and code fixes	2011-06-14 18:16:55 +00:00
brenosilva	e1025d0f0c	Change apr version macro by apache one	2011-05-18 18:33:20 +00:00
brenosilva	104f0de46e	New License	2011-03-30 14:12:44 +00:00
brenosilva	1a2d377e34	MODSEC-178	2011-03-28 18:47:58 +00:00
brenosilva	49732256f6	Improvements, fixes and new features	2011-03-25 13:51:13 +00:00
brenosilva	c04a4edb4b	MODSEC-144	2011-03-11 18:48:58 +00:00
brenosilva	7f52d86e4b	Include data edition, sanitizematched and few fixes	2011-02-14 12:49:55 +00:00
brenosilva	549f059480	move 2.5.13 into trunk	2010-12-08 18:58:18 +00:00
b1v1r	058283fb5a	Add the ability to build custom request body parser extensions. ... Add an example for a request body parser extension.	2010-05-05 23:01:11 +00:00
b1v1r	08edc0c26f	Merge 2.5.x (2.5.12) changes into trunk.	2010-02-05 19:05:20 +00:00
ivanr	ed11e27e0f	Moving performance logging from level 3 to level 4 to prevent it from polluting the error log	2010-02-04 08:39:26 +00:00
ivanr	e0f1608408	Move writing to collections and GC earlier so that the results can be logged.	2010-02-03 08:59:33 +00:00
ivanr	0ecfe86c3c	Add PERF_GC.	2010-02-03 08:46:42 +00:00
ivanr	5448b3fc26	Log the duration of garbage collection at level 3.	2010-02-03 07:29:54 +00:00
ivanr	bc35ab7e0b	Implement variables for access to performance measurements.	2010-02-01 11:44:32 +00:00
ivanr	7b56982f26	Implemented a new time-measuring mechanism. Added Stopwatch2.	2010-02-01 09:42:23 +00:00
ivanr	6d5e752cb3	Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered	2009-12-12 14:21:17 +00:00
b1v1r	b01f8190e4	Merged 2.5.x changes for 2.5.11 into trunk.	2009-11-06 18:38:15 +00:00
ivanr	8fe278e845	Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility.	2009-10-29 17:57:18 +00:00
b1v1r	73fb8eae5d	Merge latest 2.5.x changes to trunk.	2009-07-24 05:11:45 +00:00
b1v1r	dc0a2161ac	Merge 2.5.9 changes into trunk.	2009-03-12 15:31:10 +00:00
(no author)	4a336dadf2	Removed an invalid "Internal error" message forcing auditing of a request (MODSEC-29). ... Cleaned up error messages prior to using send_error_bucket().	2008-10-21 17:45:18 +00:00
brectanus	34798e9abe	Allow ability to force request body buffering to memory. Fixes MODSEC-2.	2008-09-03 20:42:28 +00:00
brectanus	20cc395510	Added mlogc source.	2008-09-02 23:10:36 +00:00
brectanus	10713fbd37	Sync up branches/2.5.x and trunk.	2008-07-31 22:36:24 +00:00