github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,401 Commits 55 Branches 109 Tags
Commit Graph

2401 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
f5b47a8077
Duplicates the url variable in the disruptive action 
The log message needs to be freed by the consumer. Doing the same with
the url to keep the API consistent.
 2017-06-19 18:32:17 -03:00
Felipe Zimmerle
c3a0d8d9bb
Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
3ebc2d61fb
Enables random number generation 2017-06-16 23:20:28 -03:00
Felipe Zimmerle
4726912ec8
Audit Log: Adds space after response size 
Reported at #1452
 2017-06-16 22:55:15 -03:00
Felipe Zimmerle
20134ef242
Fix examples/using_bodies_in_chunks compilation 2017-06-10 20:40:12 -03:00
Felipe Zimmerle
e1f52a1cf2
Adds using bodies in chunks example 2017-06-10 09:28:22 -03:00
Felipe Zimmerle
9cb3f23b50
Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
616a95bfe0
Adds -lpthread to the reading_logs_via_rule_message example 2017-06-07 14:22:33 -03:00
Felipe Zimmerle
e795253ecf
Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
2a5085255e
Using multiple threads in reading logs via rule message example 2017-06-03 16:40:47 -03:00
Felipe Zimmerle
8fbb9e8128
Using pthreads to avoid concurrent access to the collection 2017-06-03 16:07:35 -03:00
Victor Hora
37868d1534
Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d
Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
a90b2a3ff7
Code cosmetics: init a vector. 2017-05-28 22:27:10 -03:00
Felipe Zimmerle
e1d3abc8e7
Removes memory leak on the counter variable modificator 2017-05-28 22:10:30 -03:00
Felipe Zimmerle
c49688fd7d
Verify if a certain resource exists before do any other sanity check 2017-05-28 22:10:15 -03:00
Felipe Zimmerle
6143eb99e3
Removes LMDB from the default configuration options 2017-05-10 12:50:38 -03:00
Felipe Zimmerle
37619bae77
Removes local cache for transformations 2017-05-10 09:29:08 -03:00
Felipe Zimmerle
0e05b7bb8a
Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361
Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
77a658c7cd
Updates libinjection version 2017-04-27 18:35:01 -03:00
Felipe Zimmerle
6421ff087a
Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Michael Simpson
7e59250068
Fix JSON parsing error message 2017-04-24 16:37:35 -03:00
Chaim Sanders
b58f713fe9
add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:49:45 -03:00
Felipe Zimmerle
e2bbe9858f
XML Parser: removes unnecessary message from debug logs 
Fix #44
 2017-04-05 09:40:05 -03:00
Felipe Zimmerle
ba070c9eaa
Speeds up utils::string::toupper function 2017-03-31 14:35:26 -03:00
Felipe Zimmerle
b3c8e97ff7
Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
c7053e572f
Postponing the decision to whenever save or not a log message to the last rule 
Whenever there is a chained rule, the decision of saving a message on the
webserver's log will be taken after the execution of all actions on the chain,
including the default actions.
 2017-03-29 14:51:32 -03:00
Felipe Zimmerle
4d03ef512e
Fix TX dictionary element name on logs 
Before this patch the element name was not being shown.
 2017-03-29 14:49:57 -03:00
Felipe Zimmerle
5f60bb5224
Yet another fix on the debuglogs merge 2017-03-28 18:11:31 -03:00
Felipe Zimmerle
cf4deaa3a0
Using uint64_t instead of u_int64_t 2017-03-28 12:55:40 -03:00
Felipe Zimmerle
d15b57895b
Fix the Multipart parser error for unknown content type 2017-03-28 09:38:10 -03:00
Felipe Zimmerle
80cfca6fa3
Fix the debug log level merge function 2017-03-27 14:09:42 -03:00
Felipe Zimmerle
2a54bf23e5
Fix the debug log merge function 2017-03-27 11:30:26 -03:00
Felipe Zimmerle
eb12b15146
Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
dbcf5a7198
API CHANGE: Rules::merge signature was change to includes error msg 2017-03-23 09:52:39 -03:00
Felipe Zimmerle
5e59d19121
Improves macro expansion speed and variable set attribution 2017-03-23 08:53:51 -03:00
Felipe Zimmerle
f17da09fc0
Avoids call `toupper' twice while resolving a variable 2017-03-23 08:53:51 -03:00
Andrei Belov
85f98c8a66
Fix "make dist" after recent changes to parser 
In particular, it is now possible to either build ModSecurity
with pre-generated parser, or use "--enable-parser-generation"
configure option to rebuild parser from sources.
 2017-03-09 18:18:00 -03:00
Felipe Zimmerle
c290c73f9b
Updates travis' badge 2017-03-08 09:44:17 -03:00
Felipe Zimmerle
53485c7f74
Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e79712095b
Minor fix in the decision on whenever the log callback should be called 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2af60e765
Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
9ea5b475b2
Fix missing initialization on rules-check utility 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
6d61bd6b57
Adds rules-check utility 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d2c5b31b17
Uses FILE instead of _IO_FILE 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2bd87d07d
Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
c3cb23f47d
Removes the ';' from the x-www-form-urlencoded body-processor comparison 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
d6363607aa
Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
39761ce7b8
Discards the `charset' from the C-T while checking for body processors 
Issue #1330
 2017-03-06 15:02:03 -03:00