github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
ModSecurity/apache2
History
Robert Paprocki 2b4ece14c6
Remove logdata and msg fields from JSON audit log rule elements 
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
2016-10-04 09:31:25 -03:00
..
libinjection
Updates the libinjection
2014-03-31 16:22:11 -07:00
acmp.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
acmp.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
apache2_config.c
Do not compile in JSON logging support if yajl is not found
2016-01-29 11:59:52 -03:00
apache2_io.c
This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE.
2016-03-16 10:35:22 -03:00
apache2_util.c
Fix apache logging limitation by using correct apache call. Apache 2.4 brought the option to change the ErrorLogFormat. However, many fields remain empty, as ModSecurity uses the wrong apache logging function. This fixes this behaviour with the use of ap_log_rerror.
2015-12-10 12:29:37 -03:00
apache2.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
Makefile.am
Initial support to load rules from a remote server
2014-11-14 11:53:40 -08:00
Makefile.win
IIS: Creates IIS_VERSION definition
2014-12-11 14:47:59 -08:00
mod_security2_config.hw
Updates to build on Windows with MS VC++ 8.
2008-02-13 07:10:54 +00:00
mod_security2.c
This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE.
2016-03-16 10:35:22 -03:00
modsecurity_config.h
IIS version improvements
2013-01-18 11:39:05 -08:00
modsecurity.c
Remove misguided call to srand()
2015-10-16 11:14:54 -03:00
modsecurity.h
Do not compile in JSON logging support if yajl is not found
2016-01-29 11:59:52 -03:00
modules.mk
Added support for JSON body processor
2014-03-31 16:22:09 -07:00
msc_crypt.c
Fix invalid storage reference by apr_psprintf() when creating a string from salt[]. salt[] is not '\0'-terminated, so apr_psprintf() needs to be told the extent of the bytes to read.
2015-03-26 08:55:54 -07:00
msc_crypt.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_geo.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_geo.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_gsb.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_gsb.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_json.c
json parser handle cleanup
2016-09-21 00:03:40 -03:00
msc_json.h
Code cosmetics: Reduces the amounts of warning.
2014-03-31 16:22:11 -07:00
msc_logging_json.h
first pass at JSON logging implementation
2016-01-29 11:59:52 -03:00
msc_logging.c
Remove logdata and msg fields from JSON audit log rule elements
2016-10-04 09:31:25 -03:00
msc_logging.h
Do not compile in JSON logging support if yajl is not found
2016-01-29 11:59:52 -03:00
msc_lua.c
Extends Lua implementation to support Lua 5.3
2016-01-08 18:39:29 -03:00
msc_lua.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_multipart.c
Uses %zu to print size_t instead of %d.
2014-03-31 16:22:11 -07:00
msc_multipart.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_parsers.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_parsers.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_pcre.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_pcre.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_release.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_release.h
Version 2.9.1 (final)
2016-03-09 14:48:29 -03:00
msc_remote_rules.c
Uses our own version of ap_find_command
2015-02-12 09:34:42 -08:00
msc_remote_rules.h
Makes Curl no longer a mandatory depedency for ModSecurity core
2014-12-03 08:28:59 -08:00
msc_reqbody.c
Makes the build system to look for yajl using a macro file
2014-03-31 16:22:09 -07:00
msc_status_engine.c
Improves the accuracy of version identification on status calls
2015-02-11 18:37:01 -08:00
msc_status_engine.h
Reducing the amount of compilation warnings
2014-12-11 12:42:58 -08:00
msc_tree.c
Fixes subnets representations using slash notation
2014-06-11 09:31:53 -07:00
msc_tree.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_unicode.c
Fix logical disjunction and conjunction issues
2013-08-12 18:43:56 -03:00
msc_unicode.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_util.c
Makes Curl no longer a mandatory depedency for ModSecurity core
2014-12-03 08:28:59 -08:00
msc_util.h
Reducing the amount of compilation warnings
2014-12-11 12:42:58 -08:00
msc_xml.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
msc_xml.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
persist_dbm.c
Improves #927 by checking earlier if the string is empty or not
2015-10-26 13:49:05 -03:00
persist_dbm.h
Updated copyright dates
2013-04-19 03:20:46 -04:00
re_actions.c
Cosmetic changes on #1031 to avoid compilation warning
2016-01-06 08:24:48 -03:00
re_operators.c
Closes a file handle that was left opened on fuzzy hash
2014-12-12 04:34:21 -08:00
re_tfns.c
Updated copyright dates
2013-04-19 03:20:46 -04:00
re_variables.c
Fix the variable resolution duration (Issue #662)
2015-10-27 14:40:01 -03:00
re.c
Perform the intercept_action as well as the disruptive actions.
2016-01-06 08:23:52 -03:00
re.h
Adds fuzzyHash operator
2014-11-14 11:53:39 -08:00
utf8tables.h
Updated copyright dates
2013-04-19 03:20:46 -04:00