ModSecurity

ModSecurity copied to clipboard

Don't spray XML parser errors to stderr

2

Currently, all XML parser errors are written to stderr, which in case of Apache means that the messages end up randomly in error_log, unformatted. This pull request adds custom XML...

erkia

marcstern

PR for [issue 533](https://github.com/SpiderLabs/ModSecurity/issues/533)

marcstern

Regex in setvar variables https://github.com/SpiderLabs/ModSecurity/issues/2927

marcstern

Allow multiple digits in sanitizeMatchedBytes

2

Allow multiple digits in sanitizeMatchedBytes

marcstern

Handle capture as tx.1=char in validateByteRange

5

marcstern

marcstern

Update verify_ssn.cc to fix new format

1

Fixes https://github.com/SpiderLabs/ModSecurity/issues/2970

jakubsuchy

fix: makes uri decode platform independent

1

`REQUEST_URI` variable content goes automatically through a URL decoding transformation process: https://github.com/SpiderLabs/ModSecurity/blob/5b094c0ce9044044f740e135df2a60c5f0858d4d/src/transaction.cc#L466 Internally the transformation is based on the `HEX2DEC` array mapping. https://github.com/SpiderLabs/ModSecurity/blob/5b094c0ce9044044f740e135df2a60c5f0858d4d/src/utils/string.h#L34-L55 `HEX2DEC` array returns `(char)-1` when the conversion...

M4tteoP

Currently `REQUEST_FILENAME` variable includes the domain name from the URL while according to the documentation this is not the expected behaviour. The details of the existing bug can be found...

PrajwalKrishna