github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-09 17:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 9b5a42480b Fix for an evasion false positive, mistaking a multipart non-boundary for a boundary. ivanr 2007-11-08 18:13:50 +00:00
  • cd2287a412 Fix for an evasion false positive. ivanr 2007-11-08 18:12:51 +00:00
  • 83fb4b4da4 Fix more formatting errors/warnings on 64bit systems. brectanus 2007-11-07 20:22:09 +00:00
  • 7f71ae377c Fix another warning on %u used where %lu needed. brectanus 2007-11-07 20:00:26 +00:00
  • 838ea03049 Tag 2.1.4-rc3. v2.1.4-rc3 brectanus 2007-11-06 16:53:33 +00:00
  • 48d9956bc0 Update release dates. brectanus 2007-11-06 16:52:51 +00:00
  • e195cfe89a Add missing patch ifrom trunk for Solaris/64bit warnings. brectanus 2007-11-02 23:11:32 +00:00
  • 40c62ada80 Prepare for 2.1.4-rc3. brectanus 2007-11-02 22:55:25 +00:00
  • e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. brectanus 2007-11-02 22:31:47 +00:00
  • 5a54d3300d Fix warnings on Solaris and/or 64bit builds. brectanus 2007-11-02 22:31:47 +00:00
  • b48d3f020a Tag 2.1.4-rc2. v2.1.4-rc2 brectanus 2007-10-25 15:37:39 +00:00
  • 7f1c802b49 Update docs and versions for 2.1.4-rc2. brectanus 2007-10-25 15:34:46 +00:00
  • c81403a76a Add reminder to fix any remaining Solaris compile issue prior to -rc2. brectanus 2007-10-23 22:21:00 +00:00
  • 3bed113247 Fix warning on 64 bit platforms. brectanus 2007-10-23 22:18:43 +00:00
  • faec5b8e9d Fix a possible loss of data warning when compiling 64bit reported by Marc Stern. brectanus 2007-10-23 22:16:39 +00:00
  • 05b8934eaf Update version/date in docs. brectanus 2007-10-17 23:21:33 +00:00
  • 2b346dd086 Updated input filter insertion code for sub-requests. brectanus 2007-10-17 23:07:00 +00:00
  • 8e99090067 Add the input filter if we have read the body (even if a sub-request). See #335. brectanus 2007-10-17 22:41:37 +00:00
  • 9d49adf028 Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258. brectanus 2007-10-17 19:59:28 +00:00
  • 974298a76c Added ctl:ruleRemoveById action. See #259. brectanus 2007-10-17 19:11:47 +00:00
  • 9efa02f423 Change ctl parameters to be case insensitive. Initial implementation of ctl:removeRuleById. See #259. brectanus 2007-10-16 00:14:42 +00:00
  • 1e5b8ab2d5 Tag 2.1.4-rc1. v2.1.4-rc1 brectanus 2007-10-15 18:31:54 +00:00
  • f66e8c5b38 Document MULTIPART_CRLF_LF_LINES. ivanr 2007-10-15 18:27:42 +00:00
  • 5549ed2ed8 Document MULTIPART_CRLF_LF_LINES. ivanr 2007-10-15 18:27:42 +00:00
  • b0d514478f Fix blocking multipart FP, which affected Safari. ivanr 2007-10-15 18:05:12 +00:00
  • 5cc5a608b9 Fix blocking multipart FP, which affected Safari. ivanr 2007-10-15 18:05:12 +00:00
  • bd67485b66 Update for version 2.1.4-rc1. brectanus 2007-10-15 17:49:12 +00:00
  • d5683134cf Do not process subrequests in phase 2-4. brectanus 2007-10-15 17:48:22 +00:00
  • 2060517f8f Argh! Update for version 2.1.4-rc1, not 2.1.4. brectanus 2007-10-15 17:47:21 +00:00
  • e8c162e7a9 Update version for 2.1.4. brectanus 2007-10-15 17:46:21 +00:00
  • d5f3b9ce52 Fix multipart parser blocking FP with Safari ( (#317). ivanr 2007-10-15 17:27:51 +00:00
  • 793b576701 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. brectanus 2007-10-15 16:50:36 +00:00
  • b784e6cb73 Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123. brectanus 2007-10-03 00:23:46 +00:00
  • 83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. Added @containsWord. See #182. brectanus 2007-10-02 18:50:35 +00:00
  • a6cf7957be Update ModSecurity chroot documentation. ivanr 2007-10-01 22:38:19 +00:00
  • da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. brectanus 2007-10-01 22:35:52 +00:00
  • e0e031d163 Oops, too fast to blame apr :) This bug was a forgotten NULL in the apr_pstrcat function. Apparently newer APRs can handle this. brectanus 2007-10-01 19:05:34 +00:00
  • dc71842cee Revert to apr_psprintf (vs apr_pstrcat) to get around what appears to be an apr bug with FC4. brectanus 2007-10-01 18:45:06 +00:00
  • 9d4965b29e Fix macro expansion in setvar. See #126. brectanus 2007-10-01 17:24:10 +00:00
  • 2d526f1434 Fix typo in a comment. brectanus 2007-10-01 17:23:38 +00:00
  • b661574973 Document the 'tag' action. See #276. brectanus 2007-09-28 22:16:37 +00:00
  • 27ba3027b7 Move init of msr->msc_rule_mptmp before msr storage. brectanus 2007-09-28 21:06:57 +00:00
  • fe1021e369 More cleanup of error messages and marking as relevant. See #4. brectanus 2007-09-28 20:02:02 +00:00
  • 8b6f0e72a7 Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. brectanus 2007-09-27 21:38:33 +00:00
  • 63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. brectanus 2007-09-27 21:34:29 +00:00
  • f3a8854fe9 Mark any error conditions/alerts as 'relevant'. Clean up/add error messages where this can happen. brectanus 2007-09-27 21:18:23 +00:00
  • 5022ddcadf Cleanup more subrequest code. Do not run with subrequests in phase 3-4. Still need to look at phase 5 to see what I can cleanup there. See #135. brectanus 2007-09-26 21:46:06 +00:00
  • 86c9a9bf1f Cleanup CHANGES. brectanus 2007-09-26 21:39:45 +00:00
  • 9f898a0e0b Fixed comment. brectanus 2007-09-26 19:49:48 +00:00
  • 7c393c4874 Fixed the wrong status being displayed in the error page. See #3. brectanus 2007-09-26 19:47:06 +00:00
  • 72f8149338 Do not process subrequests in phase 2. See #135. brectanus 2007-09-26 18:03:08 +00:00
  • 426ce1aea7 Fixed deprecatevar. See #59. brectanus 2007-09-25 21:40:04 +00:00
  • a1955d09e3 Add crude performance measurement. ivanr 2007-09-24 23:59:42 +00:00
  • 009c3b0fa1 Document SecResponseBodyLimitAction. ivanr 2007-09-21 23:37:56 +00:00
  • 9ed3cf9e5a Added support for partial response body processing. ivanr 2007-09-21 23:23:11 +00:00
  • 59333a6a81 Update CHANGES. ivanr 2007-09-21 22:15:12 +00:00
  • 79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. ivanr 2007-09-21 19:46:53 +00:00
  • dfe09ff1b0 Fix content injection C++ style comments. ivanr 2007-09-21 19:36:57 +00:00
  • 2a707d4370 Enable our output filters to intercept bodies of error responses (#65). ivanr 2007-09-21 19:06:54 +00:00
  • eb6b456f5b Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255. brectanus 2007-09-21 00:20:31 +00:00
  • b217e42624 Merge in fix for ErrorDocument. brectanus 2007-09-17 17:10:38 +00:00
  • ad940d1ff9 Partially corrected the filter error code. See #3. brectanus 2007-09-14 23:01:58 +00:00
  • 53011819d4 Cleanup some doc formatting. Prepare trunk for use as 2.5.0-devN tree. brectanus 2007-09-14 21:41:34 +00:00
  • c8e5c7fcd5 Sync trunk from branches/2.1.x (merge in branch fixes). brectanus 2007-09-14 21:00:56 +00:00
  • ce53acb348 Updated copyright dates in xsl files. See #253. brectanus 2007-09-12 19:09:02 +00:00
  • 4b97711e84 Update versions to 2.1.x for branch. brectanus 2007-09-12 19:06:52 +00:00
  • 8a54517f0d Updated copyright dates in xsl files. See #253. brectanus 2007-09-12 19:04:54 +00:00
  • 14937cac07 Tag 2.1.3 for release. v2.1.3 brectanus 2007-09-11 21:02:25 +00:00
  • 8106064eb9 Update CHANGES and release dates for 2.1.3. brectanus 2007-09-11 21:00:49 +00:00
  • 1e603d8a3e Detect and use new API calls to get the server version/banner when available. brectanus 2007-09-11 18:01:28 +00:00
  • 8549546b5e Add a cast to unsigned char * to avoid warning. brectanus 2007-09-11 17:59:14 +00:00
  • b2c3cb4261 Update CHANGES. ivanr 2007-09-07 17:11:59 +00:00
  • b95cc3b372 Updated the manuals (trunk and the 2.1.x branch) to cover the new multipart stuff. More detail is needed but there is not enough time for that today. Also added back the impedance mismatch stuff and the PHP peculiarities. ivanr 2007-09-07 17:03:26 +00:00
  • 49c6de41e3 Updated the manuals (trunk and the 2.1.x branch) to cover the new multipart stuff. More detail is needed but there is not enough time for that today. Also added back the impedance mismatch stuff and the PHP peculiarities. ivanr 2007-09-07 17:03:26 +00:00
  • ba85c17b01 Update minimal configuration template to use strict multipart parsing. ivanr 2007-09-07 16:24:31 +00:00
  • 357599de5d Update minimal configuration template to use strict multipart parsing. ivanr 2007-09-07 16:24:31 +00:00
  • 29335711c4 Update CHANGES to reflect the added variables as well. brectanus 2007-09-07 16:22:04 +00:00
  • 8c03adb4f1 Add cast to unsigned char * to strtolower_inplace call. brectanus 2007-09-07 16:19:00 +00:00
  • fa2b97ddb4 Tidy code. Small bug fixes. ivanr 2007-09-07 16:01:28 +00:00
  • eb7320bd74 Tidy code. Small bug fixes. ivanr 2007-09-07 16:01:28 +00:00
  • 88ca67956b Tidy code. Update MULTIPART_STRICT_ERROR with multipart changes from the trunk. ivanr 2007-09-07 14:15:37 +00:00
  • 0769f2378c More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. ivanr 2007-09-07 13:16:40 +00:00
  • 2538f63aa8 More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. ivanr 2007-09-07 13:16:40 +00:00
  • 40c3671306 Update versions for release of 2.1.3. brectanus 2007-09-06 00:08:45 +00:00
  • 8492562fdc Tag 2.1.3-rc2 v2.1.3-rc2 brectanus 2007-08-22 20:42:04 +00:00
  • 9056221c8d Update release date. brectanus 2007-08-22 20:41:22 +00:00
  • 6d925ff704 Merge in hook placement modifications from trunk. brectanus 2007-08-22 20:17:28 +00:00
  • d7a92cac2b Adjust hook placement so mod_breach_trans fixes the request before us. brectanus 2007-08-22 20:12:41 +00:00
  • 70e8246ae4 Update CHANGES. brectanus 2007-08-21 23:47:06 +00:00
  • 9e08017b32 Force rpaf and similar modules before mod_security2. brectanus 2007-08-21 23:44:19 +00:00
  • 9301461b33 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). ivanr 2007-08-20 16:09:48 +00:00
  • 5df3865c94 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. ivanr 2007-08-20 15:25:05 +00:00
  • 608f7f2b44 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. ivanr 2007-08-20 15:25:05 +00:00
  • 976d9ca136 Fix silly errors, typos. ivanr 2007-08-17 16:02:33 +00:00
  • 239fa00957 Fix silly errors, typos. ivanr 2007-08-17 16:01:24 +00:00
  • d9689e9cd2 Multipart parsing improvements. ivanr 2007-08-17 15:47:33 +00:00
  • baf6f59dff Multipart parsing improvements. ivanr 2007-08-17 15:47:33 +00:00
  • 391721559d Quiet "warning: int format, pid_t arg" type warnings. brectanus 2007-08-13 17:55:04 +00:00
  • 15fbb57973 Get ready for 2.1.3-rc2 brectanus 2007-08-13 17:54:12 +00:00
  • e275162463 Quiet "warning: int format, pid_t arg" type warnings. brectanus 2007-08-13 17:49:37 +00:00