cb6dc9ea27
Updates CHANGES to mention commit: fbd57
2017-06-23 16:18:54 -03:00
04e4a6f9b8
Initialize msre_var pointers
2017-06-23 16:16:23 -03:00
13b32aacdf
Updates CHANGES to mention commit: 551314
2017-06-01 08:49:34 -03:00
5335587b95
Obtain port from r->connection->local_sockaddr.
...
This eliminates segfaults caused by unset (NULL) r->port_start
and non-NULL r->port_end. In fact, r->port_start is always NULL,
so it is useless to rely on this pointer.
2017-06-01 08:48:37 -03:00
9c0229ce1f
Updates libinjection to v3.10.0
2017-05-31 21:06:33 -03:00
53571a860d
Updates libinjection.
...
This is not yet their v3.10.0. But I belive it is close to be.
See #124 at client9/libinjection for further information.
2017-05-30 10:48:11 -03:00
e5dbe59336
Adds info about pull request #1432
2017-05-30 08:14:44 -03:00
1684400eee
Fixes issue #1432 by not logging normal behavior to error.log and using APLOG_DEBUG instead
2017-05-30 08:13:11 -03:00
624bd2bf82
Adds info about pull request #1071
2017-05-22 18:59:20 -03:00
6473cf626d
Make url path absolute for SecHashEngine only when it is relative in the first place. Fix #752
2017-05-22 18:56:37 -03:00
6f49bad748
Fix the hex digit size for SHA1 on msc_crypt implementation
...
Fix #1354
2017-05-22 18:48:20 -03:00
a249574692
Avoids to flush xml buffer while assembling the injected html
...
Fix #742
2017-05-22 18:44:22 -03:00
72f632e9b6
Avoid additional operator invokation if last transform of a multimatch doesn't modify the input
...
Fixes #1086
2017-05-22 15:13:54 -03:00
9ac9ff8223
Adds a sanity check before use ctl:ruleRemoveTargetByTag
...
This commit closes the issue #1353
2017-05-22 09:23:58 -03:00
112ba45e7a
Makes global mutex for collections optional
2017-05-21 08:53:11 -03:00
c6f6dffed2
Move locking before table update
2017-05-19 17:16:08 -03:00
84d2f30cc8
Use global mutex instead sdbm file lock to fix issues with threaded mpm's
2017-05-19 17:16:08 -03:00
2de5175b9c
Fix collection naming problem
...
As reported on #1274 we had a problem while merging the collections.
Turns out that the collection name was wrong while passing the
information to setvar.
2017-05-19 10:29:30 -03:00
63462668a9
Refactoring on the doxygen generation
2017-05-16 16:27:46 -03:00
a5bbb8345f
Fix compilation for 2.2.x and standalone after #1289
2017-05-11 09:14:49 -03:00
4b5a6350af
Adds info about pull request #1289
2017-05-08 21:21:08 -03:00
4f55b5d1a7
Change from using rand() to thread-safe ap_random_pick.
2017-05-08 21:19:23 -03:00
cd4218bd40
Adds info about pull request #1279
2017-05-08 21:09:51 -03:00
10fb76ff16
Adding comments around odd looking code to prevent future scrutiny
2017-05-08 21:07:14 -03:00
d6bd0badc5
Cosmetics: fix #1400 indentation and help message
2017-05-08 16:01:37 -03:00
70322304f2
{dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log.
2017-05-08 15:36:58 -03:00
da995bb636
Adds sb_handle structure to specific versions of apache
...
Fix issue #1407
2017-05-05 23:06:43 -03:00
aa1a56f23f
Adds information about pull request #1308
2017-05-04 23:51:27 -03:00
9b3c32bb54
Makes #1308 compatible to older versions of Apache
2017-05-04 23:23:31 -03:00
019edfa1a9
This is a fix for #992 to allow drop to work with mod_http2
2017-05-04 22:19:57 -03:00
b6293988fe
Adds ap_log_cerror_ to the standalone implementation
2017-05-04 13:30:47 -03:00
7bdb79a1a2
Adds information about pull request #1340
2017-05-04 10:29:51 -03:00
0f59d4e044
query MPM after all config is loaded ( fixes #786 )
2017-05-04 10:09:07 -03:00
a2eb4c8b04
Don't update the scoreboard ourself ( fixes #1337 )
...
This is unsafe, and messes up the scoreboard on Apache >= 2.4.25 with Event MPM
2017-05-04 10:09:07 -03:00
53edb258bb
get correct worker_score in loop
2017-05-04 10:09:06 -03:00
8efece97f7
don't use sb_handle on apache 2.4
2017-05-04 10:09:06 -03:00
f813365f7e
Fix logging for Apache 2.4
2017-05-04 10:09:06 -03:00
caadf97524
Cosmetics: Fix 0x0bdda1 indentation issues
2017-05-03 09:34:47 -03:00
51f312736a
rule id is not logged in case rule has no msg
2017-05-03 09:20:32 -03:00
7f647e85ad
Adds missing $log_handler in MODSEC_EXTRA_CFLAGS
2017-05-02 21:45:42 -03:00
3e9e4b39cc
Cosmetics changes top of #1402
2017-05-02 17:14:06 -03:00
7246998f09
Adds option to disable logging of stopwatches in audit log.
2017-05-02 17:11:58 -03:00
41ae8db571
Fix configure help added in #1403
2017-05-02 11:11:47 -03:00
d7383c39dd
Option to disable logging of dechunking
2017-05-02 11:09:42 -03:00
a4724dfdab
Updates the libinjection
2017-04-28 14:56:06 -03:00
2c07a17fa3
Fix help message on configuration option added by #1381
2017-04-26 16:47:48 -03:00
7b86d8c51d
Extends a7731c by adding JSON support
2017-04-26 16:38:12 -03:00
3de0dfc5fd
Cosmetics: fix #1381 indentation
2017-04-26 16:04:31 -03:00
d1376c5525
Adds option to disable logging of Apache handler in audit log
2017-04-26 16:03:58 -03:00
f44852b4e0
Fix the issue number on Marc's CHANGE log entry
2017-04-26 15:57:48 -03:00
Felipe Zimmerle
Allan Boll
Andrei Belov
Victor Hora
Hideaki Hayashi
Daniel Stelter-Gliese
Mladen Turk
Robert Bost
Coty Sutherland
Marc Stern
Barry Pollard
Sander Hoentjen