ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00

Author	SHA1	Message	Date
brectanus	19887f9cc6	Added @within string comparison operator with support for macro expansion. See #134 .	2007-06-21 02:21:06 +00:00
brectanus	b58efb3466	Update CHANGES. Reversion from 2.2. to 2.5. Update @pmFromFile to base relative filenames off of rule file path.	2007-06-20 19:58:01 +00:00
ivanr	de739c60c0	Updated documentation for RESPONSE_CONTENT_TYPE and RESPONSE_CONTENT_LENGTH.	2007-06-20 11:17:07 +00:00
ivanr	8de8e44e09	Removed RESPONSE_CONTENT_ENCODING, which never worked as intended.	2007-06-20 11:10:47 +00:00
ivanr	5cb4823c4b	Documented that we do not support atomic updates of persistent variables at this time.	2007-06-20 10:59:37 +00:00
ivanr	1c639cf7dd	Added two payload examples for XPath expression examples.	2007-06-20 10:10:05 +00:00
brectanus	efe52d4e77	Initialize rules tmp pool properly. Update to latest core rules.	2007-06-14 18:48:35 +00:00
brectanus	a4835b73ff	Fix bad merge of mem pool fix from trunk. Update to latest core rules.	2007-06-14 18:46:58 +00:00
brectanus	6569c444d8	Make rules/README UNIX style EOL. Merge another branch/2.1.x change.	2007-06-14 16:42:04 +00:00
brectanus	d55e023bf7	Revert msr_log as macro (still work-in-progress)	2007-06-14 16:13:53 +00:00
brectanus	81d0f84ad3	Update copyright text to Breach Security, Inc. Merge in changes from branches/2.1.x	2007-06-14 16:05:45 +00:00
ivanr	c39723c3aa	Document SecPdfProtectMethod.	2007-06-14 15:48:53 +00:00
ivanr	74738b29b0	Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases).	2007-06-14 15:26:08 +00:00
ivanr	8b843127ba	Revert incorrect change to GET/HEAD detection code. This will teach me to always compile before I commit.	2007-06-14 14:59:48 +00:00
ivanr	c7f5dc3355	Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented.	2007-06-14 14:54:23 +00:00
ivanr	eec279c8d9	Cleanup code.	2007-06-14 14:43:35 +00:00
brectanus	6350e2badc	Do not log alert message for subrequests. See #124 . Cleanup CHANGES.	2007-06-11 21:28:03 +00:00
brectanus	23bd6b4331	Do not pause if we are not the main request. See #124 .	2007-06-11 21:20:07 +00:00
brectanus	46d7a5ec6f	Move transformation cache rec def re.h from modsecurity.h	2007-06-11 21:15:14 +00:00
ivanr	71eb6e17a4	Added XPath references.	2007-06-08 15:48:02 +00:00
brectanus	dd6755985c	Move the transformation cache recort into re.h. See #14 .	2007-06-05 18:20:44 +00:00
brectanus	11456dd87a	Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16 .	2007-06-04 20:16:48 +00:00
brectanus	e5c00d156a	Added rule file/line to audit log messages. See #49 .	2007-06-01 15:32:08 +00:00
brectanus	f1607d007b	Cleanup message output. See #16 .	2007-06-01 15:21:04 +00:00
brectanus	86f648d267	Remove extraneous debug log message.	2007-06-01 13:04:13 +00:00
brectanus	84c0ca303e	Fixed patch for subrequests to be more complete. See #124 .	2007-05-31 15:42:42 +00:00
brectanus	e887faac2b	Add @pm/@pmfile operators (parallel patch). See #16 .	2007-05-30 22:02:35 +00:00
brectanus	f53c4241fd	Add entry to CHANGES.	2007-05-30 16:13:22 +00:00
brectanus	db04c64420	Cleanup	2007-05-30 16:10:17 +00:00
brectanus	af6160b9c4	Fixed problem with subrequests not being intercepted. See #124 .	2007-05-30 14:14:00 +00:00
brectanus	c594c205c3	Fix new string operators to all resolve macros. Rename startsWith operator in code to match docs. See #54.	2007-05-29 14:58:05 +00:00
brectanus	6cc0173cfa	Add caching for transformations. See #14 .	2007-05-25 21:14:59 +00:00
brectanus	61238ca22f	Argh! That last one was not meant to be checked in - reverting 281.	2007-05-25 21:01:11 +00:00
brectanus	e11ff85421	Fixed log_escape_raw when length was <= 0	2007-05-25 20:56:03 +00:00
brectanus	220abd3444	Quiet uninitialized warning.	2007-05-24 21:56:34 +00:00
brectanus	a1a0c24b88	Do not compile on Solaris with visibility attributes.	2007-05-23 16:04:25 +00:00
brectanus	3fbf2b93c9	Modify docs for t:urlDecodeUni. (See #122 )	2007-05-21 17:25:47 +00:00
brectanus	a627e96c75	Lessen "capture" debug log messages.	2007-05-17 12:02:59 +00:00
brectanus	eaa8e444dd	Fixed decoding full-width unicode in t:urlDecodeUni for ASCII range 0xFF01-0xFF5E. Probably need more work/testing. (See #122 )	2007-05-16 20:09:28 +00:00
brectanus	97a1718d39	Only calculate debug data when we are debugging. NOTE: Last commit message was wrong.	2007-05-16 19:55:13 +00:00
brectanus	e03ea11f9a	Only calculate debug data when we are debugging.	2007-05-16 19:48:21 +00:00
brectanus	b60f206976	Remove use of GNU extention strnlen(). Fix CHANGES.	2007-05-16 19:37:27 +00:00
brectanus	a68eb04884	Add geo lookup support. See #22 .	2007-05-11 16:14:11 +00:00
ivanr	d8abb48ad9	Fixed a problem with content injection that resulted in content being injected twice.	2007-05-11 11:04:34 +00:00
brectanus	2733cc739a	Do not try to intercept a request after a failed rule. (See #53 )	2007-05-10 04:28:37 +00:00
ivanr	dfde8169e6	Documented the PDF XSS protection functionality. It's not much but it will do for now.	2007-05-03 17:02:37 +00:00
ivanr	f1d4e0e2ff	Documented RESPONSE_CONTENT_LENGTH and RESPONSE_CONTENT_TYPE.	2007-05-03 16:47:34 +00:00
ivanr	d8418c3aa3	Documented SecContentInjection, append, and prepend.	2007-05-03 16:41:12 +00:00
brectanus	c0c5d8d894	Removed extraneous symbols from dso via DSOLOCAL.	2007-05-03 16:17:42 +00:00
ivanr	fca9eabafe	Merged the PDF XSS protection functionality into ModSecurity.	2007-05-03 12:09:24 +00:00

... 3 4 5 6 7

308 Commits