Difference Between Revision 29 and internetx:managed:testing / mod_security
| [-] | Changed | mod_security-ix.changes |
|
x 1 2 -------------------------------------------------------------------3 -Wed Jan 11 06:34:21 UTC 2023 - Carsten Schoene <carsten.schoene@internetx.com>4 -5 -- Update to release 2.9.7 6 -7 --------------------------------------------------------------------8 -Thu Mar 17 10:30:16 UTC 2022 - Local OBS User <cs@linux-administrator.com>9 -10 -- Update to release 2.9.511 -12 --------------------------------------------------------------------13 -Mon Aug 23 11:39:54 UTC 2021 - Local OBS User <cs@linux-administrator.com>14 -15 -- Update to release 2.9.4 16 -17 --------------------------------------------------------------------18 -Wed Feb 5 09:52:49 UTC 2020 - Local OBS User <cs@linux-administrator.com>19 -20 -- Update to release 2.9.321 -22 --------------------------------------------------------------------23 -Wed May 16 06:44:59 UTC 2018 - cs@linux-administrator.com24 -25 -- Update to release 2.9.2 26 -27 --------------------------------------------------------------------28 -Thu Apr 9 09:26:32 UTC 2015 - cs@linux-administrator.com29 -30 -- Update to relesae 2.9.031 -- set PERL ENV var to /usr/bin/perl32 -- drop mlogc-disable-force-sslv3.patch (TLSv1 is default now)33 -34 --------------------------------------------------------------------35 -Fri Aug 8 17:29:19 UTC 2014 - cs@linux-administrator.com36 -37 -- Update to release 2.8.038 -39 --------------------------------------------------------------------40 -Sun Jan 5 16:20:52 UTC 2014 - cs@linux-administrator.com41 -42 -- enable --enable-htaccess-config 43 -44 --------------------------------------------------------------------45 -Thu Dec 19 23:23:46 UTC 2013 - cs@linux-administrator.com46 -47 -- Update to release 2.7.7 48 -49 --------------------------------------------------------------------50 -Tue Jul 30 17:01:30 UTC 2013 - cs@linux-administrator.com51 -52 -- Update to release 2.7.5 53 -54 --------------------------------------------------------------------55 -Thu Jul 11 19:33:18 UTC 2013 - cs@linux-administrator.com56 -57 -- build against asl-libxml2 for EL5 based systems58 -59 --------------------------------------------------------------------60 -Sat Jun 29 17:00:16 UTC 2013 - cs@linux-administrator.com61 -62 -- added CVE-2013-2765.patch for 2.6.8 (included in 2.7.4)63 -64 --------------------------------------------------------------------65 -Wed Jun 5 10:16:47 UTC 2013 - cs@linux-administrator.com66 -67 -- fix permissions in cleanup cron script 68 -69 --------------------------------------------------------------------70 -Mon May 27 17:02:32 UTC 2013 - cs@linux-administrator.com71 -72 -- Update to release 2.7.4 (only for >= SLE_11, >= EL6) 73 -74 --------------------------------------------------------------------75 -Fri Mar 29 17:31:45 UTC 2013 - cs@linux-administrator.com76 -77 -- Update to release 2.7.3 (only for >= SLE_11, >= EL6) 78 -79 --------------------------------------------------------------------80 -Fri Jan 25 20:10:39 UTC 2013 - cs@linux-administrator.com81 -82 -- Update to release 2.7.2 (only for >= SLE_11, >= EL6) 83 -84 --------------------------------------------------------------------85 -Sat Dec 29 10:33:37 UTC 2012 - cs@linux-administrator.com86 -87 -- Update to release 2.7.1 (only for >= SLE_11, >= EL6)88 -89 --------------------------------------------------------------------90 -Wed Oct 3 08:10:36 UTC 2012 - cs@linux-administrator.com91 -92 -- Update to release 2.6.8 93 -94 --------------------------------------------------------------------95 -Sun Jul 29 15:58:38 UTC 2012 - cs@linux-administrator.com96 -97 -- Update to release 2.6.7 98 -99 --------------------------------------------------------------------100 -Wed Jul 18 07:05:49 UTC 2012 - cs@linux-administrator.com101 -102 -- disable Rule 340152103 -104 --------------------------------------------------------------------105 -Tue Jul 3 08:30:53 UTC 2012 - cs@linux-administrator.com106 -107 -- disable Cross-Site Request Forgery (CSRF) rules108 -- add cleanup cron for /var/asl/data/audit109 -110 --------------------------------------------------------------------111 Mon Jun 18 10:21:17 UTC 2012 - cs@linux-administrator.com112 113 - Update to release 2.6.6114 |
||
| [-] | Changed | mod_security-ix.spec ^ |
|
129 1 2 -%define aslxml 13 -%define pkgname modsecurity-4 Summary: Security module for the Apache HTTP Server5 Name: mod_security 6 -%if 0%{?centos_version} >= 6 || 0%{?rhel_version} >= 600 || 0%{?sl_version} >= 600 || 0%{?suse_version} >= 1110 || 0%{?sles_version} >= 117 -%define pkgversion 2.9.78 -%define oldver 09 -%define _aslxml 010 -%define epoch 111 -BuildRequires: libxml2-devel12 -%else13 -%if %{aslxml}14 -%define pkgversion 2.9.715 -%define oldver 016 -%define _aslxml 117 -%define epoch 118 -BuildRequires: asl-libxml2-devel19 -%else20 -%define pkgversion 2.6.821 -%define pkgname modsecurity-apache_22 -%define oldver 123 -%define _aslxml 024 -%define epoch 025 -BuildRequires: libxml2-devel26 -%endif27 -%endif28 -Version: %{pkgversion}29 -Epoch: %{epoch}30 -Release: 3531 +Version: 2.6.632 +Release: 3033 License: GPLv234 URL: http://www.modsecurity.org/35 Group: System Environment/Daemons36 -Source: http://www.modsecurity.org/download/%{pkgname}%{version}.tar.bz237 +Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.bz238 %if 0%{?rhel_version} || 0%{?centos_version} || 0%{?sl_version} || 0%{?redhat_version}39 Source1: 00_mod_security.conf40 Source2: modsecurity_crs_10_config-default.conf41 42 Source3: zzz_asl_custom_exclude.conf43 Source4: zzz_asl_custom_local_exclude.conf44 Source5: modsec-clamscan.pl45 -Source6: modsec-clean_var-asl-data-audit46 Patch1: waf-label.patch47 -Patch2: modsecurity-2.9.1_curl-lower_7.34.patch48 -Patch50: CVE-2013-2765.patch49 +Patch2: mlogc-disable-force-sslv3.patch50 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)51 %if 0%{?rhel_version} || 0%{?centos_version} || 0%{?sl_version} || 0%{?redhat_version}52 Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)53 BuildRequires: httpd-devel pkgconfig lua-devel54 Requires: lua55 -%if 0%{?rhel} >= 7 56 -%define apxs %{_bindir}/apxs57 -%else58 %define apxs %{_sbindir}/apxs59 -%endif60 %define apache_libexecdir %(%{apxs} -q LIBEXECDIR) 61 ##%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR)62 %define apache_sysconfdir /etc/httpd63 64 Provides: apache2-mod_security2 = %{version}65 %endif66 67 -BuildRequires: pcre-devel libtool curl-devel 68 +BuildRequires: libxml2-devel pcre-devel libtool curl-devel 69 BuildRequires: curl70 71 -BuildRequires: autoconf automake72 Requires: libxml2 pcre73 Provides: ix-mod_security = %{version}74 75 76 as a powerful umbrella - shielding web applications from attacks.77 78 %prep79 -%setup -n %{pkgname}%{version}80 +%setup -n modsecurity-apache_%{version}81 %patch1 -p182 -%patch2 -p083 -%if 0%{?oldver} == 184 -%patch50 -p185 -%endif86 +%patch287 88 %build89 CFLAGS="%{optflags}"90 export CFLAGS91 -export PERL=/usr/bin/perl92 -93 -[ ! -f configure ] && ./autogen.sh94 95 %configure \96 -%if 0%{_aslxml} == 197 - --with-libxml=/var/asl/usr/ \98 -%endif99 - --enable-pcre-match-limit=no \100 - --enable-pcre-match-limit-recursion=no \101 - --enable-pcre-study \102 - --enable-htaccess-config103 + --disable-pcre-match-limit \104 + --disable-pcre-match-limit-recursion105 +106 +# Legacy from LoadFile107 +#perl -pi.orig -e 's|LIBDIR|%{_libdir}|;' %{SOURCE1}108 109 make %{_smp_mflags}110 111 112 install -D -m644 %{SOURCE3} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf113 install -D -m644 %{SOURCE4} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf114 install -D -m755 %{SOURCE5} %{buildroot}%{_bindir}/modsec-clamscan.pl115 -install -D -m755 %{SOURCE6} %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit116 -sed -i s@"%APAUSR%:%APAGRP%"@"%{apache_usr}:%{apache_grp}"@g %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit117 -118 mkdir -p %{buildroot}/var/log/mlogc/data119 install -D -m755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc120 install -m755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load.pl121 122 %config(noreplace) %{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf123 %config(noreplace) %{_sysconfdir}/mlogc.conf124 %config %{_sysconfdir}/mlogc-default.conf125 -%config %{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit126 %defattr(-,%{apache_usr},%{apache_grp})127 %dir /var/asl128 %dir /var/asl/data129 |
||
| [+] | Deleted | CVE-2013-2765.patch ^ |
| @@ -1,10 +0,0 @@ ---- modsecurity-apache_2.6.8/apache2/msc_reqbody.c.orig 2013-06-29 18:56:31.446864803 +0200 -+++ modsecurity-apache_2.6.8/apache2/msc_reqbody.c 2013-06-29 18:56:45.354863561 +0200 -@@ -170,6 +170,7 @@ - - /* Would storing this chunk mean going over the limit? */ - if ((msr->msc_reqbody_spilltodisk) -+ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON) - && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit)) - { - msc_data_chunk **chunks; | ||
| [+] | Deleted | modsecurity-2.9.1_curl-lower_7.34.patch ^ |
| @@ -1,60 +0,0 @@ ---- mlogc/mlogc.c.orig 2016-06-02 09:15:03.283648355 +0200 -+++ mlogc/mlogc.c 2016-06-02 10:59:44.378377602 +0200 -@@ -1270,33 +1270,36 @@ - } - - -- /* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl -- * < v7.34.0 -- * -- * version_num is a 24 bit number created like this: -- * <8 bits major number> | <8 bits minor number> | <8 bits patch number>. -- */ -- switch (tlsprotocol) { -- case 0: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -- break; -- case 1: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -- break; -- case 2: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -- break; -- default: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -- break; -- } - cmaj = curlversion->version_num >> 16; - cmin = (curlversion->version_num & 0x00ff00) >> 8; - cpat = (curlversion->version_num & 0x0000ff); - /* If cURL version < v7.34.0, use TLS v1.x */ - if (cmaj <= 7 && cmin < 34) { - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); -- } -+#ifdef CURL_SSLVERSION_TLSv1_0 -+ } else { -+ /* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl -+ * < v7.34.0 -+ * -+ * version_num is a 24 bit number created like this: -+ * <8 bits major number> | <8 bits minor number> | <8 bits patch number>. -+ */ -+ switch (tlsprotocol) { -+ case 0: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -+ break; -+ case 1: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -+ break; -+ case 2: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ break; -+ default: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ break; -+ } -+#endif -+ } - - curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE); | ||
| [+] | Changed | modsec-clamscan.pl ^ |
| @@ -27,7 +27,7 @@ my ($FILE) = @ARGV; -$cmd = "$CLAMSCAN --stdout --no-summary $FILE"; +$cmd = "$CLAMSCAN --stdout --disable-summary $FILE"; $input = `$cmd`; $input =~ m/^(.+)/; $error_message = $1; | ||
| [+] | Deleted | modsec-clean_var-asl-data-audit ^ |
| @@ -1,5 +0,0 @@ -#!/bin/bash -nice -n 19 find /var/asl/data/audit -type d -mindepth 1 -cmin +30 -print0 | xargs -r -0 rm -rf -mkdir -p /var/asl/data/audit -chown -R %APAUSR%:%APAGRP% /var/asl/data/audit -[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions || : | ||
| Deleted | modsecurity-2.8.0.tar.bz2 ^ | |
| Deleted | modsecurity-2.9.0.tar.bz2 ^ | |
| Deleted | modsecurity-2.9.2.tar.bz2 ^ | |
| Deleted | modsecurity-2.9.3.tar.bz2 ^ | |
| Deleted | modsecurity-2.9.4.tar.bz2 ^ | |
| Deleted | modsecurity-2.9.5.tar.bz2 ^ | |
| Deleted | modsecurity-2.9.7.tar.bz2 ^ | |
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/CHANGES ^ |
| @@ -1,20 +1,3 @@ -25 Sep 2012 - 2.6.8 -------------------- - - * Fixed ctl:ruleRemoveTargetByID order issue (MODSEC-333). Thanks to Armadillo Dasypodidae. - - * Fixed variable HIGHEST_SEVERITY incorrectly gets reset in a chain rule (MODSEC-315). Thanks to Valery Reznic. - -23 Jul 2012 - 2.6.7 -------------------- - - * Fixed explicit target replacement using SecUpdateTargetById was broken. - - * The ctl:ruleUpdateTargetById is deprecated and will be removed for future versions since - there is no safe way to use it per-request. - - * Added ctl:ruleRemoveTargetById that can be used to exclude targets to be processed per-request. - 08 Jun 2012 - 2.6.6 ------------------- | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/apache2/mod_security2.c ^ |
| @@ -84,7 +84,7 @@ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Loaded APR do not match with compiled!"); } - pcre_vrs = apr_psprintf(mp,"%d.%d ", PCRE_MAJOR, PCRE_MINOR); + pcre_vrs = apr_psprintf(mp,"%d.%d", PCRE_MAJOR, PCRE_MINOR); ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: PCRE compiled version=\"%s\"; " | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/apache2/modsecurity.c ^ |
| @@ -368,8 +368,6 @@ if (msr->response_headers_to_sanitize == NULL) return -1; msr->pattern_to_sanitize = apr_table_make(msr->mp, 32); if (msr->pattern_to_sanitize == NULL) return -1; - msr->removed_targets = apr_table_make(msr->mp, 16); - if (msr->removed_targets == NULL) return -1; /* Initialise cookies */ msr->request_cookies = apr_table_make(msr->mp, 16); | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/apache2/modsecurity.h ^ |
| @@ -280,7 +280,6 @@ apr_table_t *response_headers_to_sanitize; apr_table_t *request_cookies; apr_table_t *pattern_to_sanitize; - apr_table_t *removed_targets; unsigned int urlencoded_error; unsigned int inbound_error; | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/apache2/msc_release.h ^ |
| @@ -38,7 +38,7 @@ #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "6" -#define MODSEC_VERSION_MAINT "8" +#define MODSEC_VERSION_MAINT "6" #define MODSEC_VERSION_TYPE "" #define MODSEC_VERSION_RELEASE "" | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/apache2/re.c ^ |
| @@ -32,7 +32,6 @@ NULL, }; -static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *var); static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text, apr_array_header_t *arr, char **error_msg); static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule); @@ -44,117 +43,6 @@ /* -- Actions, variables, functions and operator functions ----------------- */ -static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *var) { - const char *targets = NULL, *exceptions = NULL; - char *savedptr = NULL, *target = NULL, *value = NULL; - char *c = NULL, *name = NULL, *id = NULL; - char *variable = NULL, *myvar = NULL; - char *myvalue = NULL, *myname = NULL; - const apr_array_header_t *tarr = NULL; - const apr_table_entry_t *telts = NULL; - int i, match = 0; - - if(msr == NULL) - return 0; - - if(var == NULL) - return 0; - - if(rule == NULL) - return 0; - - if(rule->actionset == NULL) - return 0; - - if(rule->actionset->id !=NULL) { - - myvar = apr_pstrdup(msr->mp, var->name); - - c = strchr(myvar,':'); - - if(c != NULL) { - myname = apr_strtok(myvar,":",&myvalue); - } else { - myname = myvar; - } - - tarr = apr_table_elts(msr->removed_targets); - telts = (const apr_table_entry_t*)tarr->elts; - - match = 0; - for (i = 0; i < tarr->nelts; i++) { - id = (char *)telts[i].key; - - if(strcasecmp(id, rule->actionset->id) == 0) { - exceptions = (char *)telts[i].val; - - targets = apr_pstrdup(msr->mp, exceptions); - - if(targets != NULL) { - if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "fetch_target_exception: Found exception target list [%s] for rule id %s", targets, rule->actionset->id); - } - - target = apr_strtok((char *)targets, ",", &savedptr); - - while(target != NULL) { - - variable = apr_pstrdup(msr->mp, target); - - c = strchr(variable,':'); - - if(c != NULL) { - name = apr_strtok(variable,":",&value); - } else { - name = variable; - value = NULL; - } - - if((strlen(myname) == strlen(name)) && - (strncasecmp(myname, name,strlen(myname)) == 0)) { - - if(value != NULL && myvalue != NULL) { - if((strlen(myvalue) == strlen(value)) && - strncasecmp(myvalue,value,strlen(myvalue)) == 0) { - if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target); - } - match = 1; - } - } else if (value == NULL && myvalue == NULL) { - if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target); - } - match = 1; - } else if (value == NULL && myvalue != NULL) { - if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target); - } - match = 1; - } - } - - target = apr_strtok(NULL, ",", &savedptr); - } - } else { - if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "fetch_target_exception: No exception target found for rule id %s.", rule->actionset->id); - - } - } - - } - - } - - } - - if(match == 1) - return 1; - - return 0; -} - char *update_rule_target(cmd_parms *cmd, directory_config *dcfg, msre_ruleset *rset, const char *p1, const char *p2, const char *p3) { @@ -169,7 +57,7 @@ int name_len = 0, value_len = 0; char *name = NULL, *value = NULL; char *opt = NULL, *param = NULL; - int i, rc, match = 0, var_appended = 0; + int i, rc, match = 0; int offset = 0; if(p1 == NULL || p2 == NULL || (dcfg == NULL && rset == NULL)) { @@ -237,25 +125,21 @@ targets = (msre_var **)rule->targets->elts; // TODO need a good way to remove the element from array, maybe change array by tables or rings for (i = 0; i < rule->targets->nelts; i++) { - if((strlen(targets[i]->name) == strlen(name)) && + if((strlen(targets[i]->name) == strlen(name)) && (strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) && (targets[i]->is_negated == is_negated) && (targets[i]->is_counting == is_counting)) { if(value != NULL && targets[i]->param != NULL) { if((strlen(targets[i]->param) == strlen(value)) && - strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) { + strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) { memset(targets[i]->name,0,strlen(targets[i]->name)); memset(targets[i]->param,0,strlen(targets[i]->param)); match = 1; - targets[i]->is_counting = 0; - targets[i]->is_negated = 1; } } else if (value == NULL && targets[i]->param == NULL){ memset(targets[i]->name,0,strlen(targets[i]->name)); match = 1; - targets[i]->is_counting = 0; - targets[i]->is_negated = 1; } else continue; @@ -273,7 +157,6 @@ if (rc < 0) { goto end; } - var_appended = 1; } else { goto end; } @@ -326,7 +209,7 @@ if(value != NULL && targets[i]->param != NULL) { if((strlen(targets[i]->param) == strlen(value)) && - strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) { + strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) { match = 1; } } else if (value == NULL && targets[i]->param == NULL){ @@ -342,22 +225,21 @@ target = NULL; } + if(match == 0 ) { rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); if (rc < 0) { goto end; } - var_appended = 1; } } p = apr_strtok(NULL,",",&savedptr); } - if(var_appended == 1) { + if(match == 0) { curr_targets = msre_generate_target_string(ruleset->mp, rule); rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, curr_targets, NULL, NULL); - rule->p1 = apr_pstrdup(ruleset->mp, curr_targets); } end: @@ -2273,24 +2155,10 @@ full_varname = var->name; } - rc = fetch_target_exception(rule, msr, var); - - if(rc > 0) { - - if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Executing operator \"%s%s\" with param \"%s\" against %s skipped.", - (rule->op_negated ? "!" : ""), rule->op_name, - log_escape(msr->mp, rule->op_param), full_varname); - } - - return RULE_NO_MATCH; - - } - if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Executing operator \"%s%s\" with param \"%s\" against %s.", - (rule->op_negated ? "!" : ""), rule->op_name, - log_escape(msr->mp, rule->op_param), full_varname); + (rule->op_negated ? "!" : ""), rule->op_name, + log_escape(msr->mp, rule->op_param), full_varname); } if (msr->txcfg->debuglog_level >= 9) { @@ -2385,8 +2253,8 @@ } /* Keep track of the highest severity matched so far */ - if ((acting_actionset->severity > 0) && (acting_actionset->severity < msr->highest_severity) - && !rule->actionset->is_chained) { + if ((acting_actionset->severity > 0) && (acting_actionset->severity < msr->highest_severity)) + { msr->highest_severity = acting_actionset->severity; } | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/apache2/re_actions.c ^ |
| @@ -819,17 +819,6 @@ return NULL; } else - if (strcasecmp(name, "ruleRemoveTargetById") == 0) { - char *parm = NULL; - char *savedptr = NULL; - - parm = apr_strtok(value,";",&savedptr); - - if(parm == NULL && savedptr == NULL) - return apr_psprintf(engine->mp, "ruleRemoveTargetById must has at least id;target1,targets2...targetN"); - - return NULL; - } else if (strcasecmp(name, "ruleUpdateTargetById") == 0) { char *parm = NULL; char *savedptr = NULL; @@ -1057,23 +1046,6 @@ return 1; } else - if (strcasecmp(name, "ruleRemoveTargetById") == 0) { - msre_rule *updated_rule = NULL; - char *p1 = NULL, *p2 = NULL; - char *savedptr = NULL; - - p1 = apr_strtok(value,";",&savedptr); - - p2 = apr_strtok(NULL,";",&savedptr); - - if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Ctl: ruleRemoveTargetById id=%s targets=%s", p1, p2); - } - - apr_table_addn(msr->removed_targets, p1, (const char *)apr_pstrdup(msr->mp, p2)); - - return 1; - } else if (strcasecmp(name, "ruleUpdateTargetById") == 0) { char *p1 = NULL, *p2 = NULL, *p3 = NULL; char *savedptr = NULL; | ||
| [+] | Changed | modsecurity-apache_2.6.6.tar.bz2/doc/Reference_Manual.html ^ |
| @@ -9,30 +9,26 @@ <meta name="generator" content="MediaWiki 1.15.1"> <meta name="robots" content="noindex,follow"> <meta name="keywords" content="Reference Manual"> - <link rel="alternate" type="application/x-wiki" title="Edit" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit"> - <link rel="edit" title="Edit" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit"> - <link rel="shortcut icon" href="https://sourceforge.net/favicon.ico"> + <link rel="shortcut icon" href="http://sourceforge.net/favicon.ico"> <link rel="search" type="application/opensearchdescription+xml" -href="https://sourceforge.net/apps/mediawiki/mod-security/opensearch_desc.php" +href="http://sourceforge.net/apps/mediawiki/mod-security/opensearch_desc.php" title="mod-security (en)"> <link rel="alternate" type="application/rss+xml" title="mod-security RSS Feed" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=rss"> +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=rss"> <link rel="alternate" type="application/atom+xml" title="mod-security Atom Feed" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=atom"> +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=atom"> <title>SourceForge.net: Reference Manual - mod-security</title> <link rel="stylesheet" href="Reference_Manual_files/commonPrint.css" type="text/css"> - <link rel="stylesheet" href="Reference_Manual_files/index_002.css" + <link rel="stylesheet" href="Reference_Manual_files/index_003.css" type="text/css"> <link rel="stylesheet" href="Reference_Manual_files/index.css" type="text/css"> <link rel="stylesheet" href="Reference_Manual_files/index_004.css" type="text/css"> - <link rel="stylesheet" href="Reference_Manual_files/index_003.css" + <link rel="stylesheet" href="Reference_Manual_files/index_002.css" type="text/css"> <!--[if lt IE 7]><script type="text/javascript" src="/apps/mediawiki/mod-security/skins/common/IEFixes.js?207"></script> <meta http-equiv="imagetoolbar" content="no" /><![endif]--> @@ -45,7 +41,7 @@ var wgScript = "/apps/mediawiki/mod-security/index.php"; var wgVariantArticlePath = false; var wgActionPaths = {}; - var wgServer = "https://sourceforge.net"; + var wgServer = "http://sourceforge.net"; var wgCanonicalNamespace = ""; var wgCanonicalSpecialPageName = false; var wgNamespaceNumber = 0; @@ -54,12 +50,12 @@ var wgAction = "view"; var wgArticleId = "12"; var wgIsArticle = true; - var wgUserName = "Brenosilva"; - var wgUserGroups = ["admin", "editor", "*", "user", "autoconfirmed"]; + var wgUserName = null; + var wgUserGroups = null; var wgUserLanguage = "en"; var wgContentLanguage = "en"; var wgBreakFrames = false; - var wgCurRevisionId = 507; + var wgCurRevisionId = 444; var wgVersion = "1.15.1"; var wgEnableAPI = true; var wgEnableWriteAPI = true; @@ -67,13 +63,11 @@ var wgDigitTransformTable = ["", ""]; var wgRestrictionEdit = []; var wgRestrictionMove = []; - var wgAjaxWatch = {"watchMsg": "Watch", "unwatchMsg": "Unwatch", "watchingMsg": "Watching…", "unwatchingMsg": "Unwatching…"}; /*]]>*/</script> <script type="text/javascript" src="Reference_Manual_files/wikibits.js"><!-- wikibits js --></script> <!-- Head Scripts --> <script type="text/javascript" src="Reference_Manual_files/ajax.js"></script> - <script type="text/javascript" src="Reference_Manual_files/ajaxwatch.js"></script> <script type="text/javascript" src="Reference_Manual_files/index.php"><!-- site js --></script> @@ -100,9 +94,9 @@ class="tocnumber">1</span> <span class="toctext">ModSecurity® Reference Manual</span></a> <ul> -<li class="toclevel-2"><a href="#Current_as_of_v2.5.13_v2.6_and_v2.7"><span - class="tocnumber">1.1</span> <span class="toctext">Current as of -v2.5.13 v2.6 and v2.7</span></a> +<li class="toclevel-2"><a href="#Current_as_of_v2.5.13_and_v2.6"><span +class="tocnumber">1.1</span> <span class="toctext">Current as of v2.5.13 + and v2.6</span></a> <ul> <li class="toclevel-3"><a href="#Copyright_.C2.A9_2004-2011_Trustwave_Holdings.2C_Inc."><span @@ -250,116 +244,98 @@ class="tocnumber">6.20</span> <span class="toctext">SecDefaultAction</span></a></li> <li class="toclevel-2"><a href="#SecDisableBackendCompression"><span class="tocnumber">6.21</span> <span class="toctext">SecDisableBackendCompression</span></a></li> -<li class="toclevel-2"><a href="#SecEncryptionEngine"><span -class="tocnumber">6.22</span> <span class="toctext">SecEncryptionEngine</span></a></li> -<li class="toclevel-2"><a href="#SecEncryptionKey"><span -class="tocnumber">6.23</span> <span class="toctext">SecEncryptionKey</span></a></li> -<li class="toclevel-2"><a href="#SecEncryptionParam"><span -class="tocnumber">6.24</span> <span class="toctext">SecEncryptionParam</span></a></li> -<li class="toclevel-2"><a href="#SecEncryptionMethodRx"><span -class="tocnumber">6.25</span> <span class="toctext">SecEncryptionMethodRx</span></a></li> -<li class="toclevel-2"><a href="#SecEncryptionMethodPm"><span -class="tocnumber">6.26</span> <span class="toctext">SecEncryptionMethodPm</span></a></li> -<li class="toclevel-2"><a href="#SecGeoLookupDb"><span class="tocnumber">6.27</span> +<li class="toclevel-2"><a href="#SecGeoLookupDb"><span class="tocnumber">6.22</span> <span class="toctext">SecGeoLookupDb</span></a></li> -<li class="toclevel-2"><a href="#SecGsbLookupDb"><span class="tocnumber">6.28</span> +<li class="toclevel-2"><a href="#SecGsbLookupDb"><span class="tocnumber">6.23</span> <span class="toctext">SecGsbLookupDb</span></a></li> -<li class="toclevel-2"><a href="#SecGuardianLog"><span class="tocnumber">6.29</span> +<li class="toclevel-2"><a href="#SecGuardianLog"><span class="tocnumber">6.24</span> <span class="toctext">SecGuardianLog</span></a></li> -<li class="toclevel-2"><a href="#SecHttpBlKey"><span class="tocnumber">6.30</span> +<li class="toclevel-2"><a href="#SecHttpBlKey"><span class="tocnumber">6.25</span> <span class="toctext">SecHttpBlKey</span></a></li> <li class="toclevel-2"><a href="#SecInterceptOnError"><span -class="tocnumber">6.31</span> <span class="toctext">SecInterceptOnError</span></a></li> -<li class="toclevel-2"><a href="#SecMarker"><span class="tocnumber">6.32</span> +class="tocnumber">6.26</span> <span class="toctext">SecInterceptOnError</span></a></li> +<li class="toclevel-2"><a href="#SecMarker"><span class="tocnumber">6.27</span> <span class="toctext">SecMarker</span></a></li> <li class="toclevel-2"><a href="#SecPcreMatchLimit"><span -class="tocnumber">6.33</span> <span class="toctext">SecPcreMatchLimit</span></a></li> +class="tocnumber">6.28</span> <span class="toctext">SecPcreMatchLimit</span></a></li> <li class="toclevel-2"><a href="#SecPcreMatchLimitRecursion"><span -class="tocnumber">6.34</span> <span class="toctext">SecPcreMatchLimitRecursion</span></a></li> -<li class="toclevel-2"><a href="#SecPdfProtect"><span class="tocnumber">6.35</span> +class="tocnumber">6.29</span> <span class="toctext">SecPcreMatchLimitRecursion</span></a></li> +<li class="toclevel-2"><a href="#SecPdfProtect"><span class="tocnumber">6.30</span> <span class="toctext">SecPdfProtect</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectMethod"><span -class="tocnumber">6.36</span> <span class="toctext">SecPdfProtectMethod</span></a></li> +class="tocnumber">6.31</span> <span class="toctext">SecPdfProtectMethod</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectSecret"><span -class="tocnumber">6.37</span> <span class="toctext">SecPdfProtectSecret</span></a></li> +class="tocnumber">6.32</span> <span class="toctext">SecPdfProtectSecret</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectTimeout"><span -class="tocnumber">6.38</span> <span class="toctext">SecPdfProtectTimeout</span></a></li> +class="tocnumber">6.33</span> <span class="toctext">SecPdfProtectTimeout</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectTokenName"><span -class="tocnumber">6.39</span> <span class="toctext">SecPdfProtectTokenName</span></a></li> +class="tocnumber">6.34</span> <span class="toctext">SecPdfProtectTokenName</span></a></li> <li class="toclevel-2"><a href="#SecReadStateLimit"><span -class="tocnumber">6.40</span> <span class="toctext">SecReadStateLimit</span></a></li> -<li class="toclevel-2"><a href="#SecSensorId"><span class="tocnumber">6.41</span> - <span class="toctext">SecSensorId</span></a></li> +class="tocnumber">6.35</span> <span class="toctext">SecReadStateLimit</span></a></li> <li class="toclevel-2"><a href="#SecWriteStateLimit"><span -class="tocnumber">6.42</span> <span class="toctext">SecWriteStateLimit</span></a></li> +class="tocnumber">6.36</span> <span class="toctext">SecWriteStateLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyAccess"><span -class="tocnumber">6.43</span> <span class="toctext">SecRequestBodyAccess</span></a></li> +class="tocnumber">6.37</span> <span class="toctext">SecRequestBodyAccess</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyInMemoryLimit"><span -class="tocnumber">6.44</span> <span class="toctext">SecRequestBodyInMemoryLimit</span></a></li> +class="tocnumber">6.38</span> <span class="toctext">SecRequestBodyInMemoryLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyLimit"><span -class="tocnumber">6.45</span> <span class="toctext">SecRequestBodyLimit</span></a></li> +class="tocnumber">6.39</span> <span class="toctext">SecRequestBodyLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyNoFilesLimit"><span -class="tocnumber">6.46</span> <span class="toctext">SecRequestBodyNoFilesLimit</span></a></li> +class="tocnumber">6.40</span> <span class="toctext">SecRequestBodyNoFilesLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyLimitAction"><span -class="tocnumber">6.47</span> <span class="toctext">SecRequestBodyLimitAction</span></a></li> +class="tocnumber">6.41</span> <span class="toctext">SecRequestBodyLimitAction</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyLimit"><span -class="tocnumber">6.48</span> <span class="toctext">SecResponseBodyLimit</span></a></li> +class="tocnumber">6.42</span> <span class="toctext">SecResponseBodyLimit</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyLimitAction"><span -class="tocnumber">6.49</span> <span class="toctext">SecResponseBodyLimitAction</span></a></li> +class="tocnumber">6.43</span> <span class="toctext">SecResponseBodyLimitAction</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyMimeType"><span -class="tocnumber">6.50</span> <span class="toctext">SecResponseBodyMimeType</span></a></li> +class="tocnumber">6.44</span> <span class="toctext">SecResponseBodyMimeType</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyMimeTypesClear"><span -class="tocnumber">6.51</span> <span class="toctext">SecResponseBodyMimeTypesClear</span></a></li> +class="tocnumber">6.45</span> <span class="toctext">SecResponseBodyMimeTypesClear</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyAccess"><span -class="tocnumber">6.52</span> <span class="toctext">SecResponseBodyAccess</span></a></li> -<li class="toclevel-2"><a href="#SecRule"><span class="tocnumber">6.53</span> +class="tocnumber">6.46</span> <span class="toctext">SecResponseBodyAccess</span></a></li> +<li class="toclevel-2"><a href="#SecRule"><span class="tocnumber">6.47</span> <span class="toctext">SecRule</span></a></li> <li class="toclevel-2"><a href="#SecRuleInheritance"><span -class="tocnumber">6.54</span> <span class="toctext">SecRuleInheritance</span></a></li> -<li class="toclevel-2"><a href="#SecRuleEngine"><span class="tocnumber">6.55</span> +class="tocnumber">6.48</span> <span class="toctext">SecRuleInheritance</span></a></li> +<li class="toclevel-2"><a href="#SecRuleEngine"><span class="tocnumber">6.49</span> <span class="toctext">SecRuleEngine</span></a></li> -<li class="toclevel-2"><a href="#SecRulePerfTime"><span -class="tocnumber">6.56</span> <span class="toctext">SecRulePerfTime</span></a></li> <li class="toclevel-2"><a href="#SecRuleRemoveById"><span -class="tocnumber">6.57</span> <span class="toctext">SecRuleRemoveById</span></a></li> +class="tocnumber">6.50</span> <span class="toctext">SecRuleRemoveById</span></a></li> <li class="toclevel-2"><a href="#SecRuleRemoveByMsg"><span -class="tocnumber">6.58</span> <span class="toctext">SecRuleRemoveByMsg</span></a></li> +class="tocnumber">6.51</span> <span class="toctext">SecRuleRemoveByMsg</span></a></li> <li class="toclevel-2"><a href="#SecRuleRemoveByTag"><span -class="tocnumber">6.59</span> <span class="toctext">SecRuleRemoveByTag</span></a></li> -<li class="toclevel-2"><a href="#SecRuleScript"><span class="tocnumber">6.60</span> +class="tocnumber">6.52</span> <span class="toctext">SecRuleRemoveByTag</span></a></li> +<li class="toclevel-2"><a href="#SecRuleScript"><span class="tocnumber">6.53</span> <span class="toctext">SecRuleScript</span></a></li> <li class="toclevel-2"><a href="#SecRuleUpdateActionById"><span -class="tocnumber">6.61</span> <span class="toctext">SecRuleUpdateActionById</span></a></li> +class="tocnumber">6.54</span> <span class="toctext">SecRuleUpdateActionById</span></a></li> <li class="toclevel-2"><a href="#SecRuleUpdateTargetById"><span -class="tocnumber">6.62</span> <span class="toctext">SecRuleUpdateTargetById</span></a></li> -<li class="toclevel-2"><a href="#SecRuleUpdateTargetByMsg"><span -class="tocnumber">6.63</span> <span class="toctext">SecRuleUpdateTargetByMsg</span></a></li> -<li class="toclevel-2"><a href="#SecRuleUpdateTargetByTag"><span -class="tocnumber">6.64</span> <span class="toctext">SecRuleUpdateTargetByTag</span></a></li> +class="tocnumber">6.55</span> <span class="toctext">SecRuleUpdateTargetById</span></a></li> <li class="toclevel-2"><a href="#SecServerSignature"><span -class="tocnumber">6.65</span> <span class="toctext">SecServerSignature</span></a></li> +class="tocnumber">6.56</span> <span class="toctext">SecServerSignature</span></a></li> <li class="toclevel-2"><a href="#SecStreamInBodyInspection"><span -class="tocnumber">6.66</span> <span class="toctext">SecStreamInBodyInspection</span></a></li> +class="tocnumber">6.57</span> <span class="toctext">SecStreamInBodyInspection</span></a></li> <li class="toclevel-2"><a href="#SecStreamOutBodyInspection"><span -class="tocnumber">6.67</span> <span class="toctext">SecStreamOutBodyInspection</span></a></li> -<li class="toclevel-2"><a href="#SecTmpDir"><span class="tocnumber">6.68</span> +class="tocnumber">6.58</span> <span class="toctext">SecStreamOutBodyInspection</span></a></li> +<li class="toclevel-2"><a href="#SecTmpDir"><span class="tocnumber">6.59</span> <span class="toctext">SecTmpDir</span></a></li> <li class="toclevel-2"><a href="#SecUnicodeMapFile"><span -class="tocnumber">6.69</span> <span class="toctext">SecUnicodeMapFile</span></a></li> +class="tocnumber">6.60</span> <span class="toctext">SecUnicodeMapFile</span></a></li> <li class="toclevel-2"><a href="#SecUnicodeCodePage"><span -class="tocnumber">6.70</span> <span class="toctext">SecUnicodeCodePage</span></a></li> -<li class="toclevel-2"><a href="#SecUploadDir"><span class="tocnumber">6.71</span> +class="tocnumber">6.61</span> <span class="toctext">SecUnicodeCodePage</span></a></li> +<li class="toclevel-2"><a href="#SecUploadDir"><span class="tocnumber">6.62</span> <span class="toctext">SecUploadDir</span></a></li> <li class="toclevel-2"><a href="#SecUploadFileLimit"><span -class="tocnumber">6.72</span> <span class="toctext">SecUploadFileLimit</span></a></li> +class="tocnumber">6.63</span> <span class="toctext">SecUploadFileLimit</span></a></li> <li class="toclevel-2"><a href="#SecUploadFileMode"><span -class="tocnumber">6.73</span> <span class="toctext">SecUploadFileMode</span></a></li> +class="tocnumber">6.64</span> <span class="toctext">SecUploadFileMode</span></a></li> <li class="toclevel-2"><a href="#SecUploadKeepFiles"><span -class="tocnumber">6.74</span> <span class="toctext">SecUploadKeepFiles</span></a></li> -<li class="toclevel-2"><a href="#SecWebAppId"><span class="tocnumber">6.75</span> +class="tocnumber">6.65</span> <span class="toctext">SecUploadKeepFiles</span></a></li> +<li class="toclevel-2"><a href="#SecWebAppId"><span class="tocnumber">6.66</span> <span class="toctext">SecWebAppId</span></a></li> <li class="toclevel-2"><a href="#SecCollectionTimeout"><span -class="tocnumber">6.76</span> <span class="toctext">SecCollectionTimeout</span></a></li> +class="tocnumber">6.67</span> <span class="toctext">SecCollectionTimeout</span></a></li> </ul> </li> <li class="toclevel-1"><a href="#Processing_Phases"><span @@ -451,131 +427,127 @@ <span class="toctext">PERF_PHASE4</span></a></li> <li class="toclevel-2"><a href="#PERF_PHASE5"><span class="tocnumber">8.35</span> <span class="toctext">PERF_PHASE5</span></a></li> -<li class="toclevel-2"><a href="#PERF_RULES"><span class="tocnumber">8.36</span> - <span class="toctext">PERF_RULES</span></a></li> -<li class="toclevel-2"><a href="#PERF_SREAD"><span class="tocnumber">8.37</span> +<li class="toclevel-2"><a href="#PERF_SREAD"><span class="tocnumber">8.36</span> <span class="toctext">PERF_SREAD</span></a></li> -<li class="toclevel-2"><a href="#PERF_SWRITE"><span class="tocnumber">8.38</span> +<li class="toclevel-2"><a href="#PERF_SWRITE"><span class="tocnumber">8.37</span> <span class="toctext">PERF_SWRITE</span></a></li> -<li class="toclevel-2"><a href="#QUERY_STRING"><span class="tocnumber">8.39</span> +<li class="toclevel-2"><a href="#QUERY_STRING"><span class="tocnumber">8.38</span> <span class="toctext">QUERY_STRING</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_ADDR"><span class="tocnumber">8.40</span> +<li class="toclevel-2"><a href="#REMOTE_ADDR"><span class="tocnumber">8.39</span> <span class="toctext">REMOTE_ADDR</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_HOST"><span class="tocnumber">8.41</span> +<li class="toclevel-2"><a href="#REMOTE_HOST"><span class="tocnumber">8.40</span> <span class="toctext">REMOTE_HOST</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_PORT"><span class="tocnumber">8.42</span> +<li class="toclevel-2"><a href="#REMOTE_PORT"><span class="tocnumber">8.41</span> <span class="toctext">REMOTE_PORT</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_USER"><span class="tocnumber">8.43</span> +<li class="toclevel-2"><a href="#REMOTE_USER"><span class="tocnumber">8.42</span> <span class="toctext">REMOTE_USER</span></a></li> -<li class="toclevel-2"><a href="#REQBODY_ERROR"><span class="tocnumber">8.44</span> +<li class="toclevel-2"><a href="#REQBODY_ERROR"><span class="tocnumber">8.43</span> <span class="toctext">REQBODY_ERROR</span></a></li> <li class="toclevel-2"><a href="#REQBODY_ERROR_MSG"><span -class="tocnumber">8.45</span> <span class="toctext">REQBODY_ERROR_MSG</span></a></li> +class="tocnumber">8.44</span> <span class="toctext">REQBODY_ERROR_MSG</span></a></li> <li class="toclevel-2"><a href="#REQBODY_PROCESSOR"><span -class="tocnumber">8.46</span> <span class="toctext">REQBODY_PROCESSOR</span></a></li> +class="tocnumber">8.45</span> <span class="toctext">REQBODY_PROCESSOR</span></a></li> <li class="toclevel-2"><a href="#REQUEST_BASENAME"><span -class="tocnumber">8.47</span> <span class="toctext">REQUEST_BASENAME</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_BODY"><span class="tocnumber">8.48</span> +class="tocnumber">8.46</span> <span class="toctext">REQUEST_BASENAME</span></a></li> +<li class="toclevel-2"><a href="#REQUEST_BODY"><span class="tocnumber">8.47</span> <span class="toctext">REQUEST_BODY</span></a></li> <li class="toclevel-2"><a href="#REQUEST_BODY_LENGTH"><span -class="tocnumber">8.49</span> <span class="toctext">REQUEST_BODY_LENGTH</span></a></li> +class="tocnumber">8.48</span> <span class="toctext">REQUEST_BODY_LENGTH</span></a></li> <li class="toclevel-2"><a href="#REQUEST_COOKIES"><span -class="tocnumber">8.50</span> <span class="toctext">REQUEST_COOKIES</span></a></li> +class="tocnumber">8.49</span> <span class="toctext">REQUEST_COOKIES</span></a></li> <li class="toclevel-2"><a href="#REQUEST_COOKIES_NAMES"><span -class="tocnumber">8.51</span> <span class="toctext">REQUEST_COOKIES_NAMES</span></a></li> +class="tocnumber">8.50</span> <span class="toctext">REQUEST_COOKIES_NAMES</span></a></li> <li class="toclevel-2"><a href="#REQUEST_FILENAME"><span -class="tocnumber">8.52</span> <span class="toctext">REQUEST_FILENAME</span></a></li> +class="tocnumber">8.51</span> <span class="toctext">REQUEST_FILENAME</span></a></li> <li class="toclevel-2"><a href="#REQUEST_HEADERS"><span -class="tocnumber">8.53</span> <span class="toctext">REQUEST_HEADERS</span></a></li> +class="tocnumber">8.52</span> <span class="toctext">REQUEST_HEADERS</span></a></li> <li class="toclevel-2"><a href="#REQUEST_HEADERS_NAMES"><span -class="tocnumber">8.54</span> <span class="toctext">REQUEST_HEADERS_NAMES</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_LINE"><span class="tocnumber">8.55</span> +class="tocnumber">8.53</span> <span class="toctext">REQUEST_HEADERS_NAMES</span></a></li> +<li class="toclevel-2"><a href="#REQUEST_LINE"><span class="tocnumber">8.54</span> <span class="toctext">REQUEST_LINE</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_METHOD"><span class="tocnumber">8.56</span> +<li class="toclevel-2"><a href="#REQUEST_METHOD"><span class="tocnumber">8.55</span> <span class="toctext">REQUEST_METHOD</span></a></li> <li class="toclevel-2"><a href="#REQUEST_PROTOCOL"><span -class="tocnumber">8.57</span> <span class="toctext">REQUEST_PROTOCOL</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_URI"><span class="tocnumber">8.58</span> +class="tocnumber">8.56</span> <span class="toctext">REQUEST_PROTOCOL</span></a></li> +<li class="toclevel-2"><a href="#REQUEST_URI"><span class="tocnumber">8.57</span> <span class="toctext">REQUEST_URI</span></a></li> <li class="toclevel-2"><a href="#REQUEST_URI_RAW"><span -class="tocnumber">8.59</span> <span class="toctext">REQUEST_URI_RAW</span></a></li> -<li class="toclevel-2"><a href="#RESPONSE_BODY"><span class="tocnumber">8.60</span> +class="tocnumber">8.58</span> <span class="toctext">REQUEST_URI_RAW</span></a></li> +<li class="toclevel-2"><a href="#RESPONSE_BODY"><span class="tocnumber">8.59</span> <span class="toctext">RESPONSE_BODY</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_CONTENT_LENGTH"><span -class="tocnumber">8.61</span> <span class="toctext">RESPONSE_CONTENT_LENGTH</span></a></li> +class="tocnumber">8.60</span> <span class="toctext">RESPONSE_CONTENT_LENGTH</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_CONTENT_TYPE"><span -class="tocnumber">8.62</span> <span class="toctext">RESPONSE_CONTENT_TYPE</span></a></li> +class="tocnumber">8.61</span> <span class="toctext">RESPONSE_CONTENT_TYPE</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_HEADERS"><span -class="tocnumber">8.63</span> <span class="toctext">RESPONSE_HEADERS</span></a></li> +class="tocnumber">8.62</span> <span class="toctext">RESPONSE_HEADERS</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_HEADERS_NAMES"><span -class="tocnumber">8.64</span> <span class="toctext">RESPONSE_HEADERS_NAMES</span></a></li> +class="tocnumber">8.63</span> <span class="toctext">RESPONSE_HEADERS_NAMES</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_PROTOCOL"><span -class="tocnumber">8.65</span> <span class="toctext">RESPONSE_PROTOCOL</span></a></li> +class="tocnumber">8.64</span> <span class="toctext">RESPONSE_PROTOCOL</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_STATUS"><span -class="tocnumber">8.66</span> <span class="toctext">RESPONSE_STATUS</span></a></li> -<li class="toclevel-2"><a href="#RULE"><span class="tocnumber">8.67</span> +class="tocnumber">8.65</span> <span class="toctext">RESPONSE_STATUS</span></a></li> +<li class="toclevel-2"><a href="#RULE"><span class="tocnumber">8.66</span> <span class="toctext">RULE</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_BASENAME"><span -class="tocnumber">8.68</span> <span class="toctext">SCRIPT_BASENAME</span></a></li> +class="tocnumber">8.67</span> <span class="toctext">SCRIPT_BASENAME</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_FILENAME"><span -class="tocnumber">8.69</span> <span class="toctext">SCRIPT_FILENAME</span></a></li> -<li class="toclevel-2"><a href="#SCRIPT_GID"><span class="tocnumber">8.70</span> +class="tocnumber">8.68</span> <span class="toctext">SCRIPT_FILENAME</span></a></li> +<li class="toclevel-2"><a href="#SCRIPT_GID"><span class="tocnumber">8.69</span> <span class="toctext">SCRIPT_GID</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_GROUPNAME"><span -class="tocnumber">8.71</span> <span class="toctext">SCRIPT_GROUPNAME</span></a></li> -<li class="toclevel-2"><a href="#SCRIPT_MODE"><span class="tocnumber">8.72</span> +class="tocnumber">8.70</span> <span class="toctext">SCRIPT_GROUPNAME</span></a></li> +<li class="toclevel-2"><a href="#SCRIPT_MODE"><span class="tocnumber">8.71</span> <span class="toctext">SCRIPT_MODE</span></a></li> -<li class="toclevel-2"><a href="#SCRIPT_UID"><span class="tocnumber">8.73</span> +<li class="toclevel-2"><a href="#SCRIPT_UID"><span class="tocnumber">8.72</span> <span class="toctext">SCRIPT_UID</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_USERNAME"><span -class="tocnumber">8.74</span> <span class="toctext">SCRIPT_USERNAME</span></a></li> -<li class="toclevel-2"><a href="#SERVER_ADDR"><span class="tocnumber">8.75</span> +class="tocnumber">8.73</span> <span class="toctext">SCRIPT_USERNAME</span></a></li> +<li class="toclevel-2"><a href="#SERVER_ADDR"><span class="tocnumber">8.74</span> <span class="toctext">SERVER_ADDR</span></a></li> -<li class="toclevel-2"><a href="#SERVER_NAME"><span class="tocnumber">8.76</span> +<li class="toclevel-2"><a href="#SERVER_NAME"><span class="tocnumber">8.75</span> <span class="toctext">SERVER_NAME</span></a></li> -<li class="toclevel-2"><a href="#SERVER_PORT"><span class="tocnumber">8.77</span> +<li class="toclevel-2"><a href="#SERVER_PORT"><span class="tocnumber">8.76</span> <span class="toctext">SERVER_PORT</span></a></li> -<li class="toclevel-2"><a href="#SESSION"><span class="tocnumber">8.78</span> +<li class="toclevel-2"><a href="#SESSION"><span class="tocnumber">8.77</span> <span class="toctext">SESSION</span></a></li> -<li class="toclevel-2"><a href="#SESSIONID"><span class="tocnumber">8.79</span> +<li class="toclevel-2"><a href="#SESSIONID"><span class="tocnumber">8.78</span> <span class="toctext">SESSIONID</span></a></li> <li class="toclevel-2"><a href="#STREAM_INPUT_BODY"><span -class="tocnumber">8.80</span> <span class="toctext">STREAM_INPUT_BODY</span></a></li> +class="tocnumber">8.79</span> <span class="toctext">STREAM_INPUT_BODY</span></a></li> <li class="toclevel-2"><a href="#STREAM_OUTPUT_BODY"><span -class="tocnumber">8.81</span> <span class="toctext">STREAM_OUTPUT_BODY</span></a></li> -<li class="toclevel-2"><a href="#TIME"><span class="tocnumber">8.82</span> +class="tocnumber">8.80</span> <span class="toctext">STREAM_OUTPUT_BODY</span></a></li> +<li class="toclevel-2"><a href="#TIME"><span class="tocnumber">8.81</span> <span class="toctext">TIME</span></a></li> -<li class="toclevel-2"><a href="#TIME_DAY"><span class="tocnumber">8.83</span> +<li class="toclevel-2"><a href="#TIME_DAY"><span class="tocnumber">8.82</span> <span class="toctext">TIME_DAY</span></a></li> -<li class="toclevel-2"><a href="#TIME_EPOCH"><span class="tocnumber">8.84</span> +<li class="toclevel-2"><a href="#TIME_EPOCH"><span class="tocnumber">8.83</span> <span class="toctext">TIME_EPOCH</span></a></li> -<li class="toclevel-2"><a href="#TIME_HOUR"><span class="tocnumber">8.85</span> +<li class="toclevel-2"><a href="#TIME_HOUR"><span class="tocnumber">8.84</span> <span class="toctext">TIME_HOUR</span></a></li> -<li class="toclevel-2"><a href="#TIME_MIN"><span class="tocnumber">8.86</span> +<li class="toclevel-2"><a href="#TIME_MIN"><span class="tocnumber">8.85</span> <span class="toctext">TIME_MIN</span></a></li> -<li class="toclevel-2"><a href="#TIME_MON"><span class="tocnumber">8.87</span> +<li class="toclevel-2"><a href="#TIME_MON"><span class="tocnumber">8.86</span> <span class="toctext">TIME_MON</span></a></li> -<li class="toclevel-2"><a href="#TIME_SEC"><span class="tocnumber">8.88</span> +<li class="toclevel-2"><a href="#TIME_SEC"><span class="tocnumber">8.87</span> <span class="toctext">TIME_SEC</span></a></li> -<li class="toclevel-2"><a href="#TIME_WDAY"><span class="tocnumber">8.89</span> +<li class="toclevel-2"><a href="#TIME_WDAY"><span class="tocnumber">8.88</span> <span class="toctext">TIME_WDAY</span></a></li> -<li class="toclevel-2"><a href="#TIME_YEAR"><span class="tocnumber">8.90</span> +<li class="toclevel-2"><a href="#TIME_YEAR"><span class="tocnumber">8.89</span> <span class="toctext">TIME_YEAR</span></a></li> -<li class="toclevel-2"><a href="#TX"><span class="tocnumber">8.91</span> +<li class="toclevel-2"><a href="#TX"><span class="tocnumber">8.90</span> <span class="toctext">TX</span></a></li> -<li class="toclevel-2"><a href="#UNIQUE_ID"><span class="tocnumber">8.92</span> +<li class="toclevel-2"><a href="#UNIQUE_ID"><span class="tocnumber">8.91</span> <span class="toctext">UNIQUE_ID</span></a></li> <li class="toclevel-2"><a href="#URLENCODED_ERROR"><span -class="tocnumber">8.93</span> <span class="toctext">URLENCODED_ERROR</span></a></li> -<li class="toclevel-2"><a href="#USERID"><span class="tocnumber">8.94</span> +class="tocnumber">8.92</span> <span class="toctext">URLENCODED_ERROR</span></a></li> +<li class="toclevel-2"><a href="#USERID"><span class="tocnumber">8.93</span> <span class="toctext">USERID</span></a></li> -<li class="toclevel-2"><a href="#USERAGENT_IP"><span class="tocnumber">8.95</span> - <span class="toctext">USERAGENT_IP</span></a></li> -<li class="toclevel-2"><a href="#WEBAPPID"><span class="tocnumber">8.96</span> +<li class="toclevel-2"><a href="#WEBAPPID"><span class="tocnumber">8.94</span> <span class="toctext">WEBAPPID</span></a></li> <li class="toclevel-2"><a href="#WEBSERVER_ERROR_LOG"><span -class="tocnumber">8.97</span> <span class="toctext">WEBSERVER_ERROR_LOG</span></a></li> -<li class="toclevel-2"><a href="#XML"><span class="tocnumber">8.98</span> +class="tocnumber">8.95</span> <span class="toctext">WEBSERVER_ERROR_LOG</span></a></li> +<li class="toclevel-2"><a href="#XML"><span class="tocnumber">8.96</span> <span class="toctext">XML</span></a></li> </ul> </li> @@ -656,99 +628,91 @@ <li class="toclevel-1"><a href="#Actions"><span class="tocnumber">10</span> <span class="toctext">Actions</span></a> <ul> -<li class="toclevel-2"><a href="#accuracy"><span class="tocnumber">10.1</span> - <span class="toctext">accuracy</span></a></li> -<li class="toclevel-2"><a href="#allow"><span class="tocnumber">10.2</span> +<li class="toclevel-2"><a href="#allow"><span class="tocnumber">10.1</span> <span class="toctext">allow</span></a></li> -<li class="toclevel-2"><a href="#append"><span class="tocnumber">10.3</span> +<li class="toclevel-2"><a href="#append"><span class="tocnumber">10.2</span> <span class="toctext">append</span></a></li> -<li class="toclevel-2"><a href="#auditlog"><span class="tocnumber">10.4</span> +<li class="toclevel-2"><a href="#auditlog"><span class="tocnumber">10.3</span> <span class="toctext">auditlog</span></a></li> -<li class="toclevel-2"><a href="#block"><span class="tocnumber">10.5</span> +<li class="toclevel-2"><a href="#block"><span class="tocnumber">10.4</span> <span class="toctext">block</span></a></li> -<li class="toclevel-2"><a href="#capture"><span class="tocnumber">10.6</span> +<li class="toclevel-2"><a href="#capture"><span class="tocnumber">10.5</span> <span class="toctext">capture</span></a></li> -<li class="toclevel-2"><a href="#chain"><span class="tocnumber">10.7</span> +<li class="toclevel-2"><a href="#chain"><span class="tocnumber">10.6</span> <span class="toctext">chain</span></a></li> -<li class="toclevel-2"><a href="#ctl"><span class="tocnumber">10.8</span> +<li class="toclevel-2"><a href="#ctl"><span class="tocnumber">10.7</span> <span class="toctext">ctl</span></a></li> -<li class="toclevel-2"><a href="#deny"><span class="tocnumber">10.9</span> +<li class="toclevel-2"><a href="#deny"><span class="tocnumber">10.8</span> <span class="toctext">deny</span></a></li> -<li class="toclevel-2"><a href="#deprecatevar"><span class="tocnumber">10.10</span> +<li class="toclevel-2"><a href="#deprecatevar"><span class="tocnumber">10.9</span> <span class="toctext">deprecatevar</span></a></li> -<li class="toclevel-2"><a href="#drop"><span class="tocnumber">10.11</span> +<li class="toclevel-2"><a href="#drop"><span class="tocnumber">10.10</span> <span class="toctext">drop</span></a></li> -<li class="toclevel-2"><a href="#exec"><span class="tocnumber">10.12</span> +<li class="toclevel-2"><a href="#exec"><span class="tocnumber">10.11</span> <span class="toctext">exec</span></a></li> -<li class="toclevel-2"><a href="#expirevar"><span class="tocnumber">10.13</span> +<li class="toclevel-2"><a href="#expirevar"><span class="tocnumber">10.12</span> <span class="toctext">expirevar</span></a></li> -<li class="toclevel-2"><a href="#id"><span class="tocnumber">10.14</span> +<li class="toclevel-2"><a href="#id"><span class="tocnumber">10.13</span> <span class="toctext">id</span></a></li> -<li class="toclevel-2"><a href="#initcol"><span class="tocnumber">10.15</span> +<li class="toclevel-2"><a href="#initcol"><span class="tocnumber">10.14</span> <span class="toctext">initcol</span></a></li> -<li class="toclevel-2"><a href="#log"><span class="tocnumber">10.16</span> +<li class="toclevel-2"><a href="#log"><span class="tocnumber">10.15</span> <span class="toctext">log</span></a></li> -<li class="toclevel-2"><a href="#logdata"><span class="tocnumber">10.17</span> +<li class="toclevel-2"><a href="#logdata"><span class="tocnumber">10.16</span> <span class="toctext">logdata</span></a></li> -<li class="toclevel-2"><a href="#maturity"><span class="tocnumber">10.18</span> - <span class="toctext">maturity</span></a></li> -<li class="toclevel-2"><a href="#msg"><span class="tocnumber">10.19</span> +<li class="toclevel-2"><a href="#msg"><span class="tocnumber">10.17</span> <span class="toctext">msg</span></a></li> -<li class="toclevel-2"><a href="#multiMatch"><span class="tocnumber">10.20</span> +<li class="toclevel-2"><a href="#multiMatch"><span class="tocnumber">10.18</span> <span class="toctext">multiMatch</span></a></li> -<li class="toclevel-2"><a href="#noauditlog"><span class="tocnumber">10.21</span> +<li class="toclevel-2"><a href="#noauditlog"><span class="tocnumber">10.19</span> <span class="toctext">noauditlog</span></a></li> -<li class="toclevel-2"><a href="#nolog"><span class="tocnumber">10.22</span> +<li class="toclevel-2"><a href="#nolog"><span class="tocnumber">10.20</span> <span class="toctext">nolog</span></a></li> -<li class="toclevel-2"><a href="#pass"><span class="tocnumber">10.23</span> +<li class="toclevel-2"><a href="#pass"><span class="tocnumber">10.21</span> <span class="toctext">pass</span></a></li> -<li class="toclevel-2"><a href="#pause"><span class="tocnumber">10.24</span> +<li class="toclevel-2"><a href="#pause"><span class="tocnumber">10.22</span> <span class="toctext">pause</span></a></li> -<li class="toclevel-2"><a href="#phase"><span class="tocnumber">10.25</span> +<li class="toclevel-2"><a href="#phase"><span class="tocnumber">10.23</span> <span class="toctext">phase</span></a></li> -<li class="toclevel-2"><a href="#prepend"><span class="tocnumber">10.26</span> +<li class="toclevel-2"><a href="#prepend"><span class="tocnumber">10.24</span> <span class="toctext">prepend</span></a></li> -<li class="toclevel-2"><a href="#proxy"><span class="tocnumber">10.27</span> +<li class="toclevel-2"><a href="#proxy"><span class="tocnumber">10.25</span> <span class="toctext">proxy</span></a></li> -<li class="toclevel-2"><a href="#redirect"><span class="tocnumber">10.28</span> +<li class="toclevel-2"><a href="#redirect"><span class="tocnumber">10.26</span> <span class="toctext">redirect</span></a></li> -<li class="toclevel-2"><a href="#rev"><span class="tocnumber">10.29</span> +<li class="toclevel-2"><a href="#rev"><span class="tocnumber">10.27</span> <span class="toctext">rev</span></a></li> -<li class="toclevel-2"><a href="#sanitiseArg"><span class="tocnumber">10.30</span> +<li class="toclevel-2"><a href="#sanitiseArg"><span class="tocnumber">10.28</span> <span class="toctext">sanitiseArg</span></a></li> <li class="toclevel-2"><a href="#sanitiseMatched"><span -class="tocnumber">10.31</span> <span class="toctext">sanitiseMatched</span></a></li> +class="tocnumber">10.29</span> <span class="toctext">sanitiseMatched</span></a></li> <li class="toclevel-2"><a href="#sanitiseMatchedBytes"><span -class="tocnumber">10.32</span> <span class="toctext">sanitiseMatchedBytes</span></a></li> +class="tocnumber">10.30</span> <span class="toctext">sanitiseMatchedBytes</span></a></li> <li class="toclevel-2"><a href="#sanitiseRequestHeader"><span -class="tocnumber">10.33</span> <span class="toctext">sanitiseRequestHeader</span></a></li> +class="tocnumber">10.31</span> <span class="toctext">sanitiseRequestHeader</span></a></li> <li class="toclevel-2"><a href="#sanitiseResponseHeader"><span -class="tocnumber">10.34</span> <span class="toctext">sanitiseResponseHeader</span></a></li> -<li class="toclevel-2"><a href="#severity"><span class="tocnumber">10.35</span> +class="tocnumber">10.32</span> <span class="toctext">sanitiseResponseHeader</span></a></li> +<li class="toclevel-2"><a href="#severity"><span class="tocnumber">10.33</span> <span class="toctext">severity</span></a></li> -<li class="toclevel-2"><a href="#setuid"><span class="tocnumber">10.36</span> +<li class="toclevel-2"><a href="#setuid"><span class="tocnumber">10.34</span> <span class="toctext">setuid</span></a></li> -<li class="toclevel-2"><a href="#setrsc"><span class="tocnumber">10.37</span> - <span class="toctext">setrsc</span></a></li> -<li class="toclevel-2"><a href="#setsid"><span class="tocnumber">10.38</span> +<li class="toclevel-2"><a href="#setsid"><span class="tocnumber">10.35</span> <span class="toctext">setsid</span></a></li> -<li class="toclevel-2"><a href="#setenv"><span class="tocnumber">10.39</span> +<li class="toclevel-2"><a href="#setenv"><span class="tocnumber">10.36</span> <span class="toctext">setenv</span></a></li> -<li class="toclevel-2"><a href="#setvar"><span class="tocnumber">10.40</span> +<li class="toclevel-2"><a href="#setvar"><span class="tocnumber">10.37</span> <span class="toctext">setvar</span></a></li> -<li class="toclevel-2"><a href="#skip"><span class="tocnumber">10.41</span> +<li class="toclevel-2"><a href="#skip"><span class="tocnumber">10.38</span> <span class="toctext">skip</span></a></li> -<li class="toclevel-2"><a href="#skipAfter"><span class="tocnumber">10.42</span> +<li class="toclevel-2"><a href="#skipAfter"><span class="tocnumber">10.39</span> <span class="toctext">skipAfter</span></a></li> -<li class="toclevel-2"><a href="#status"><span class="tocnumber">10.43</span> +<li class="toclevel-2"><a href="#status"><span class="tocnumber">10.40</span> <span class="toctext">status</span></a></li> -<li class="toclevel-2"><a href="#t"><span class="tocnumber">10.44</span> +<li class="toclevel-2"><a href="#t"><span class="tocnumber">10.41</span> <span class="toctext">t</span></a></li> -<li class="toclevel-2"><a href="#tag"><span class="tocnumber">10.45</span> +<li class="toclevel-2"><a href="#tag"><span class="tocnumber">10.42</span> <span class="toctext">tag</span></a></li> -<li class="toclevel-2"><a href="#ver"><span class="tocnumber">10.46</span> - <span class="toctext">ver</span></a></li> -<li class="toclevel-2"><a href="#xmlns"><span class="tocnumber">10.47</span> +<li class="toclevel-2"><a href="#xmlns"><span class="tocnumber">10.43</span> <span class="toctext">xmlns</span></a></li> </ul> </li> @@ -759,67 +723,59 @@ <span class="toctext">beginsWith</span></a></li> <li class="toclevel-2"><a href="#contains"><span class="tocnumber">11.2</span> <span class="toctext">contains</span></a></li> -<li class="toclevel-2"><a href="#containsWord"><span class="tocnumber">11.3</span> - <span class="toctext">containsWord</span></a></li> -<li class="toclevel-2"><a href="#endsWith"><span class="tocnumber">11.4</span> +<li class="toclevel-2"><a href="#endsWith"><span class="tocnumber">11.3</span> <span class="toctext">endsWith</span></a></li> -<li class="toclevel-2"><a href="#eq"><span class="tocnumber">11.5</span> +<li class="toclevel-2"><a href="#eq"><span class="tocnumber">11.4</span> <span class="toctext">eq</span></a></li> -<li class="toclevel-2"><a href="#ge"><span class="tocnumber">11.6</span> +<li class="toclevel-2"><a href="#ge"><span class="tocnumber">11.5</span> <span class="toctext">ge</span></a></li> -<li class="toclevel-2"><a href="#geoLookup"><span class="tocnumber">11.7</span> +<li class="toclevel-2"><a href="#geoLookup"><span class="tocnumber">11.6</span> <span class="toctext">geoLookup</span></a></li> -<li class="toclevel-2"><a href="#gsbLookup"><span class="tocnumber">11.8</span> +<li class="toclevel-2"><a href="#gsbLookup"><span class="tocnumber">11.7</span> <span class="toctext">gsbLookup</span></a></li> -<li class="toclevel-2"><a href="#gt"><span class="tocnumber">11.9</span> +<li class="toclevel-2"><a href="#gt"><span class="tocnumber">11.8</span> <span class="toctext">gt</span></a></li> -<li class="toclevel-2"><a href="#inspectFile"><span class="tocnumber">11.10</span> +<li class="toclevel-2"><a href="#inspectFile"><span class="tocnumber">11.9</span> <span class="toctext">inspectFile</span></a></li> -<li class="toclevel-2"><a href="#ipMatch"><span class="tocnumber">11.11</span> +<li class="toclevel-2"><a href="#ipMatch"><span class="tocnumber">11.10</span> <span class="toctext">ipMatch</span></a></li> -<li class="toclevel-2"><a href="#ipMatchF"><span class="tocnumber">11.12</span> - <span class="toctext">ipMatchF</span></a></li> -<li class="toclevel-2"><a href="#ipMatchFromFile"><span -class="tocnumber">11.13</span> <span class="toctext">ipMatchFromFile</span></a></li> -<li class="toclevel-2"><a href="#le"><span class="tocnumber">11.14</span> +<li class="toclevel-2"><a href="#le"><span class="tocnumber">11.11</span> <span class="toctext">le</span></a></li> -<li class="toclevel-2"><a href="#lt"><span class="tocnumber">11.15</span> +<li class="toclevel-2"><a href="#lt"><span class="tocnumber">11.12</span> <span class="toctext">lt</span></a></li> -<li class="toclevel-2"><a href="#pm"><span class="tocnumber">11.16</span> +<li class="toclevel-2"><a href="#pm"><span class="tocnumber">11.13</span> <span class="toctext">pm</span></a></li> -<li class="toclevel-2"><a href="#pmf"><span class="tocnumber">11.17</span> +<li class="toclevel-2"><a href="#pmf"><span class="tocnumber">11.14</span> <span class="toctext">pmf</span></a></li> -<li class="toclevel-2"><a href="#pmFromFile"><span class="tocnumber">11.18</span> +<li class="toclevel-2"><a href="#pmFromFile"><span class="tocnumber">11.15</span> <span class="toctext">pmFromFile</span></a></li> -<li class="toclevel-2"><a href="#rbl"><span class="tocnumber">11.19</span> +<li class="toclevel-2"><a href="#rbl"><span class="tocnumber">11.16</span> <span class="toctext">rbl</span></a></li> -<li class="toclevel-2"><a href="#rsub"><span class="tocnumber">11.20</span> +<li class="toclevel-2"><a href="#rsub"><span class="tocnumber">11.17</span> <span class="toctext">rsub</span></a></li> -<li class="toclevel-2"><a href="#rx"><span class="tocnumber">11.21</span> +<li class="toclevel-2"><a href="#rx"><span class="tocnumber">11.18</span> <span class="toctext">rx</span></a></li> -<li class="toclevel-2"><a href="#streq"><span class="tocnumber">11.22</span> +<li class="toclevel-2"><a href="#streq"><span class="tocnumber">11.19</span> <span class="toctext">streq</span></a></li> -<li class="toclevel-2"><a href="#strmatch"><span class="tocnumber">11.23</span> +<li class="toclevel-2"><a href="#strmatch"><span class="tocnumber">11.20</span> <span class="toctext">strmatch</span></a></li> <li class="toclevel-2"><a href="#validateByteRange"><span -class="tocnumber">11.24</span> <span class="toctext">validateByteRange</span></a></li> -<li class="toclevel-2"><a href="#validateDTD"><span class="tocnumber">11.25</span> +class="tocnumber">11.21</span> <span class="toctext">validateByteRange</span></a></li> +<li class="toclevel-2"><a href="#validateDTD"><span class="tocnumber">11.22</span> <span class="toctext">validateDTD</span></a></li> -<li class="toclevel-2"><a href="#validateEncryption"><span -class="tocnumber">11.26</span> <span class="toctext">validateEncryption</span></a></li> -<li class="toclevel-2"><a href="#validateSchema"><span class="tocnumber">11.27</span> +<li class="toclevel-2"><a href="#validateSchema"><span class="tocnumber">11.23</span> <span class="toctext">validateSchema</span></a></li> <li class="toclevel-2"><a href="#validateUrlEncoding"><span -class="tocnumber">11.28</span> <span class="toctext">validateUrlEncoding</span></a></li> +class="tocnumber">11.24</span> <span class="toctext">validateUrlEncoding</span></a></li> <li class="toclevel-2"><a href="#validateUtf8Encoding"><span -class="tocnumber">11.29</span> <span class="toctext">validateUtf8Encoding</span></a></li> -<li class="toclevel-2"><a href="#verifyCC"><span class="tocnumber">11.30</span> +class="tocnumber">11.25</span> <span class="toctext">validateUtf8Encoding</span></a></li> +<li class="toclevel-2"><a href="#verifyCC"><span class="tocnumber">11.26</span> <span class="toctext">verifyCC</span></a></li> -<li class="toclevel-2"><a href="#verifyCPF"><span class="tocnumber">11.31</span> +<li class="toclevel-2"><a href="#verifyCPF"><span class="tocnumber">11.27</span> <span class="toctext">verifyCPF</span></a></li> -<li class="toclevel-2"><a href="#verifySSN"><span class="tocnumber">11.32</span> +<li class="toclevel-2"><a href="#verifySSN"><span class="tocnumber">11.28</span> <span class="toctext">verifySSN</span></a></li> -<li class="toclevel-2"><a href="#within"><span class="tocnumber">11.33</span> +<li class="toclevel-2"><a href="#within"><span class="tocnumber">11.29</span> <span class="toctext">within</span></a></li> </ul> </li> @@ -848,9 +804,9 @@ <a name="ModSecurity.C2.AE_Reference_Manual" id="ModSecurity.C2.AE_Reference_Manual"></a><h1> <span class="mw-headline"> ModSecurity® Reference Manual </span></h1> -<a name="Current_as_of_v2.5.13_v2.6_and_v2.7" -id="Current_as_of_v2.5.13_v2.6_and_v2.7"></a><h2> <span -class="mw-headline"> Current as of v2.5.13 v2.6 and v2.7 </span></h2> +<a name="Current_as_of_v2.5.13_and_v2.6" +id="Current_as_of_v2.5.13_and_v2.6"></a><h2> <span class="mw-headline"> +Current as of v2.5.13 and v2.6 </span></h2> <a name="Copyright_.C2.A9_2004-2011_Trustwave_Holdings.2C_Inc." id="Copyright_.C2.A9_2004-2011_Trustwave_Holdings.2C_Inc."></a><h3> <span class="mw-headline"> Copyright © 2004-2011 <a @@ -1243,18 +1199,6 @@ title="http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf" rel="nofollow">http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf</a> </dd></dl> -<dl><dd> Starting with ModSecurity 2.7.0 there are a few important -configuration options -</dd></dl> -<ol><li><b>--enable-pcre-jit</b> - Enables JIT support from pcre >= -8.20 that can improve regex performance. -</li><li><b>--enable-cache-lua</b> - Enables lua vm caching that can -improve lua script performance. Difference just appears if ModSecurity -must run more than one script per transaction. -</li><li><b>--enable-request-early</b> - On ModSecuricy 2.6 phase one -has been moved to phase 2 hook, if you want to play around it use this -option. -</li></ol> <a name="Configuration_Directives" id="Configuration_Directives"></a><h1> <span class="mw-headline"> Configuration Directives </span></h1> <p>The following section outlines all of the ModSecurity directives. @@ -1301,7 +1245,7 @@ for application/x-www-form- urlencoded content. </p><p><b>Syntax:</b> <code>SecArgumentSeparator character</code> </p><p><b>Default:</b> & -</p><p><b>Scope:</b> Main(< 2.7.0), Any(2.7.0) +</p><p><b>Scope:</b> Main </p><p><b>Version:</b> 2.0.0 </p><p>This directive is needed if a backend web application is using a nonstandard argument separator. Applications are sometimes (very rarely) @@ -1728,7 +1672,7 @@ frontend compression enabled. </p><p><b>Syntax:</b> <code>SecDisableBackendCompression On|Off </code> </p><p><b>Scope:</b> Any -</p><p><b>Version:</b> 2.6.0 +</p><p><b>Version:</b> Development trunk </p><p><b>Default:</b> Off </p><p>This directive is necessary in reverse proxy mode when the backend servers support response compression, but you wish to inspect @@ -1737,100 +1681,6 @@ directive is not necessary in embedded mode, because ModSecurity performs inspection before response compression takes place. </p> -<a name="SecEncryptionEngine" id="SecEncryptionEngine"></a><h2> <span -class="mw-headline"> SecEncryptionEngine </span></h2> -<p><b>Description:</b> Configures the encryption engine. -</p><p><b>Syntax:</b> <code>SecEncryptionEngine On|Off</code> -</p><p><b>Example Usage:</b> <code>SecEncryptionEngine On </code> -</p><p><b>Scope</b>: Any -</p><p><b>Version:</b> 2.7 -</p><p><b>Default:</b> Off -</p><p>The possible values are: -</p> -<ul><li><b>On</b>: Encryption engine can process the request/response -data. -</li><li><b>Off</b>: Encryption engine will not process any data. -</li></ul> -<dl><dt> Note </dt><dd> Users must enable stream output variables -and content injection. -</dd></dl> -<a name="SecEncryptionKey" id="SecEncryptionKey"></a><h2> <span -class="mw-headline"> SecEncryptionKey </span></h2> -<p><b>Description:</b> Define the key that will be used by HMAC. -</p><p><b>Syntax:</b> <code>SecEncryptionKey rand|TEXT -KeyOnly|SessionID|RemoteIP</code> -</p><p><b>Example Usage:</b> <code>SecEncryptionKey "this_is_my_key" -KeyOnly</code> -</p><p><b>Scope</b>: Any -</p><p><b>Version:</b> 2.7 -</p><p>ModSecurity encryption engine will append, if specified, the -user's session id or remote ip to the key before the MAC operation. If -the first parameter is "rand" then a random key will be generated and -used by the engine. -</p><p><br> -</p> -<a name="SecEncryptionParam" id="SecEncryptionParam"></a><h2> <span -class="mw-headline"> SecEncryptionParam </span></h2> -<p><b>Description:</b> Define the parameter name that will receive the -MAC hash. -</p><p><b>Syntax:</b> <code>SecEncryptionParam TEXT</code> -</p><p><b>Example Usage:</b> <code>SecEncryptionKey "hmac"</code> -</p><p><b>Scope</b>: Any -</p><p><b>Version:</b> 2.7 -</p><p>ModSecurity encryption engine will add a new parameter to -protected HTML elements containing the MAC hash. -</p> -<a name="SecEncryptionMethodRx" id="SecEncryptionMethodRx"></a><h2> <span - class="mw-headline"> SecEncryptionMethodRx </span></h2> -<p><b>Description:</b> Configures what kind of HTML data the encryption -engine should sign based on regular expression. -</p><p><b>Syntax:</b> <code>SecEncryptionMethodRx TYPE REGEX</code> -</p><p><b>Example Usage</b>: <code>SecEncryptionMethodRx HashHref -"product_info|list_product"</code> -</p><p><b>Scope:</b> Any -</p><p><b>Version:</b> 2.7.0 -</p><p>As a initial support is possible to protect HREF, FRAME, IFRAME -and FORM ACTION html elements as well response Location header when http - redirect code are sent. -</p><p>The possible values for TYPE are: -</p> -<ul><li><b>HashHref</b>: Used to sign href= html elements -</li><li><b>HashFormAction</b>: Used to sign form action= html elements -</li><li><b>HashIframeSrc</b>: Used to sign iframe src= html elements -</li><li><b>HashframeSrc</b>: Used to sign frame src= html elements -</li><li><b>HashLocation</b>: Used to sign Location response header -</li></ul> -<dl><dt> Note </dt><dd> This directive is used to sign the elements - however user must use the @validateEncryption operator to enforce data -integrity. -</dd></dl> -<p><br> -</p> -<a name="SecEncryptionMethodPm" id="SecEncryptionMethodPm"></a><h2> <span - class="mw-headline"> SecEncryptionMethodPm </span></h2> -<p><b>Description:</b> Configures what kind of HTML data the encryption -engine should sign based on string search algoritm. -</p><p><b>Syntax:</b> <code>SecEncryptionMethodRx TYPE "string1 string2 -string3..."</code> -</p><p><b>Example Usage</b>: <code>SecEncryptionMethodRx HashHref -"product_info list_product"</code> -</p><p><b>Scope:</b> Any -</p><p><b>Version:</b> 2.7.0 -</p><p>As a initial support is possible to protect HREF, FRAME, IFRAME -and FORM ACTION html elements as well response Location header when http - redirect code are sent. -</p><p>The possible values for TYPE are: -</p> -<ul><li><b>HashHref</b>: Used to sign href= html elements -</li><li><b>HashFormAction</b>: Used to sign form action= html elements -</li><li><b>HashIframeSrc</b>: Used to sign iframe src= html elements -</li><li><b>HashframeSrc</b>: Used to sign frame src= html elements -</li><li><b>HashLocation</b>: Used to sign Location response header -</li></ul> -<dl><dt> Note </dt><dd> This directive is used to sign the elements - however user must use the @validateEncryption operator to enforce data -integrity. -</dd></dl> <a name="SecGeoLookupDb" id="SecGeoLookupDb"></a><h2> <span class="mw-headline"> SecGeoLookupDb </span></h2> <p><b>Description</b>: Defines the path to the database that will be @@ -1860,11 +1710,9 @@ autonumber" title="http://code.google.com/apis/safebrowsing/" rel="nofollow">[3]</a>. </p> -<dl><dt> Note </dt><dd> Deprecated in 2.7.0 after Google dev team -decided to not allow the database download anymore. After registering -and obtaining a Safe Browsing API key, you can automatically download -the GSB using a tool like wget (where <i><b>KEY</b></i> is your own API -key): +<dl><dt> Note </dt><dd> After registering and obtaining a Safe +Browsing API key, you can automatically download the GSB using a tool +like wget (where <i><b>KEY</b></i> is your own API key): </dd></dl> <p><code>wget <a href="http://sb.google.com/safebrowsing/update?client=api&apikey=KEY&version=goog-malware-hash:1:-1" @@ -2081,15 +1929,6 @@ title="http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html" rel="nofollow">http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html</a> </p> -<a name="SecSensorId" id="SecSensorId"></a><h2> <span -class="mw-headline"> SecSensorId </span></h2> -<p><b>Description:</b> Define a sensor ID that will be present into log -part H. -</p><p><b>Syntax:</b> <code>SecSensorId TEXT </code> -</p><p><b>Example Usage</b>: <code>SecSensorId WAFSensor01 </code> -</p><p><b>Scope</b>: Main -</p><p><b>Version</b>: 2.7.0 -</p> <a name="SecWriteStateLimit" id="SecWriteStateLimit"></a><h2> <span class="mw-headline"> SecWriteStateLimit </span></h2> <p><b>Description:</b> Establishes a per-IP address limit of how many @@ -2348,16 +2187,6 @@ </li><li><b>DetectionOnly</b>: process rules but never executes any disruptive actions (block, deny, drop, allow, proxy and redirect) </li></ul> -<a name="SecRulePerfTime" id="SecRulePerfTime"></a><h2> <span -class="mw-headline"> SecRulePerfTime </span></h2> -<p><b>Description:</b> Set a performance threshold for rules. Rules that - spends too much time will be logged into audit log Part H in the format - id=usec. -</p><p><b>Syntax:</b> <code>SecRulePerfTime USECS </code> -</p><p><b>Example Usage:</b> <code>SecRulePerfTime 1000 </code> -</p><p><b>Scope:</b> Any -</p><p><b>Version:</b> 2.7 -</p> <a name="SecRuleRemoveById" id="SecRuleRemoveById"></a><h2> <span class="mw-headline"> SecRuleRemoveById </span></h2> <p><b>Description:</b> Removes the matching rules from the current @@ -2561,7 +2390,7 @@ </p><p><b>Version:</b> 2.6 </p><p>This directive will append (or replace) variables to the current target list of the specified rule with the targets provided in the -second parameter. Starting with 2.7.0 this feature supports id range. +second parameter. </p><p><b>Explicitly Appending Targets</b> </p><p>This is useful for implementing exceptions where you want to externally update a target list to exclude inspection of specific @@ -2610,107 +2439,6 @@ </p> <pre>SecRule REQUEST_FILENAME "@streq /path/to/file.php" "phase:1,t:none,nolog,pass,ctl:ruleUpdateTargetById=958895;REQUEST_URI;REQUEST_FILENAME" </pre> -<dl><dt> Note </dt><dd> This ctl is deprecated and will be removed -from the code, since we cannot use it per-transaction. -</dd></dl> -<a name="SecRuleUpdateTargetByMsg" id="SecRuleUpdateTargetByMsg"></a><h2> - <span class="mw-headline"> SecRuleUpdateTargetByMsg </span></h2> -<p><b>Description:</b> Updates the target (variable) list of the -specified rule by rule message. -</p><p><b>Syntax:</b> <code>SecRuleUpdateTargetByMsg TEXT -TARGET1[,TARGET2,TARGET3] REPLACED_TARGET</code> -</p><p><b>Example Usage:</b> <code>SecRuleUpdateTargetByMsg "Cross-site -Scripting (XSS) Attack" "!ARGS:foo"</code> -</p><p><b>Scope:</b> Any -</p><p><b>Version:</b> 2.7 -</p><p>This directive will append (or replace) variables to the current -target list of the specified rule with the targets provided in the -second parameter. -</p><p><b>Explicitly Appending Targets</b> -</p><p>This is useful for implementing exceptions where you want to -externally update a target list to exclude inspection of specific -variable(s). -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}" - -SecRuleUpdateTargetByMsg "System Command Injection" !ARGS:email -</pre> -<p>The effective resulting rule in the previous example will append the -target to the end of the variable list as follows: -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:email "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}"" -</pre> -<p><b>Explicitly Replacing Targets</b> -</p><p>You can also entirely replace the target list to something more -appropriate for your environment. For example, lets say you want to -inspect REQUEST_URI instead of REQUEST_FILENAME, you could do this: -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}" - -SecRuleUpdateTargetByMsg "System Command Injection" REQUEST_URI REQUEST_FILENAME -</pre> -<p>The effective resulting rule in the previous example will append the -target to the end of the variable list as follows: -</p> -<pre>SecRule REQUEST_URI|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}"" -</pre> -<a name="SecRuleUpdateTargetByTag" id="SecRuleUpdateTargetByTag"></a><h2> - <span class="mw-headline"> SecRuleUpdateTargetByTag </span></h2> -<p><b>Description:</b> Updates the target (variable) list of the -specified rule by rule tag. -</p><p><b>Syntax:</b> <code>SecRuleUpdateTargetByTag TEXT -TARGET1[,TARGET2,TARGET3] REPLACED_TARGET</code> -</p><p><b>Example Usage:</b> <code>SecRuleUpdateTargetByTag -"WEB_ATTACK/XSS" "!ARGS:foo"</code> -</p><p><b>Scope:</b> Any -</p><p><b>Version:</b> 2.7 -</p><p>This directive will append (or replace) variables to the current -target list of the specified rule with the targets provided in the -second parameter. -</p><p><b>Explicitly Appending Targets</b> -</p><p>This is useful for implementing exceptions where you want to -externally update a target list to exclude inspection of specific -variable(s). -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}" - -SecRuleUpdateTargetByTag "WASCTC/WASC-31" !ARGS:email -</pre> -<p>The effective resulting rule in the previous example will append the -target to the end of the variable list as follows: -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:email "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}"" -</pre> -<p><b>Explicitly Replacing Targets</b> -</p><p>You can also entirely replace the target list to something more -appropriate for your environment. For example, lets say you want to -inspect REQUEST_URI instead of REQUEST_FILENAME, you could do this: -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}" - -SecRuleUpdateTargetByTag "WASCTC/WASC-31" REQUEST_URI REQUEST_FILENAME -</pre> -<p>The effective resulting rule in the previous example will append the -target to the end of the variable list as follows: -</p> -<pre>SecRule REQUEST_URI|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \ - "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=% -{tx.0}"" -</pre> <a name="SecServerSignature" id="SecServerSignature"></a><h2> <span class="mw-headline"> SecServerSignature </span></h2> <p><b>Description:</b> Instructs ModSecurity to change the data @@ -2917,7 +2645,7 @@ <p>Below is a diagram of the standard Apache Request Cycle. In the diagram, the 5 ModSecurity processing phases are shown. </p><p><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=File:Apache_request_cycle-modsecurity.jpg" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=File:Apache_request_cycle-modsecurity.jpg" class="image" title="Apache request cycle-modsecurity.jpg"><img alt="" src="Reference_Manual_files/600px-Apache_request_cycle-modsecurity.jpg" height="459" width="600" border="0"></a> @@ -3108,9 +2836,6 @@ <p>Contains the number of milliseconds elapsed since the beginning of the current transaction. Available starting with 2.6.0. </p> -<dl><dt> Note </dt><dd> Starting with ModSecurity 2.7.0 the time is - microseconds. -</dd></dl> <a name="ENV" id="ENV"></a><h2> <span class="mw-headline"> ENV </span></h2> <p>Collection that provides access to environment variables set by ModSecurity. Requires a single parameter to specify the name of the @@ -3385,12 +3110,6 @@ <p>Contains the time, in microseconds, spent processing phase 5. Available starting with 2.6. </p> -<a name="PERF_RULES" id="PERF_RULES"></a><h2> <span class="mw-headline"> - PERF_RULES </span></h2> -<p>Contains the time of rules, in microseconds. Available starting with -2.7. -</p><p><code>SecRule PERF_RULES "@gt 1000" "id:12345,phase:5"</code> -</p> <a name="PERF_SREAD" id="PERF_SREAD"></a><h2> <span class="mw-headline"> PERF_SREAD </span></h2> <p>Contains the time, in microseconds, spent reading from persistent @@ -3898,12 +3617,6 @@ # Is the current user the administrator? SecRule USERID "admin" </pre> -<a name="USERAGENT_IP" id="USERAGENT_IP"></a><h2> <span -class="mw-headline"> USERAGENT_IP </span></h2> -<p>This variable is created when running modsecurity with apache2.4 and -will contains the client ip address set by mod_remoteip in proxied -connections. -</p> <a name="WEBAPPID" id="WEBAPPID"></a><h2> <span class="mw-headline"> WEBAPPID </span></h2> <p>This variable contains the current application name, which is set in @@ -4270,7 +3983,7 @@ <dl><dt> Note </dt><dd> <b>Disruptive actions will NOT be executed if the SecRuleEngine is set to DetectionOnly</b>. If you are creating exception/whitelisting rules that use the allow action, you should also -add the ctl:ruleEngine=On action to execute the action. +add the ctl:ruleEngine=DetectionOnly action to execute the action. </dd></dl> <ul><li> <b>Non-disruptive action</b>s - Do something, but that something does not and cannot affect the rule processing flow. Setting a @@ -4287,20 +4000,6 @@ action holds the status that will be used for blocking (if it takes place). </li></ul> -<a name="accuracy" id="accuracy"></a><h2> <span class="mw-headline"> -accuracy </span></h2> -<p><b>Description:</b> Specifies the relative accuracy level of the rule - related to false positives/negatives. The value is a string based on a - numeric scale (1-9 where 9 is very strong and 1 has many false -positives). -</p><p><b>Action Group:</b> Meta-data -</p><p><b>Version:</b> 2.7 -</p><p><b>Example:</b> -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bgetparentfolder\b" \ - "phase:2,ver:'CRS/2.2.4,accuracy:'9',maturity:'9',capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,block,msg:'Cross-site Scripting (XSS) Attack',id:'958016',tag:'WEB_ATTACK/XSS',tag:'WASCTC/WASC-8',tag:'WASCTC/WASC-22',tag:'OWASP_TOP_10/A2',tag:'OWASP_AppSensor/IE1',tag:'PCI/6.5.1',logdata:'% \ -{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}" -</pre> <a name="allow" id="allow"></a><h2> <span class="mw-headline"> allow </span></h2> <p><b>Description:</b> Stops rule processing on a successful match and allows the transaction to proceed. @@ -4496,13 +4195,7 @@ </li><li><b>ruleRemoveById</b> - since this action us triggered at run time, it should be specified <b>before</b> the rule in which it is disabling. -</li><li><b>ruleUpdateTargetById</b> - This is deprecated and will be -removed from the code. Use ruleRemoveTargetById for per-request -exceptions. -</li><li><b>ruleRemoveTargetById</b> -</li><li><b>ruleRemoveByMsg</b> -</li><li><b>encryptionEngine</b> -</li><li><b>encryptionEnforcement</b> +</li><li><b>ruleUpdateTargetById</b> </li></ol> <p>With the exception of the requestBodyProcessor and forceRequestBodyVariable settings, each configuration option corresponds @@ -4611,8 +4304,7 @@ </p> <a name="id" id="id"></a><h2> <span class="mw-headline"> id </span></h2> <p><b>Description</b>: Assigns a unique ID to the rule or chain in which - it appears. Starting with ModSecurity 2.7 this action is mandatory and -must be numeric. + it appears. </p><p><b>Action Group:</b> Meta-data </p><p><b>Example:</b> </p> @@ -4632,22 +4324,14 @@ href="http://projects.otaku42.de/wiki/Scally-Whack" class="external autonumber" title="http://projects.otaku42.de/wiki/Scally-Whack" rel="nofollow">[9]</a> -</li><li>430,000–439,999: reserved for rules published by Flameeyes <a -href="http://www.flameeyes.eu/projects/modsec" class="external -autonumber" title="http://www.flameeyes.eu/projects/modsec" -rel="nofollow">[10]</a> -</li><li>440.000-599,999: unused (available for reservation) -</li><li>600,000-699,999: reserved for use by Akamai <a -href="http://www.akamai.com/html/solutions/waf.html" class="external -autonumber" title="http://www.akamai.com/html/solutions/waf.html" -rel="nofollow">[11]</a> +</li><li>430,000–699,999: unused (available for reservation) </li><li>700,000–799,999: reserved for Ivan Ristic </li><li>900,000–999,999: reserved for the OWASP ModSecurity Core Rule Set <a href="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" class="external autonumber" title="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" - rel="nofollow">[12]</a> project + rel="nofollow">[10]</a> project </li><li>1,000,000-1,999,999: unused (available for reservation) </li><li>2,000,000-2,999,999: reserved for rules from Trustwave's SpiderLabs Research team @@ -4693,21 +4377,6 @@ as %{TX.0} or %{MATCHED_VAR}. The information is properly escaped for use with logging of binary data. </p> -<a name="maturity" id="maturity"></a><h2> <span class="mw-headline"> -maturity </span></h2> -<p><b>Description:</b> Specifies the relative maturity level of the rule - related to the length of time a rule has been public and the amount of -testing it has received. The value is a string based on a numeric scale - (1-9 where 9 is extensively tested and 1 is a brand new experimental -rule). -</p><p><b>Action Group:</b> Meta-data -</p><p><b>Version:</b> 2.7 -</p><p><b>Example:</b> -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bgetparentfolder\b" \ - "phase:2,ver:'CRS/2.2.4,accuracy:'9',maturity:'9',capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,block,msg:'Cross-site Scripting (XSS) Attack',id:'958016',tag:'WEB_ATTACK/XSS',tag:'WASCTC/WASC-8',tag:'WASCTC/WASC-22',tag:'OWASP_TOP_10/A2',tag:'OWASP_AppSensor/IE1',tag:'PCI/6.5.1',logdata:'% \ -{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}" -</pre> <a name="msg" id="msg"></a><h2> <span class="mw-headline"> msg </span></h2> <p><b>Description:</b> Assigns a custom message to the rule or chain in which it appears. The message will be logged along with every alert. @@ -4786,8 +4455,7 @@ </pre> <a name="pause" id="pause"></a><h2> <span class="mw-headline"> pause </span></h2> <p><b>Description:</b> Pauses transaction processing for the specified -number of milliseconds. Starting with ModSecurity 2.7 this feature also -supports macro expansion. +number of milliseconds. </p><p><b>Action Group:</b> Non-disruptive </p><p><b>Example:</b> </p> @@ -4810,17 +4478,6 @@ <pre># Initialize IP address tracking in phase 1 SecAction phase:1,nolog,pass,initcol:IP=%{REMOTE_ADDR} </pre> -<p>Starting in ModSecurity version v2.7 there are aliases for some phase - numbers: -</p> -<ul><li><b>2 - request</b> -</li><li><b>4 - response</b> -</li><li><b>5 - logging</b> -</li></ul> -<p><b>Example:</b> -</p> -<pre>SecRule REQUEST_HEADERS:User-Agent "Test" "phase:request,log,deny" -</pre> <dl><dt> Warning </dt><dd> Keep in mind that if you specify the incorrect phase, the variable used in the rule may not yet be available. This could lead to a false negative situation where your variable and @@ -5027,17 +4684,6 @@ application namespaces (configured using SecWebAppId), and will use one if it is configured. </p> -<a name="setrsc" id="setrsc"></a><h2> <span class="mw-headline"> setrsc </span></h2> -<p><b>Description:</b> Special-purpose action that initializes the -RESOURCE collection using a key provided as parameter. -</p><p><b>Action Group:</b> Non-disruptive -</p><p><b>Example:</b> -</p> -<pre>SecAction "phase:1,pass,id:3,log,setrsc:'abcd1234'" -</pre> -<p>This action understands application namespaces (configured using -SecWebAppId), and will use one if it is configured. -</p> <a name="setsid" id="setsid"></a><h2> <span class="mw-headline"> setsid </span></h2> <p><b>Description:</b> Special-purpose action that initializes the SESSION collection using the session token provided as parameter. @@ -5184,16 +4830,6 @@ slashes to create a hierarchy of categories (as in the example). Since ModSecurity 2.6.0 tag supports macro expansion. </p> -<a name="ver" id="ver"></a><h2> <span class="mw-headline"> ver </span></h2> -<p><b>Description:</b> Specifies the rule set version. -</p><p><b>Action Group:</b> Meta-data -</p><p><b>Version:</b> 2.7 -</p><p><b>Example:</b> -</p> -<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bgetparentfolder\b" \ - "phase:2,ver:'CRS/2.2.4,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,block,msg:'Cross-site Scripting (XSS) Attack',id:'958016',tag:'WEB_ATTACK/XSS',tag:'WASCTC/WASC-8',tag:'WASCTC/WASC-22',tag:'OWASP_TOP_10/A2',tag:'OWASP_AppSensor/IE1',tag:'PCI/6.5.1',logdata:'% \ -{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}" -</pre> <a name="xmlns" id="xmlns"></a><h2> <span class="mw-headline"> xmlns </span></h2> <p><b>Description:</b> Configures an XML namespace, which will be used in the execution of XPath expressions. @@ -5229,24 +4865,6 @@ <pre># Detect ".php" anywhere in the request line SecRule REQUEST_LINE "@contains .php" </pre> -<a name="containsWord" id="containsWord"></a><h2> <span -class="mw-headline"> containsWord </span></h2> -<p><b>Description:</b> Returns true if the parameter string (with word -boundaries) is found anywhere in the input. Macro expansion is performed - on the parameter string before comparison. -</p><p><b>Example:</b> -</p> -<pre># Detect "select" anywhere in ARGS -SecRule ARGS "@containsWord select" -</pre> -<p>Would match on - <br> --1 union <b>select</b> -BENCHMARK(2142500,MD5(CHAR(115,113,108,109,97,112))) FROM wp_users WHERE - ID=1 and (ascii(substr(user_login,1,1))&0x01=0) from wp_users where - ID=1-- -</p><p>But not on - <br> -Your site has a wide <b>select</b>ion of computers. -</p> <a name="endsWith" id="endsWith"></a><h2> <span class="mw-headline"> endsWith </span></h2> <p><b>Description:</b> Returns true if the parameter string is found at @@ -5349,7 +4967,7 @@ href="http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/util/" class="external autonumber" title="http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/util/" - rel="nofollow">[13]</a> that allows the file approval mechanism to + rel="nofollow">[11]</a> that allows the file approval mechanism to integrate with the ClamAV virus scanner. This is especially handy to prevent viruses and exploits from entering the web server through file upload. @@ -5447,31 +5065,6 @@ </p> <pre>SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24" </pre> -<a name="ipMatchF" id="ipMatchF"></a><h2> <span class="mw-headline"> -ipMatchF </span></h2> -<p>short alias for ipMatchFromFile -</p> -<a name="ipMatchFromFile" id="ipMatchFromFile"></a><h2> <span -class="mw-headline"> ipMatchFromFile </span></h2> -<p><b>Description:</b> Performs a fast ipv4 or ipv6 match of REMOTE_ADDR - variable, loading data from a file. Can handle the following formats: -</p> -<ul><li>Full IPv4 Address - 192.168.1.100 -</li><li>Network Block/CIDR Address - 192.168.1.0/24 -</li><li>Full IPv6 Address - 2001:db8:85a3:8d3:1319:8a2e:370:7348 -</li><li>Network Block/CIDR Address - -2001:db8:85a3:8d3:1319:8a2e:370:0/24 -</li></ul> -<p><b>Examples:</b> -</p> -<pre>SecRule REMOTE_ADDR "@ipMatch ips.txt" -</pre> -<p>The file ips.txt may contain: -</p> -<pre>192.168.0.1 -172.16.0.0/16 -10.0.0.0/8 -</pre> <a name="le" id="le"></a><h2> <span class="mw-headline"> le </span></h2> <p><b>Description:</b> Performs numerical comparison and returns true if the input value is less than or equal to the operator parameter. Macro @@ -5598,9 +5191,7 @@ <a name="rsub" id="rsub"></a><h2> <span class="mw-headline"> rsub </span></h2> <p><b>Description</b>: Performs regular expression data substitution when applied to either the STREAM_INPUT_BODY or STREAM_OUTPUT_BODY -variables. This operator also supports macro expansion. Starting with -ModSecurity 2.7.0 this operator supports the syntax |hex| allowing users - to use special chars like \n \r +variables. This operator also supports macro expansion. </p><p><b>Syntax:</b> <code>@rsub s/regex/str/[id]</code> </p><p><b>Examples:</b> Removing HTML Comments from response bodies: @@ -5614,7 +5205,7 @@ </dd></dl> <p>Regular expressions are handled by the PCRE library <a href="http://www.pcre.org/" class="external autonumber" -title="http://www.pcre.org" rel="nofollow">[14]</a>. ModSecurity +title="http://www.pcre.org" rel="nofollow">[12]</a>. ModSecurity compiles its regular expressions with the following settings: </p> <ol><li>The entire input is treated as a single line, even when there @@ -5652,7 +5243,7 @@ </pre> <p>Regular expressions are handled by the PCRE library <a href="http://www.pcre.org/" class="external autonumber" -title="http://www.pcre.org" rel="nofollow">[15]</a>. ModSecurity +title="http://www.pcre.org" rel="nofollow">[13]</a>. ModSecurity compiles its regular expressions with the following settings: </p> <ol><li>The entire input is treated as a single line, even when there @@ -5749,15 +5340,6 @@ # Validate XML payload against DTD SecRule XML "@validateDTD /path/to/xml.dtd" "phase:2,deny,msg:'Failed DTD validation'" </pre> -<a name="validateEncryption" id="validateEncryption"></a><h2> <span -class="mw-headline"> validateEncryption </span></h2> -<p><b>Description:</b> Validates REQUEST_URI that contains data -protected by the encryption engine. -</p><p><b>Example:</b> -</p> -<pre># Validates requested URI that matches a regular expression. -SecRule REQUEST_URI "@validateEncryption "product_info|product_list" "phase:1,deny,id:123456" -</pre> <a name="validateSchema" id="validateSchema"></a><h2> <span class="mw-headline"> validateSchema </span></h2> <p><b>Description:</b> Validates the XML DOM tree against the supplied @@ -6233,16 +5815,16 @@ <!-- NewPP limit report -Preprocessor node count: 793/1000000 +Preprocessor node count: 723/1000000 Post-expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Expensive parser function count: 0/100 --> -<!-- Saved in parser cache with key p_mod-security_mediawiki:pcache:idhash:12-0!1!0!!en!2!printable=1 and timestamp 20120723175510 --> +<!-- Saved in parser cache with key p_mod-security_mediawiki:pcache:idhash:12-0!1!0!!en!2!edit=0!printable=1 and timestamp 20111219124748 --> <div class="printfooter"> Retrieved from "<a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual">https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual</a>"</div> +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual">http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual</a>"</div> <!-- end content --> <div class="visualClear"></div> </div> @@ -6255,30 +5837,18 @@ <ul> <li id="ca-nstab-main" class="selected"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual" title="View the content page [alt-shift-c]" accesskey="c">Page</a></li> <li id="ca-talk" class="new"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Talk:Reference_Manual&action=edit&redlink=1" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Talk:Reference_Manual&action=edit&redlink=1" title="Discussion about the content page [alt-shift-t]" accesskey="t">Discussion</a></li> - <li id="ca-edit"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit" - title="You can edit this page. -Please use the preview button before saving [alt-shift-e]" accesskey="e">Edit</a></li> + <li id="ca-viewsource"><a +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit" + title="This page is protected. +You can view its source [alt-shift-e]" accesskey="e">View source</a></li> <li id="ca-history"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=history" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=history" title="Past revisions of this page [alt-shift-h]" accesskey="h">History</a></li> - <li id="ca-delete"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=delete" - title="Delete this page [alt-shift-d]" accesskey="d">Delete</a></li> - <li id="ca-move"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:MovePage/Reference_Manual" - title="Move this page [alt-shift-m]" accesskey="m">Move</a></li> - <li id="ca-protect"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=protect" - title="Protect this page [alt-shift-=]" accesskey="=">Protect</a></li> - <li id="ca-watch"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=watch" - title="Add this page to your watchlist [alt-shift-w]" accesskey="w">Watch</a></li> </ul> </div> </div> @@ -6288,24 +5858,6 @@ <table style="height: 4px;" rules="none" border="0" cellpadding="0" cellspacing="0"></table> <ul> - <li id="pt-userpage"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=User:Brenosilva" - title="Your user page [alt-shift-.]" accesskey="." class="new">Brenosilva</a></li> - <li id="pt-mytalk"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=User_talk:Brenosilva" - title="Your talk page [alt-shift-n]" accesskey="n" class="new">My talk</a></li> - <li id="pt-preferences"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Preferences" - title="Your preferences">My preferences</a></li> - <li id="pt-watchlist"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Watchlist" - title="The list of pages you are monitoring for changes [alt-shift-l]" -accesskey="l">My watchlist</a></li> - <li id="pt-mycontris"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Contributions/Brenosilva" - title="List of your contributions [alt-shift-y]" accesskey="y">My -contributions</a></li> - <li id="pt-logout"></li> </ul> </div> </div> @@ -6313,7 +5865,7 @@ <a style="background-image: url("/apps/mediawiki/mod-security/nfs/project/m/mo/mod-security/7/70/MediaWikiSidebarLogo.png");" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page" title="Visit the main page [alt-shift-z]" accesskey="z"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> @@ -6322,24 +5874,24 @@ <div class="pBody"> <ul> <li id="n-mainpage-description"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page">Main +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page">Main Page</a></li> <li id="n-portal"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Community_Portal" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Community_Portal" title="About the project, what you can do, where to find things">Community portal</a></li> <li id="n-currentevents"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Current_events" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Current_events" title="Find background information on current events">Current events</a></li> <li id="n-recentchanges"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges" title="The list of recent changes in the wiki [alt-shift-r]" accesskey="r">Recent changes</a></li> <li id="n-randompage"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Random" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Random" title="Load a random page [alt-shift-x]" accesskey="x">Random page</a></li> <li id="n-help"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Help:Contents" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Help:Contents" title="The place to find out">Help</a></li> </ul> </div> @@ -6364,25 +5916,22 @@ <div class="pBody"> <ul> <li id="t-whatlinkshere"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:WhatLinksHere/Reference_Manual" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:WhatLinksHere/Reference_Manual" title="List of all wiki pages that link here [alt-shift-j]" accesskey="j">What links here</a></li> <li id="t-recentchangeslinked"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChangesLinked/Reference_Manual" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChangesLinked/Reference_Manual" title="Recent changes in pages linked from this page [alt-shift-k]" accesskey="k">Related changes</a></li> -<li id="t-upload"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Upload" - title="Upload files [alt-shift-u]" accesskey="u">Upload file</a></li> <li id="t-specialpages"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:SpecialPages" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:SpecialPages" title="List of all special pages [alt-shift-q]" accesskey="q">Special pages</a></li> <li id="t-print"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&printable=yes&printable=yes" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&printable=yes&printable=yes" rel="alternate" title="Printable version of this page [alt-shift-p]" accesskey="p">Printable version</a></li> <li id="t-permalink"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&oldid=507" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&oldid=444" title="Permanent link to this revision of the page">Permanent link</a></li> </ul> </div> @@ -6394,15 +5943,15 @@ src="Reference_Manual_files/poweredby_mediawiki_88x31.png" alt="Powered by MediaWiki"></a></div> <ul id="f-list"> - <li id="lastmod"> This page was last modified on 23 July 2012, at -17:54.</li> - <li id="viewcount">This page has been accessed 142,275 times.</li> + <li id="lastmod"> This page was last modified on 19 December 2011, +at 12:16.</li> + <li id="viewcount">This page has been accessed 77,761 times.</li> </ul> </div> </div> <script type="text/javascript">if (window.runOnloadHook) runOnloadHook();</script> -<!-- Served in 1.261 secs. --> +<!-- Served in 1.177 secs. --> <script type="text/javascript"> | ||
| Deleted | modsecurity-apache_2.7.4.tar.bz2 ^ | |
| Deleted | modsecurity-apache_2.7.5.tar.bz2 ^ | |
| Deleted | modsecurity-apache_2.7.7.tar.bz2 ^ | |
| [+] | Changed | zzz_asl_custom_exclude.conf ^ |
| @@ -5,20 +5,3 @@ SecRuleRemoveById 350148 SecRuleRemoveById 340162 SecRuleRemoveById 391213 -SecRuleRemoveById 340152 - -# experimental -SecRuleRemoveById 340202 -SecRuleRemoveById 340201 -SecRuleRemoveById 340204 -SecRuleRemoveById 340205 -SecRuleRemoveById 340206 -SecRuleRemoveById 340207 -SecRuleRemoveById 340208 -SecRuleRemoveById 340209 -SecRuleRemoveById 345400 -SecRuleRemoveById 345401 -SecRuleRemoveById 345402 -SecRuleRemoveById 345403 -SecRuleRemoveById 345404 - | ||