Felipe Zimmerle
ff19dcd5c5
Bugfix: missing string terminator while mounting the charset (nginx)
...
The charset in headers is mounted using ngx_snprintf which
does not place the string terminator. This patch adds the
terminator at the end of the string. The size was correctly
allocated, just missing the terminator.
This bug was report at:
- https://www.modsecurity.org/tracker/browse/MODSEC-420
- https://github.com/SpiderLabs/ModSecurity/issues/142
Both reports cames with patch, first by Veli Pekka Jutila and
second by wellumies.
2013-09-30 21:56:57 -03:00
Felipe Zimmerle
57330da9a1
nginx: Makes the build script to check for deps
...
The ModSecurity module has some dependencies that may not be part
of the Nginx build, and so it is not part of the configuration
options. In order to resolve this dependencies automatically this
`config' is now making use of the pkg-config, utility that is
popular to make this compatible layer between different Linux
distributions and operational systems.
2013-09-18 09:19:41 -03:00
chaizhenhua
e0993fcd7a
Fixed fd leackage after reload
2013-08-27 22:10:46 +08:00
Breno Silva
885eeecefb
Fix outbound size of salt variable
2013-06-12 09:51:25 -07:00
Breno Silva
a79e818497
Merge pull request #116 from chaizhenhua/remotes/trunk
...
Nginx: Fixed segfaults on reload
2013-06-12 07:32:53 -07:00
chaizhenhua
4ffdf9bf6d
Nginx: Fixed segfaults on reload
2013-06-11 19:44:02 +08:00
chaizhenhua
bad4586277
Nginx: Try to fix eats 100% cpu in ngx_event_pipe_write_to_downstream issue
2013-05-13 21:46:43 +08:00
Breno Silva
400a5f5f55
Nginx: Fix implicit declaration of base64 encode funtion
2013-05-13 03:54:18 -04:00
Breno Silva
35b36b7032
Nginx: Fix UNIQUE_ID
2013-05-13 03:34:47 -04:00
Breno Silva
6126374890
Merge pull request #96 from chaizhenhua/remotes/trunk
...
Nginx: Try to fix eats 100% cpu in ngx_event_pipe_write_to_downstream issue..
2013-05-13 07:30:27 -07:00
Breno Silva
aa18ec7f45
Updated copyright dates
2013-04-19 03:20:46 -04:00
chaizhenhua
fd2c30fa23
Nginx: minor improve
2013-04-17 11:17:17 +08:00
chaizhenhua
fdf0ba540f
Nginx Improved: set filter_need_in_memory flag so that nginx transfer response in memory, we do not need read from file buffer.
2013-04-11 16:02:06 +08:00
chaizhenhua
74278a8e9e
Nginx Improved response body filter, issue #56 might be fixed
2013-04-09 10:31:16 +08:00
chaizhenhua
e553761aec
Nginx Improved: if "SecResponseBodyAccess off" do not copy response body buffer
2013-04-07 12:32:10 +08:00
chaizhenhua
ddd6bd2a70
Nginx Improved: modsec terminate handling
2013-04-05 02:41:34 +08:00
chaizhenhua
5ce1818a9a
Nginx Fixed if "master_process off" is set nginx will crash at exit
2013-04-04 21:42:05 +08:00
chaizhenhua
a951a83eec
Nginx: Improved redirect action work for phases except log
2013-03-31 15:26:45 +08:00
chaizhenhua
088c660d58
Improved build script
2013-03-31 15:24:45 +08:00
chaizhenhua
42e9a5ab24
Nginx: Fixed internal request finalized after rewrite with regex
2013-03-28 12:08:40 +08:00
chaizhenhua
86871ccab1
Fixed: Nginx crash in ngx_pool_context.c
2013-03-28 11:04:33 +08:00
chaizhenhua
6934acf0e1
Nginx: Fixed memory leakage
2013-03-28 10:20:22 +08:00
chaizhenhua
a87b06f9f0
Nginx: Fixed config file
2013-03-28 10:11:28 +08:00
Breno Silva
2fcc08952b
Nginx: fix makefile
2013-03-23 12:33:44 -04:00
chaizhenhua
177b5b9c98
Nginx: Added SecDisableBackendCompression support
...
Nginx: Added internel redirected request processing
2013-03-22 14:42:56 +08:00
Breno Silva
43162f52cf
Fixed: Nginx return 500 when request body is off
2013-03-05 02:38:46 -04:00
Breno Silva
4a8e536b0b
Nginx: fixed SecRequestBodyAccess
2013-01-30 16:51:42 -04:00
chaizhenhua
1a89b6b8a6
Fixed deny not work in response phase, Fixed debug log message
2013-01-31 09:09:28 +08:00
chaizhenhua
ed1d3d927a
Fixed Action Drop not work
2013-01-27 08:05:46 +08:00
chaizhenhua
972d9e2abf
Added Response Phase for Nginx
2013-01-26 22:44:54 +08:00
Greg Wroblewski
c53e743c86
IIS version improvements
2013-01-18 11:39:05 -08:00
Breno Silva
54245c9248
Merge pull request #27 from chaizhenhua/read_client_request_body
...
remove Nginx ModSecurityPass command
2013-01-11 11:50:43 -08:00
chaizhenhua
0566d652c7
Fixed hang up when post multiple request
2013-01-09 11:08:08 +08:00
chaizhenhua
22b8293fdf
Fixed content length error
2013-01-07 10:42:15 +08:00
chaizhenhua
275cb28a0e
Added 'ngx_modsecurity_write_body_cb' so that NGINX can deal with STREAM_INPUT_BODY
2013-01-06 21:51:36 +08:00
chaizhenhua
604643c4b9
change CRLF to LF
2013-01-06 16:26:10 +08:00
chaizhenhua
d5a6df167c
promote modsecurity_handler from CONTENT_PHASE to PREACCESS_PHASE, so that we can process and pass request to backend without internal redirect.
2013-01-06 14:28:10 +08:00
chaizhenhua
86e0455724
Fixed compile error
2013-01-05 08:27:58 +08:00
Breno Silva
48030ca057
Merge pull request #22 from chaizhenhua/read_client_request_body
...
Fixed: ngx_http_read_client_request_body returned unexpected buffer type
2013-01-04 15:35:35 -08:00
chaizhenhua
82d44071d4
Fixed 'request body is larger ...' error
2013-01-04 23:50:27 +08:00
chaizhenhua
231921ce25
Revert "Fixed request body is larger"
...
This reverts commit ee47cccb63588fef6294351abdf07e7b914404d9.
2013-01-04 23:15:54 +08:00
chaizhenhua
ee47cccb63
Fixed request body is larger
2013-01-04 23:10:05 +08:00
Breno Silva
21b8770484
Added dirs to build nginx on Fedora
2012-12-26 20:22:20 -04:00
chaizhenhua
344ec7dfa0
Added cleanup handler for finalize request
2012-12-25 10:16:51 +08:00
chaizhenhua
5f97bec8d3
read client body in a better manner
2012-12-25 09:34:13 +08:00
chaizhenhua
77ccd0b7b5
Fixed: ngx_http_read_client_request_body returned unexpected buffer type
...
- after post request is processed
the calling to ngx_http_read_client_request_body will ingore
r->request_body_in_file_only option, which is not expected.
2012-12-24 22:18:13 +08:00
chaizhenhua
6815d17690
Added drop action for nginx
2012-12-20 12:32:58 +08:00
Breno Silva
d7280c61f0
Fixed NGINX compilation issues
2012-11-09 18:35:29 -04:00
Alan Silva
18c42d5135
TODO updated
2012-10-25 15:41:39 -02:00
brenosilva
060cf0ab3d
MODSEC-337
2012-10-08 18:50:10 +00:00