github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-08 17:28:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 5cb4823c4b Documented that we do not support atomic updates of persistent variables at this time. ivanr 2007-06-20 10:59:37 +00:00
  • 1c639cf7dd Added two payload examples for XPath expression examples. ivanr 2007-06-20 10:10:05 +00:00
  • 1ca54dcd5d Tag 2.1.2-rc1 v2.1.2-rc1 brectanus 2007-06-14 19:30:11 +00:00
  • 92963764e0 Remove XML targets from core rules. brectanus 2007-06-14 18:55:36 +00:00
  • efe52d4e77 Initialize rules tmp pool properly. Update to latest core rules. brectanus 2007-06-14 18:48:35 +00:00
  • 7141419f80 Fix bad merge of mem pool fix from trunk. Update to latest core rules. brectanus 2007-06-14 18:46:58 +00:00
  • a4835b73ff Fix bad merge of mem pool fix from trunk. Update to latest core rules. brectanus 2007-06-14 18:46:58 +00:00
  • a2a52b9ae7 Add remaining code for rule mem pool fix. brectanus 2007-06-14 17:58:50 +00:00
  • f2d16aafe9 Add rule temporary memory pool fix from trunk. brectanus 2007-06-14 17:39:49 +00:00
  • 2f81979776 Remove some accidentally added files from trunk. brectanus 2007-06-14 16:51:37 +00:00
  • 6d76a603ef Merge in Thinkingstone -> Breach changes from trunk. Backport some other minor changes from trunk. brectanus 2007-06-14 16:50:37 +00:00
  • 6569c444d8 Make rules/README UNIX style EOL. Merge another branch/2.1.x change. brectanus 2007-06-14 16:42:04 +00:00
  • d55e023bf7 Revert msr_log as macro (still work-in-progress) brectanus 2007-06-14 16:13:53 +00:00
  • 81d0f84ad3 Update copyright text to Breach Security, Inc. Merge in changes from branches/2.1.x brectanus 2007-06-14 16:05:45 +00:00
  • c39723c3aa Document SecPdfProtectMethod. ivanr 2007-06-14 15:48:53 +00:00
  • d6bccacb9a Fix typos. ivanr 2007-06-14 15:37:12 +00:00
  • 74738b29b0 Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases). ivanr 2007-06-14 15:26:08 +00:00
  • 8b843127ba Revert incorrect change to GET/HEAD detection code. This will teach me to always compile before I commit. ivanr 2007-06-14 14:59:48 +00:00
  • c7f5dc3355 Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented. ivanr 2007-06-14 14:54:23 +00:00
  • eec279c8d9 Cleanup code. ivanr 2007-06-14 14:43:35 +00:00
  • 16fb3b5f85 Cleanup CHANGES and change release date to today. brectanus 2007-06-14 13:49:21 +00:00
  • 71028eadf8 Cleanup fixes for internal requests for 2.1.2-rc1 brectanus 2007-06-12 20:34:49 +00:00
  • 6350e2badc Do not log alert message for subrequests. See #124. Cleanup CHANGES. brectanus 2007-06-11 21:28:03 +00:00
  • 23bd6b4331 Do not pause if we are not the main request. See #124. brectanus 2007-06-11 21:20:07 +00:00
  • 46d7a5ec6f Move transformation cache rec def re.h from modsecurity.h brectanus 2007-06-11 21:15:14 +00:00
  • 71eb6e17a4 Added XPath references. ivanr 2007-06-08 15:48:02 +00:00
  • dd6755985c Move the transformation cache recort into re.h. See #14. brectanus 2007-06-05 18:20:44 +00:00
  • 11456dd87a Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16. brectanus 2007-06-04 20:16:48 +00:00
  • e5c00d156a Added rule file/line to audit log messages. See #49. brectanus 2007-06-01 15:32:08 +00:00
  • f1607d007b Cleanup message output. See #16. brectanus 2007-06-01 15:21:04 +00:00
  • 86f648d267 Remove extraneous debug log message. brectanus 2007-06-01 13:04:13 +00:00
  • 12f055140a Merge in changes from trunk. Prepare for 2.1.2-rc1. brectanus 2007-05-31 19:03:52 +00:00
  • 84c0ca303e Fixed patch for subrequests to be more complete. See #124. brectanus 2007-05-31 15:42:42 +00:00
  • e887faac2b Add @pm/@pmfile operators (parallel patch). See #16. brectanus 2007-05-30 22:02:35 +00:00
  • f53c4241fd Add entry to CHANGES. brectanus 2007-05-30 16:13:22 +00:00
  • db04c64420 Cleanup brectanus 2007-05-30 16:10:17 +00:00
  • af6160b9c4 Fixed problem with subrequests not being intercepted. See #124. brectanus 2007-05-30 14:14:00 +00:00
  • c594c205c3 Fix new string operators to all resolve macros. Rename startsWith operator in code to match docs. See #54. brectanus 2007-05-29 14:58:05 +00:00
  • 6cc0173cfa Add caching for transformations. See #14. brectanus 2007-05-25 21:14:59 +00:00
  • 61238ca22f Argh! That last one was not meant to be checked in - reverting 281. brectanus 2007-05-25 21:01:11 +00:00
  • e11ff85421 Fixed log_escape_raw when length was <= 0 brectanus 2007-05-25 20:56:03 +00:00
  • 220abd3444 Quiet uninitialized warning. brectanus 2007-05-24 21:56:34 +00:00
  • a1a0c24b88 Do not compile on Solaris with visibility attributes. brectanus 2007-05-23 16:04:25 +00:00
  • 3fbf2b93c9 Modify docs for t:urlDecodeUni. (See #122) brectanus 2007-05-21 17:25:47 +00:00
  • a627e96c75 Lessen "capture" debug log messages. brectanus 2007-05-17 12:02:59 +00:00
  • eaa8e444dd Fixed decoding full-width unicode in t:urlDecodeUni for ASCII range 0xFF01-0xFF5E. Probably need more work/testing. (See #122) brectanus 2007-05-16 20:09:28 +00:00
  • 97a1718d39 Only calculate debug data when we are debugging. NOTE: Last commit message was wrong. brectanus 2007-05-16 19:55:13 +00:00
  • e03ea11f9a Only calculate debug data when we are debugging. brectanus 2007-05-16 19:48:21 +00:00
  • b60f206976 Remove use of GNU extention strnlen(). Fix CHANGES. brectanus 2007-05-16 19:37:27 +00:00
  • a4c9c4a990 Tag 2.2.0-dev1 v2.2.0-dev1 brectanus 2007-05-14 15:50:06 +00:00
  • af5ae50bc5 Reformat CHANGES for 80col. brectanus 2007-05-14 15:48:00 +00:00
  • cc983ac070 Re-version as 2.1.1-breach3. brectanus 2007-05-11 21:21:52 +00:00
  • f20cee53b5 Prepare 2.2.x branch for upcoming 2.2.0-dev1 release. brectanus 2007-05-11 17:05:00 +00:00
  • ccbdf87d19 Create the 2.2.x branch brectanus 2007-05-11 17:00:33 +00:00
  • a68eb04884 Add geo lookup support. See #22. brectanus 2007-05-11 16:14:11 +00:00
  • d8abb48ad9 Fixed a problem with content injection that resulted in content being injected twice. ivanr 2007-05-11 11:04:34 +00:00
  • 2733cc739a Do not try to intercept a request after a failed rule. (See #53) brectanus 2007-05-10 04:28:37 +00:00
  • dfde8169e6 Documented the PDF XSS protection functionality. It's not much but it will do for now. ivanr 2007-05-03 17:02:37 +00:00
  • f1d4e0e2ff Documented RESPONSE_CONTENT_LENGTH and RESPONSE_CONTENT_TYPE. ivanr 2007-05-03 16:47:34 +00:00
  • d8418c3aa3 Documented SecContentInjection, append, and prepend. ivanr 2007-05-03 16:41:12 +00:00
  • c0c5d8d894 Removed extraneous symbols from dso via DSOLOCAL. brectanus 2007-05-03 16:17:42 +00:00
  • fca9eabafe Merged the PDF XSS protection functionality into ModSecurity. ivanr 2007-05-03 12:09:24 +00:00
  • c559f3ee21 Change @eq to @streq. See #54. brectanus 2007-05-03 03:41:29 +00:00
  • 2aa6e61605 Exported API for registering custom variables. See #120. Simple example in api/mod_var_remote_host_port.c brectanus 2007-05-03 03:26:30 +00:00
  • b47059a5b3 Remove docs for HTTP_* vars. See #23. brectanus 2007-05-03 01:52:47 +00:00
  • cd62f20022 Add docs for new transformations and operators. See #54, #55 and #117. brectanus 2007-05-02 17:00:13 +00:00
  • 0c234c115e Cleanup debug log output: add rev to 'Invoking rule' line, remove clearing mem pool line. brectanus 2007-05-02 16:00:20 +00:00
  • fa13b02f7f Updated the CHANGES file with the RESPONSE_* variable changes. ivanr 2007-05-02 11:23:21 +00:00
  • e0a8602929 Added experiemental support for content injection. ivanr 2007-05-02 11:22:09 +00:00
  • 20c0b11dd9 Added experimental RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE. ivanr 2007-05-02 10:02:20 +00:00
  • 3661a294a4 Added experimental RESPONSE_CONTENT_ENCODING. ivanr 2007-05-02 09:06:39 +00:00
  • 3f7fc7c758 Added string comparison operators: @contains, @is, @beginsWith and @endsWith with support for macro expansion. See #54. brectanus 2007-05-01 22:00:34 +00:00
  • 0a1610f850 More debug log enhancements - quote values to easier see whitespace. brectanus 2007-05-01 21:52:47 +00:00
  • a3c3f25ae0 Fix macro expansion. See #118. Fix some debug log output to escape NULs properly in preparation for #54. Up version to prepare for 2.2.0 pre-releases. brectanus 2007-05-01 21:36:24 +00:00
  • b93eef9db3 Added t:length to transform a value to its character length. See #55. brectanus 2007-05-01 15:59:52 +00:00
  • 5482606c37 Added t:trimLeft, t:trimRight, t:trim to remove whitespace from a value on the left, right or both. (see trac #117) brectanus 2007-05-01 15:55:35 +00:00
  • f1ea6fa6d1 Prepare for initial -breach release, 2.1.1-breach1 brectanus 2007-04-25 21:21:26 +00:00
  • 1a9954c2a3 Merge in SecAuditLog2 from trunk. (trac #102) brectanus 2007-04-25 21:16:51 +00:00
  • d9a26780ab Add SecAuditLog2 directive (trac #102) brectanus 2007-04-25 20:46:23 +00:00
  • e556a914f9 Remove tabs brectanus 2007-04-25 17:53:02 +00:00
  • f2c96bae2a I added notes about accessing response headers in phase:3 and phase:5. rbarnett 2007-04-12 18:46:12 +00:00
  • a34a3c0a60 Tagged 2.1.1. ivanr 2007-04-11 17:04:50 +00:00
  • 424a51c0f7 ivanr 2007-04-11 17:01:24 +00:00
  • aaf1a3cca8 Combine changes to 2.1.1-rc1 - 2.1.1 into one block. brectanus 2007-04-11 15:02:16 +00:00
  • ba65828c7f Change version to 2.1.1 brectanus 2007-04-11 14:58:26 +00:00
  • 0e6f84868b Fix a bug introduced in ctl:auditLogParts during compiler warning suppression that could corrupt AuditLogParts value. brectanus 2007-04-11 14:56:26 +00:00
  • e72540b0a0 I added the XML and HTML files for the Migration Matrix doc. rbarnett 2007-04-10 20:23:36 +00:00
  • 82fdc7cf3f Format CHANGES to add space before '*' brectanus 2007-04-05 17:43:22 +00:00
  • bd3f8b78e8 Tagged v2.1.1-rc2. v2.1.1-rc2 ivanr 2007-04-05 17:14:22 +00:00
  • 39e42199ce ivanr 2007-04-05 17:08:47 +00:00
  • 215331b90b ivanr 2007-04-05 17:06:31 +00:00
  • 51a5418b4b Update changes to reflect merges into 2.1.x branch brectanus 2007-04-05 15:13:22 +00:00
  • 318a93aeb7 Merge in trac #51 and #57 fixes for 2.1.1-rc2. brectanus 2007-04-05 15:06:35 +00:00
  • eab433187f Add PCRE_DOLLAR_ENDONLY to doc brectanus 2007-04-05 14:59:44 +00:00
  • 00dcb2714f Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. (trac #57) brectanus 2007-04-05 01:54:03 +00:00
  • a93c77e9a2 Updated line/num/id debug output with a format that is easier to parse. (trac #47) brectanus 2007-03-27 18:00:04 +00:00
  • 9e669fcc78 Better CHANGES entry. (trac #43) brectanus 2007-03-27 17:47:15 +00:00
  • 383119a147 Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. (trac #51) brectanus 2007-03-27 17:22:35 +00:00
  • f6de76b053 Removed CGI style HTTP_* variables in favor of REQUEST_HEADERS:Header-Name. (trac #23) brectanus 2007-03-27 17:18:21 +00:00
  • 485c664a42 Enhance debug log output for capturing to detect all regex/capture mismatches (trac #21). brectanus 2007-03-27 17:13:42 +00:00