Squashed 'src/deps/src/modsecurity/' changes from bbccedbdd..205dac0e8
205dac0e8 Change release version to v3.0.9 49c056126 CHANGES: wording update dbe107e28 Update some copyright notices 7b1cf0e99 Merge pull request #2890 from martinhsv/v3/master 264dd4831 Fix: possible segfault on reload if duplicate ip+CIDR in ip match list 49281b6c0 Merge pull request #2886 from martinhsv/v3/master db84d8cf7 Add some member varialbe inits in Transaction class 1feaa7d24 CHANGES entry for previous PR ca7040f71 Merge pull request #2876 from martinhsv/v3/master 5f632a5ed Minor updates to v3 issue template 3311dda0e Debug log: enhance message for SecRequestBodyNoFilesLimit 55d6aa94e Resolve memory leak (bison-generated position.filename) ea80d3166 Merge pull request #2864 from martinhsv/v3/master ec1232a69 Support equals sign in XPath expressions dabf79eec CHANGES entry for previous PR 860b1183a Merge pull request #2854 from airween/v3/logescape 6dd00be22 Refactorized multiple prototypes d63d8849a Remove previously removed fn proto from header cb2df476b Merge branch 'v3/master' of https://github.com/SpiderLabs/ModSecurity into v3/logescape 105c5909a Add more fields to encode filter: rev, ver and tag c7306d174 Extend utils::string::toHexIfNeeded() to encode '"' and '\' characters optionally 62ec4edc4 Regression tests: remove dependency on modsecurity.org 69545eade Remove some no-longer-used parser definitions 3b7ca3e44 Escape log field 'data' value 5dfc0a256 minor refactoring and CHANGES update fb01ad94e Minor change to satisfy cppcheck f037bd268 Merge pull request #2791 from wfjsw/feature/pcre2-jit 54ff1ea53 init m_pcje in the constructor of verify_cc.cc 37d3a20da fix 12e6e325d Merge pull request #2839 from martinhsv/v3/master 0c0e4a25c Merge branch 'v3/master' into v3/master 503804beb Add CHANGES entry for previous PR e56f53b71 Merge pull request #2596 from ffontaine/v3/master af860e2ee Support comments in ipMatchFromFile file via '#' token 1550e3017 add fallback for JIT_STACKLIMIT 07514f977 Add CHANGES entry for previous PR 40f7a5067 Merge pull request #2831 from airween/v3/filestmpcontentfix aa44c7b72 Fix FILES_TMP_CONTENT collection key naming mechanism 398e17423 Add CHANGES entry for previous PR 700a9e9ff Merge pull request #2806 from hughmcmaster/as_help_string 933daee34 Merge pull request #2828 from martinhsv/v3/master 791964a0e During configure, do not check for pcre if pcre2 specified f05f32230 Use AS_HELP_STRING instead of the obsolete AC_HELP_STRING macro de01b0273 Add CHANGES entry for previous commmit ec31e04a3 Merge pull request #2714 from hughmcmaster/libxml2 d76c52775 build/libxml.m4: Check for libxml2 via pkg-config then xml2-config 82f75dc0c Remove now-unneeded cppcheck suppression 47fe75de3 Fix tests to match previous typo fix 222e09ea0 Fix typo in debug log text 5d2b86c1b Merge pull request #2801 from martinhsv/v3/master e9a7ba4a6 Fix two rule-reload memory leak issues 17f3bb0b3 Merge pull request #2800 from martinhsv/v3/master 53cf6eb6b Correct whitespace handling for Include directive 0840a29c3 Advance bison version to v3.7.6 8f06f9bd3 CHANGES: Preparing for next version 996c7e1e1 Change release version to v3.0.8 de3a9b5aa Merge pull request #2796 from martinhsv/v3/master 622eb9e6c Adjust parser activation rules in modsecurity.conf-recommended d6c10885e Merge pull request #2795 from martinhsv/v3/master fa6e41857 Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 651897346 remove jit stack 648cad380 Address some cppcheck complaints b0b459d3a Merge pull request #2707 from liudongmiao/v3-example 36a2231a7 Add CHANGES entry for previous commit f923838e4 Merge pull request #2761 from GetPageSpeed/v3/master af27018de Fix msc_transaction_cleanup function comment typo 8c409149c Merge pull request #2788 from lookat23/v3/master 0d81b636b feat: PCRE2 JIT 228218ae6 Fix the mismatch between comments and code in the msc_transaction_cleanup function 7b094ea84 Merge pull request #2785 from martinhsv/v3/master b41139acd Fix: MULTIPART_INVALID_PART connected to wrong internal variable 369002d70 Create SECURITY.md c3b7a7f4f Change some args from pass-by-value (satisfies cppcheck) d2a1080db Add CHANGES for previous commit 18012e572 Merge pull request #2758 from martinhsv/v3/master a41fc30db CHANGES: Preparing for next version 204908cf5 Prevent segfault for #2755 14c94e2eb Restore Unique_id to include random portion after timestamp 97550881f Add cppcheck suppressions 1bdd04740 Change release version to v3.0.7 841c06a9f Correct CHANGES entry for previous commit 0362af4db Move PCRE2 match block from member variable 770662c0d Add CHANGES entry for previous commit 8d8000132 Merge pull request #2738 from martinhsv/v3/master 76c0c864e Add CHANGES entry for previous commit 844e1bf6e Merge pull request #2727 from liudongmiao/patch-1 7b696d8c5 Add SecArgumentsLimit to modsecurity.conf-recommended 0b6bd39a5 Add CHANGES entry for previous merge 83c302e6a Merge pull request #2688 from ziollek/lmdb_single_env 82326ffe2 shift lmdb initialization to provider constructor which is called only once 00483e400 swtich singleton to thread safe version 606f5721c Change some parms to const reference (satisfies cppcheck) 0be89cc15 Correct CHANGES entry for previous merge 763db3f63 Merge pull request #2732 from martinhsv/v3/master f7f8a9827 Fix initcol error message wording 563fabebf Merge pull request #2731 from martinhsv/v3/master 6e56950cd Tolerate other parameters after boundary in multipart C-T 6b7f2b0d6 fix memory in transaction.cc when log REMOTE_USER 3975f0f8f Fix minor CHANGES typos 59531be2f Merge pull request #2723 from martinhsv/v3/master 1aa7616c1 Add DebugLog message for bad pattern in rx operator ced56c5b0 Merge pull request #2719 from SpiderLabs/v3/dev/pcre2_a f84614fe0 Support PCRE2 a1980c841 fix argv in examples 89186b7e3 update lines for modsecurity.cc on supress list for static check 3b50b2634 remove destructor, close environment only once 1fa95ec2e set initialized flag, remove unnecessary semicolon 46f40899e Fix parallel lmdb readonly transactions 5519f6cfa Update CHANGES for SecRequestBodyNoFilesLimit impl f5efd9ab8 Merge pull request #2686 from SpiderLabs/v3/dev/issue_2670_a 4c526fc21 Support SecRequestBodyNoFilesLimit 6bd1c7764 Add exclusions due to newer cppcheck version 5106307cc Change one parm from pass-by-value to reference-to-const 378e31c79 CHANGES: Adds info about #2602 d0813fec4 Merge pull request #2602 from LMDB/issue2601 4e37985b2 Update CHANGES file for recent commits b89c737ad Merge pull request #2677 from gleydsonsoares/loadFromUri_zap_duplicate_words 2cde1933a Merge pull request #2680 from SpiderLabs/v3/dev/issue_2606_a cc83a1bac Merge pull request #2673 from martinhsv/v3/master 2d51efae4 Add ctl:auditengine action support b052adf0b tweak loadFromUri: zap duplicate words in comment 3ee6e108d Fix multiMatch msg, etc, population in audit log cb80837e6 Remove old commented-out re: audit log, relevant ef1b8d8d9 Merge pull request #2667 from martinhsv/v3/master 1a965a49a Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc. 76ce6739b Correct previous CHANGES update 630b1e0a4 CHANGES: Adds info about #2635 2de14cb00 Merge pull request #2635 from Mesar-Ali/patch-1 f82b98c04 Confusing variable name in setRequestBody method 52958fa73 Merge pull request #2661 from martinhsv/v3/master f34b49f66 Multipart names may include single quote if double-quote enclosed c072ac29e Merge pull request #2656 from martinhsv/v3/master 0275c8847 Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended 19d50f4da Add a const to satisfy cppcheck 13e8be83c CHANGES: Preparing for next version c3d7f4b56 Change release version to v3.0.6 d16c3250a Add a few cppcheck suppressions d8afc4029 Merge pull request #2642 from martinhsv/v3/master ac79c1c29 Support configurable limit on depth of JSON parsing 5aec781d3 Confusing variable name in setRequestBody method ec86b242e Update README.md a6e107484 Fix #2601 misuses of LMDB API d2b700d7a build/libmaxmind.m4: fix build with host-pkgconf 465db29b7 docs: correct project name 873a94a73 CHANGES: Preparing for a next version bf881a4ed Change release version to v3.0.5 cd5fba897 Handle URI received with uri-fragment faad65d38 Merge pull request #2586 from martinhsv/v3/master bffd68e4d Add commented-out sample rule to engage JSON Processor for more subtypes 5a0ae73ba Update README.md 3bfe4b81a build: Fix pcre's JIT support detection was not working 662c05f89 build: Adding a new path while searching for liblua. a589f6b69 Build: using PKG-CONFIG in a new fashion 754daebfb Update README.md 65e7e474b fix missing parentheses in filename* parsing 7fccb0d22 Cosmetic: pleasing cppcheck 6fdba42c0 Cosmetics: Having cppcheck pleased 66ba7b065 Cosmetic: fix static warning 1e2ccc157 test: Fix optimization test 1376882f7 Fix typo 4127c1bf5 README: States the sponsor note a18d18a28 Revert "Adds hyperscan to the build matrix" 4cdcc1533 Revert "Adds suppor for HyperScan in the bulid system" a496865e9 Adds hyperscan to the build matrix 912704b6d Adds suppor for HyperScan in the bulid system 2e69ce6cc build: Fix curl include path 50fc347ed Fix rules dump 6ca028b6f Fix memory leak in rx operator when pattern includes macro 9764b1fb3 CHANGES: Fix entry for ARGS_NAMES 53d36ab63 Updates libInjection 102f4bdd9 Make the `configure` step more reliable fbea73120 Fix: FILES variable does not use multipart part name for key f1f2527c0 Using setenv instead of putenv on SetEnv action 03b3e472d cosmetics: Please static check e8bd2151f Having _NAMES, variables proxied dd458dedb github workflow: having bison from brew 3748d62f1 Changes copyright dates on the code 33f7b46bc Using GitHub Workflow instead of Travis b3cfd8881 Having Travis working again f948d637f Having the QA on GitHub workflow e6bdadeb6 tests: Prints test number on segfault 9b40a045b Cosmetics: fix some cppcheck complains to please QA 310cbf899 Fix the typo f18595f42 Makes regular expression selection on collections key case insensitive 560f81200 Adding DragonFlyBSD support. afefda53c Fix Path to projekt logo d72be1c47 Fix: Only delete Multipart tmp files after rules have run 1b7aa42c7 Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2672db103 Add support for new operator rxGlobal 785958f9b Fix maxminddb link on FreeBSD 4b425850c Cosmetics: fix cppcheck warnings 8da787a39 Merge pull request #2424 from martinhsv/v3/master 8436c7899 Fix IP address logging in Section A 995f22b3c Having Bison 3.7.2 377fb723c Makes lua 5.1 workable again e9dce44f6 build: Minor fixies on Lua detection 9e6d8b7bb CHANGES: Adds support to lua 5.4 8c85b7836 Adds support to lua 5.4 ae3ad5eaa cosmetics: Address some cppcheck complains 51d06d7a8 CHANGES: Adds info about #2378 fe1238514 GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE 0eb3c123f Merge pull request #2348 from martinhsv/v3/master b9620c26a rx:exit after full match; fix TX population after unused group a1a8c0fda Merge pull request #2342 from martinhsv/v3/master 07ce43cce Correct CHANGES file entry for #2234 a2be19d8e Fixing Typo f0f1c2b1a Merge pull request #2317 from nikolas/patch-3 feda5b758 Merge pull request #2321 from nikolas/patch-4 45dec2068 readme update: Packing -> Packaging ba1ae16fc Fix typo in readme: GtiHub -> GitHub 3b1de9567 Merge pull request #2315 from nikolas/patch-1 733073998 fix typo in readme: rearchitechted -> rearchitected 7e0bc2691 Using performLogging function a1547eaa3 Regression tests: audit log compare support and test cases 7a48245ae Creates RuleUnconditional f63bd1a45 Moves Rule[WithActions|WithOperator] to their own files 8274be066 Refactoring: Having RuleMarker in a separated file bdedfd246 Refactoring: Renames RuleBase to Rule 59d426888 Refactoring: renames Rule to RuleWithOperator 8eb7b8fe6 Refactoring: Splits Rule into Rule and RuleWithActions 43f8aee6b Splits Rule class into: Rule, RuleBase, RuleMarker fda03c001 Yet another refactoring in Rule b66224853 Refactoring in Rule: Meaningful structures name 96849c07d Makes action name a shared pointer 9c526b364 Avoids copy on the transformation operation 8cfb289ce Lets reserve some memory for rule message a609249d6 Makes m_id a shared pointer 343b86c2a Makes m_fileName a shared pointer 14b2bd77a Makes m_uri_no_query_string_decoded a shared pointer d7d5cd2a9 Makes m_serverIpAddress a shared pointer 8df35dead Makes m_clientIpAddress a shared pointer 196adcae2 Removes reference counter for RulesSet f2f5c9c95 Removes reference counter from audit_log writer 4b88fdc51 Removes reference counter from log write agent 5ebfa5eac Removes referece count from audit logs 4b94fabef Removes reference count form Actions 6b0ad8049 Having default actions as o shared pointer 9d158611c Makes Rule a shared pointer f1d22f9b0 Fix version check 6367e6d5e Having a class Rules fb7714f20 Creates class RulesSetPhases 7a0ad4308 fuzz: minor adjustment on op_test 6de5c5984 Adds some operators to the fuzzing tests edd0a4bb2 Updates the fuzzing example 88789a577 parser: Using bison 3.5.2 1e26bf207 Revert "Creates the RulesSetPhases clas" 072e4edc5 Creates the RulesSetPhases clas 014adabda cppcheck: Adds rules_set_properties.cc supressions 6a742cdf7 Refactoring: Renames RulesProperties to RulesSetProperties bad5892b9 tests: Adds secargumentslimit.json to Makefile.am f57265a3e Support configurable limit on number of arguments processed 4e9ba44d0 build: Keep the installation of rules.h 4671608d5 cppcheck: more suppressions 22ec30773 Fix 7495675d540b3b3ccce681773205a4fe34daeb64 b7e28c246 static: fix static checks 7495675d5 Refactoring: Renames Rules to RulesSet 0c3e8b6b5 parser: cosmetics: makes it easy to read 6a0df8ca5 parser: new bison version 136db3e58 Multipart Content-Disposition should allow filename* field 1b1fdc055 Fix rule-update-target exclusions for plain (non-regex) variables f7e4c1d9f CHANGES: Adds info about #2235 e9bcaf441 test for uClinux in configure script fe84d2bae Fail when CANONICAL_HOST cannot be determined 2b09e7e01 CHANGES: Adds info about #2253 f76a1a667 modsecurity.pc.in: add Libs.private 357c14000 Changens copyright year fe98ce4c7 Cosmetics: address cppcheck warnings 68ef2dece Cosmetics: address cppcheck warnings on src/variables ff9152ed7 Cosmetics: address cppcheck warnings on src/utils ff590174d Cosmetics: address cppcheck warnings on src/operators 9101a8ab1 Cosmetics: address cppcheck warnings on src/actions a6620604d build: fix yajl messages 4f13fecba cppcheck: make static analysis more pedantic cd9b8aa93 cppcheck: Organizes the suppression list 86a5f471a Cosmetics: fixed static analysis issues. 1fc584791 Travis: abusing -j 2e8833733 Test suite: improvements 7c6bf810e CHANGES: Preparing to 3.0.4+ 753145fbd Change release version to v3.0.4 047016805 Fix: audit log data omitted when nolog,auditlog 6624a18a4 Fixed inspectFile operator does not pass FILES_TMPNAMES 05e9e7cf3 XML: Remove error messages from stderr 42a16c71c CHANGES: Adds info about #1645 7b1b00b5e filter comment or blank line for pmFromFile operator ea7cacf28 Additional adjustment to Cookie header parsing 6395fe07c Restore chained rule logging to be more like 2.9 038522ad9 Small fixes in log messages to help debugging b8160cce6 Fix Cookie header parsing issues 7ba77631f Replace Cookie parsing method 199a9db3e Fix nolog rules logging to part H 9cac167fa Fix argument key-value pair parsing cases 68c995ca9 Fix: audit log part for response body for JSON format to be E c41ab312f Updates test cases 01c7a2689 Fix test issue-1974 d4dc3dbf2 Make sure m_rulesMessages is filled after successfull match 42da29fed Merge pull request #2155 from patros/v3/master 592927793 Avoid using NULL string (match) in Pm::evaluate beedddd6c Fix @pm lookup for possible matches on offset zero 1d552673a Correct minor README.md typo d5b93c101 Update README.md 341a5d01e CHANGES: Regex lookup on the key name instead of COLLECTION:key 2bdc5f9d0 Adds test case to cover issue #2005 74eee9330 CHANGES: Adds info about #2106 96d36afec Add Missing throw in Operator::instantiate 6ab464ab7 negative lookup on the key name instead of COLLECTION:key 47dd9c5df Refactoring on the VariableValue class cbd15ec13 CHANGES: Adds info about #2113, #2111 c0142cf32 Changed compared variables of range id intervall in ruleRemoveById ctl action. #2111 9ebebfc83 Fix test case 1960 b6995c528 test case: Adds test case for issue 1960 f50700e9d CHANGES: Adds info about #1960 50abc072c Make block action execution dependent of the SecEngine status 1cc22966d CHANGES: Adds info on "Having body limits to respect ..." a4e848411 Having body limits to respect the rule engine state c7fe50e5b CHANGES: Adds info about #1872 20b90364f Adds test case for #1872 1b8d69da0 Fix dict element regular expression selection on SecRuleUpdateTargetByTag 547236231 Fix SecRuleUpdateTargetByTag with regular expressions b5823d4e0 CHANGES: Adds info about #2099, #2102 2c136a2d9 Adds test case for #2099 on the test case list 7a93bea8f Added some test cases related to #2099 db298696f Adds missing check for runtime ctl:ruleRemoveByTag 7e8782d97 CHANGES: Adds info about #2063 86ce479b5 Adds new operator to check for data leakage of Austrian social security number 6d266fae8 fixes typo f752291af CHANGES: Adds info about #2057 49900eec9 Fix variables output in debug logs 25e444583 CHANGES: Adds info about #2059 75a5c8d33 correct typo validade in log output a0a99319a CHANGES: Adds info about #2068 4a3e9734e fix/minor: Error encoding hexa decimal 033942c92 CHANGES: Adds info about #2073 1acd87a80 Limit log variables to 200 characters 61c11251b parser: Fix filename 0669c2e64 parser: new bison version b57441838 regression: Using github instead of modsecurity.org for SecRemoteRules 4e76c6adf Renames namespace Variables to variables b9ed15022 Fix namespace utilization on seclang-parser.yy 6d5198b1a make check: Updates test cases list ccd90c51c Increment OVECCOUNT value for bigger regex's 44efae6cd CHANGES: Adds info about #2024 a6e6bc2b5 Allow empty anchored variable to use b392a1ca3 CHANGES: Adds info about #2016 2d3fbbc56 Modified affected test cases, which checked wrong variables 17d79ed7b Fixed data collecting in multipart parsing ac61bf5fd CHANGES: Adds info about #2017 4b3e6328e Fixed validateByteRange parsing method 3dda0ea2c Adds a regression test strdup to valgrind suppressions list 2dff76826 Removes a memory leak on the JSON parser 145f2f35b tests: Updates secrules-language-tests f77db2cc2 CHANGES: dds info about #2011 bd6a02d69 Fix test issue-1831.json on LMDB 37cf60b8d Fix use of deleted Regex copy constructor in LMDB code 79a24ef88 Enable LMDB in Travis CI configuration dc78c0e18 Fix: Extra whitespace in some configuration directives causing error df3c3f62b Cosmetics: coding style ad28de4f1 Refactor regex code e0a0fa05c CHANGES: Info on #2002 ae0207634 Fixed buffer overflow in Utils::Md5::hexdigest() 3c1fba278 CHANGES: Adds info about #1990 7c19ffea6 Implemented merge_bodylimitaction_value() for BodyLimitAction 3c41751ed Implemented merge_ruleengine_value() for RuleEngine 161c25633 Implemented merge_boolean_value() for ConfigBoolean 2d11ff1a1 Implemented merge() method for ConfigInt, ConfigDouble, ConfigString 78b7fa4e2 Adds missing drop.h d00ea5111 Adds initial support to drop action ba4273b8e CHANGES: Adds info on #1978 9b24199a2 Complete merging of particular rule properties 428388369 CHANGES: Adds info on #1984 8af8cad90 Use of AC_CHECK_FILE prevents cross compilation. a9e9da869 CHANGES: Adds info on #1980 77854ed1b Fix inet addr handling on 64 bit big endian systems dccb5e9e5 GitHub: Adds issue template 1ecd97130 CHANGES: Updates issue #1973 0a85b599b Fix tests on FreeBSD e756dd039 README: Adds link to v2 repo 07330e53f CHANGES: Updates issue #1969 25bb1f1bc Changes ENV test case to read the default MODSECURTIY env var b736f0292 Regression: Sets MODSECURITY env var during the tests execution 407b6c0f4 Fix setenv action to strdup key=variable af137442d CHANGES: Adds @steven-j-wojcik to 0xb7c36 and 0x5ac20. d2b14de26 Allow 0 length JSON requests d29f2a898 CHANGES: Adds info about #1966 65e866cb3 Fix "make dist" target to include default configuration 2d3d56aa4 CHANGES: Adds info about #1949 3d2030426 Replaced log locking using mutex with fcntl lock 5a4ada39b CHANGES: Adds info about #1959 3b3004d24 Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES ce3abf262 Adds support to multiple ranges in ctl:ruleRemoveById e712d30c5 Fix setvar to understand Rule variable in collections cbf2fe970 Adjust boundary test cases for the less strict parsing b638e523a Make the boundary check less strict as per RFC2046 ecad8c6c7 Fix buffer size for utf8toUnicode transformation 454669ffe CHANGES: Preparing to 3.0.4 4e6e4243a Change release version to v3.0.3 e4d6d61cf Adds Victor to the AUTHORS file 6cbcdd024 Fix libInjection version on configure summary 9ada0a28c Changes the default configuration to mimic v2 behavior on multipart 31c8d4c52 CHANGES: Adds info about #1943 9d80983e5 Fix on top of #1943 + adding test cases 39f4a5d7d Fix double macros bug 18cdffdbc Encapsulates int[N] in a class to avoid compilation issues e3b9f7c91 Fix SecUnicodeMapFile support 84ece3edc Add test case for SecUnicodeMap 065c2e67b Adds test case for #1850 e1e8a01ed Override the default status code if not suitable to redirect action bfe917b6b parser: Fix the support for CRLF configuration files 3f0ea9097 Test case skeleton for #1941 662fe63a4 Add unicode.mapping file to v3/master branch b05901e8a Changes the regression test client to read the interception msg 1e5df5312 CHANGES: Adds info on 0xb7c36 and 0x5ac20 91daeee9f Only calling server log if the message is not disruptive 448897d29 Marking message as disruptive before generate log msg 973c1f102 Fix rule line number fa5f3784f Using shared_ptr instead of unique_ptr on rules exceptions e63344c3d CHANGES: Adds info on 0xb2840 and 0x3094d ef7f65db9 Changes debuglogs schema to avoid unecessary str allocation 23e0d35d2 Fix the SecUnicodeMapFile and SecUnicodeCodePage 3d83ed257 CHANGES: Adds info on 0xca270 69cd61439 Changes the timing to save the rule message 8088d6af7 Fix crash in msc_rules_add_file() when using disruptive action in child rule inside of chain 466a427ab CHANGES: Adds info on #1897 ec1112c64 Fix memory leak in AuditLog::init() 8c549c65c CHANGES: Adds info on #1901 b12a8f5c6 Fix RulesProperties::appendRules() f1da6dd29 CHANGES: Adds info on 0x3077c 8bda7c0a4 Fix RULE lookup in chained rules. 120108fd3 Adds support for /32 in @ipMatch cidr notation. a5a40a71a Makes matchedvars inline b58018e77 Fix multimatch behavior to match what we have on v2 a47738ab0 CHANGES: Adds info about: 0x14316 dba73f536 Using values after transformation at MATCHED_VARS 7c50fa7c0 Small fix on @detectXSS test case 85ecd190d Adds full support to UpdateActionById. 3e8e28da4 Refactoring on the RULE variable 554251bad Refactoring on the Rule class 74841779f Adds partial support to UpdateActionById 68398a51f CHANGES: adds info on #1922 004047ef6 Add correct C function prototypes for msc_init and msc_create_rule_set c1925a467 CHANGES: adds info on #1909 and #1185 20ef01d75 Allow LuaJIT 2.1 to be used 28f6f2201 Match m_id JSON log with RuleMessage and v2 format bc3d3f191 Adds support to setenv action 4dd281275 Adds new transaction constructor that accepts the transaction id as parameter. c721e101c Adds request IDs and URIs to the debug log 0e8cd767e CHANGES: Adds info about: 0x028e0 and 0x275a1 cdf2da1a0 Adds test case related to issue #1725 98b9ae659 Having a better organization for Variables:: ee50fea26 Handling key exceptions on the variable itself 0d53111cb CHANGES: Adds info about: #1859 5aa79c17f Add test cases for m.setvar in Lua scripts 6f458b520 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 45cdb0ed9 fix: function m.setvar not work in lua script c2bc69526 parser: Fix typo on SanitiseArgs 9c73c09ab parser: Updates the generated parser file a71987145 Fix matching condition and adjust test case 379f37009 Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 5c048e3cc Explicitly include time.h to fix building the examples dce2fed31 Add exception to linker as OpenBSD doesn't like static 0c0b09ec5 Use glob.h when using OpenBSD d97688804 Fix parser to support GeoLookup with MaxMind 0a88e0237 Allow libMaxmind to work with Ubuntu PPA packages dfbff090b test case: Adds test case related to #1831 764a2e43f parser: Fix simple quote setvar in the end of the line. 738e32872 CHANGES: Adds info about: #1847 788b69642 Fix pc file 16ab99ce3 modsec_rules_check: uses the gnu `.la' instead of `.a' file d7b972635 good practices: Initialize variables before use it d302b99ec Adds test case for: #1812 4585216ae Adds more tests to REQUEST_BASENAME a85ca00a5 Fix utf-8 character encoding conversion 90197bdd9 CHANGES: Adds info about: #1807 aa158ceef Set the correct variable (m_requestBodyType) and add test case f999f54ed Adds support for ctl:requestBodyProcessor=URLENCODED dc4382da5 CHANGES: fix contributor list on: #1818, #1820, #1810, #1808 0ac23a47c Add LUA compatibility for CentOS and try to use LuaJIT first if available 857bf9da5 Allow LuaJIT to be used 156527a6f CHANGES: Adds info about: #1814 dee989844 Implement support for Lua 5.1 eed6b5f86 CHANGES: Adds info about: #1818, #1820, #1810, #1808 d810de916 #1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 65aa7ae5e Improves the performance while loading the rules 4e3a1f715 CHANGES: Adds info about: #1785 fd8e72fd9 Allow empty strings to be evaluated by regex::searchAll 7def498c4 Added some documentation for multipart boundary check a3980bbea CHANGES: Adds info about: #1790 ae38c23bb Adjustments on top of #1790 544fb50c1 Add basic pkg-config info 81708a6cf CHANGES: Adds info about: #1787 e51297b43 Improvements on top of #1787 edb5993d5 Fixed LMDB collection errors 1527f4e2f Updates the test cases described on Makefile.am 6a25ebb2b CHANGES: Adds info about: #1747 76887b8b2 Added new tests, aligned to new UNMATCHED_BOUNDARY flag value 4d0ca9449 Modified the false pos. UNMATCHED_BOUNDARY error flag af4afd348 Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 95048d5fc Fix ip tree lookup on netmask content 202a15bea Changes the behavior of the default sec actions 61c956e3f CHANGES: Adds info about: #1754 & #1778 892beb536 Refactoring on {global,ip,resources,session,tx,user} collections 550e9d3f3 CHANGES: Adds info about: #1786 f928e4476 Revert "Fix memory leak in msc_rules_* C APIs" b85a64561 Fix race condition in UniqueId::uniqueId() b586fa9c1 Cosmetics on README 19d4f2007 Experimenting with SonarQube/SonarCloud f533ca999 CHANGES: Adds info about: #1765 58701e7e1 Fix memory leak in msc_rules_* C APIs 6db26cee8 CHANGES: Adds info about: #1783 45e531236 Return false in SharedFiles::open() when an error happens a02bd3a3b CHANGES: Adds info about: #1769 fd9a161e7 Use rvalue reference in ModSecurity::serverLog to avoid string copy ccd7b9f67 travis: Temporarily disables -jN 87e64e3c2 Actually fix setvar parsing of quoted data e4c822e66 Code cleanup: Initialize variables and others good practice a278bb673 Testing travis with parallel build b0b484f45 Build in parallel. 137bd88b2 CHANGES: Fix info about: #1771 b5528bb8d fix when multiple lines for curl version 42a472adb Check if response body inspection is enabled before process it 389cc2535 CHANGES: Adds info about: #1757 2669add8e Fix memory leak in processContentOffset cc7203503 Remove an unused variable 8750ee5d3 CHANGES: Adds info about: #1759 and #1733 5e4085069 Fix setvar parsing of quoted data e47125c55 CHANGES: Adds info about: #1758 98b4e7546 Fix LDFLAGS for unit tests. e48fa2f81 HANGES: Adds info about: #1761 cd1a058c3 Code cosmetics: Clean up MD5 hexdigest d0b423fdd Adds time stamp back to the audit logs 6f92c8914 Disables skip counter if debug log is disabled a1b6cceb6 CHANGES: Adds info about: #1737 d0a63aac0 Define m_secmarker_skipped as an integer type bb2ecdf4d Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser a939d19fa CHANGES: Adds info about: #1738 6d5bb42bd Normalizes Bison version 2037a08b3 Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility a806f26be CHANGES: Adds info about: #1750 268f34bbc Fix memory leak in modsecurity::utils::expandEnv() f888f4e5e CHANGES: Adds info about: #1751 e7ea5433d Initialize m_dtd member in ValidateDTD class as NULL 3ee65a31c CHANGES: Adds info about: #1739 f7beb1757 Fix broken @detectxss operator regression test 6a710b3a4 CHANGES: Adds info about: #1743, #1744 3d06e1b8b Fix github_issue reference in regression test 5e65d560f Fix utils::string::ssplit() to handle delimiter in the end of string 501835837 Fix variable FILES_TMPNAMES 077b18252 CHANGES: Adds info about: #1729, #1730 8285a9746 Fix memory leak in Collections ea7d1ff54 CHANGES: Adds to be released marking 8d0f51bed Change release version to v3.0.2 871a13186 CHANGES: Adds info about version issue 2e87c4e75 Fix version number on libtool f67ff0aa6 Change release version to v3.0.1 01625bbb3 CHANGES: The correct is: ruleRemoveByTag not ruleRemoveById ff0d451a5 Fix maxmind test case 0ca599474 Adds support for ctl:ruleRemoveByTag action 9537cfcee Fix SecUploadDir configuration merge ab3afb2ed CHANGES: Adds info about: #1716 dcbb06be4 Include all prerequisites for "make check" into dist archive 9505ca7e6 CHANGES: Adds info about: #1715 601e0d704 Adjust tests for @inspectFile operator 138e30169 Reverse logic of checking output in @inspectFile c61155424 Adds support to libMaxMind 15b38fbe5 Travis: adds --without-maxmind option df169ea10 Adds support for libMaxMind 7bff76d79 Parser: Updates the generated parser files 480a2f89d Disable SecCollectionTimeout parser error 22334c9bb Adds capture action to detectXSS b59d19e95 CHANGES: Adds info about #1701 e50c317b7 Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator 70ace0faa Adds capture action to detectSQLi 0f361b706 Adds capture action to RBL df25c48f5 Adds capture action to verifyCC 77a885da5 Adds capture action to verifySSN 60b246909 Updates bison parser 0b494c4cd Adds capture action to verifyCPF 64ce41280 Prettier error messages for unsupported configurations (UX) a66acebc0 Add missing verify*** transformation statements to parser 8bb64c3ee Code cosmetics: removes an unused piece of code 450c966da Fix a set of compilation warnings c8666fae3 Check for disruptive action on SecDefaultAction 6842d4bba Fix block-block infinite loop. c51e3e242 CHANGES: Adds info about #1636 4ac14a262 Cosmetics on top of: #1636 a0bea7356 Correction remove_by_tag and remove_by_msg 5e8062cf7 CHANGES: Adds info about #1691 8d61a3df9 Fix LMDB compile error 854a661a2 Fix gcc compilation issue dca642369 Fix on top of #1677 f16eb8b54 CHANGES: Adds info about #1640 ebc068b8c Fix msc_who_am_i() to return pointer to a valid C string 3fa3094ee CHANGES: Adds info about #1652 9dff36f59 Added some cosmetics to autoconf related code ccb1068e8 CHANGES: Adds info about #1678 b50658d1e Fix "make dist" target to include necessary headers for Lua 93ccad191 CHANGES: Adds info about #1677 ccc1f2031 Fix "include /foo/*.conf" for single matched object in directory 3539c59a6 Adds regression for base64 transformation ab78b0cfb Add missing Base64 transformation statements to parser e3b6b4ccf Fix resource load on ip match from file 6f718f9d4 Updates on CHANGES 0461c1c06 Fix examples compilation while using disable-shared ac100785d Fix compilation issue while xml is disabled ff782ddfa Having LDADD and LDFLAGS organized on Makefile.am 2b052b0ed Checking std::deque size before use it eeec7efb6 Renames collection::Variable to VariableValue de7c5c89b Using shared var for variables names 6f7fdd949 Using direct variable access instead m_collections 43bba3f94 Removes the depricated MacroExpansion class f17af9572 Using RunTimeString on setvar action a6830c76f parser refactoring: ops no longer carry a payload a299997e0 Using run time string on the operators 6a97dbee7 Using stack to save parser state b5e996602 Removes useless state 2d892a317 Adds support for multipart vars on the parser 6fe8655ed Adds support for RunTimeString cd30509f3 Fix the debuglogs for the regression tests c3b19e7f8 Updates CHANGES file 2ba788d2d perf improvement: Checks debuglog level before format debug msg a03772630 Updates CHANGES file 768a76a61 perf. improvement/rx: Only compute dynamic regex in case of macro 4a23891c8 Updates the CHANGES file to reflect the changes on bench utility d162d4e20 Fix uri on the benchmark utility e6712358f Merge pull request #1639 from defanator/v3/skip_lua51 f4a05b6e1 Configure: actually disable Lua on systems with liblua5.1 c1cd668ac Change release version to v3.0.0 eaa4770c5 Fix issue related to Lua script load c98e66547 Improvements on LUA build scripts and support for LUA 5.2 de36fca86 Adds info about 0xfd84e on the changes file e9f3312ea fixed compilation error with disable_debug_log flag 81e1cdced Adds info about issue 1615 on the changes file 8bcef4187 Improve benchmark tool e98be6dc5 Adds info about issue 1622 on the changes file af7e6ee16 Correction lua header 9c0ed6109 Fix assorted minor memory management issues b7698d689 Fix memory leak in @fuzzyHash 68152d8d2 Adds test case for issue #1576 3fb71f32d Coding style fixes 023e7acba Refactoring on the JSON parser 23cf656f9 Adds support to WEBAPPID variable 082a3e328 Adds support to SecWebAppID 37c34f3e6 Adds missing cflags for LUA and SSDEEP ec667a460 Adds support for SecRuleRemoveByTag 381cf8ac2 Makes ssdeep enabled by default on the build scripts 4d7fd5c30 Adds support for update target by message 7d7c0c03c Adds missing SecRuleScript test case bff326e80 Adds lua as a travis option 7fa5ca9ba Makes lua optional e52bd7d63 Adds support to SecRuleScript directive cb3363c7d Adds support for the exec action 7bec78a5a Adds support for transformations inside Lua engine a676f313c Initial support for Lua script engine 1866a3a9e Adds support for the @inspectFile operator 1189e9b0e Adds support to LUA in configure scripts 9369efcb9 Adds support to the collection RESOURCE a9d54c30a Fix on ssdeep search script e6106ae0e Fix regression tests for fuzzyHash 9c83b39ea travis: Adds ssdeep option to our regression soup 7622866f9 Adds support for @fuzzyHash 4ecfed316 Adds CHANGES info about #1598 968d83f1f Fix build on non x86 arch build failed on ppc64/ppc64le/arch64/armv7hl/s390x due to how this arch represent chars 371fc0321 Fix memory issue while changing rule target dynamic 351beb056 Adds missing info to the CHANGES file c4fcb36f4 Fix log while displaying the name of a dict selection by regex 93e18ca5e Support pipes inside quoted variable selection 34e8b140e Setting http response code on the auditlog 274f9e5aa Refactoring on RuleMessage class, now accepting http code as parameter 39fb75c34 Having disruptive msgs as disruptive [instead of warnings] on audit log 30797a458 Parser: Pipes are no longer welcomed inside regex dict element selection. 1518c43d6 Adds test case for issue #1565 1ad95254c Avoids unicode initialization on every rules block 20edf9ab7 Removes xml initialization from CURL if/def 41bf7f716 Calls xml init and xml cleanup to avoid memory leak 30364628a Makes clear to the user when audit log is empty due to missing JSON sup. d3f979f1d Makes auditlog more verbose on debug logs e09304a08 CHANGES: Adds info about #1583 d285bc02b Add missing statements 63bef3d14 Support to JSON stuff on serial logging 2988c5bb0 CHANGES: add info about #1536 fa7973a4e Removes a regex optimization added at #1536 9e9db08b8 add @rx macro expansion test to list in Makefile 10c4f9b1b add a test for macro expansion in @rx a76030256 support macro expansion in @rx 210e72aa2 Consideres under quote variable while loading the rules 658c9b5da Adds CHANGES info for #1571 a5266d6d1 Store the connection and url parameters in std::string ba4e2e373 Adds CHANGES info for #1572 495b47d8a Eliminate some reorder and sign warnings 490971399 Adds CHANGES info for #1562 082a0d3ac Adds ios::[open|app] to the parallel.cc to fix write over SELinux 48be601ca Very first version of our changes file 1c91e8077 Extends acmp_prepare to pm_from_file 7d786b335 Makes pm mutex optional via configuration flag 119a6fc07 test-only: Placing a mutex while evaluating the pm operator a2427df27 fix: ignore .git directory while generating the release file 04f700998 Adds a simple release script cca364253 Changes release tag to -rc1 224f6ef26 Fix configuration schema on the configure summary 7ac6bf724 Fix memory issues while resolving variables 003a8e8e5 Uses shared_ptr on variable names 9d062f53a Merge pull request #1543 from defanator/remove-SecRequestBodyInMemoryLimit-from-conf 5c737c2c0 Treat _NAMES variables as collections (#5) 9069a453e Revert "Treating ARGS_NAMES as an array instead of scalar" 43e3ff91e Fixes a bug with an unitialized variable. 3a048ee2d Support --enable-debug-logs=no option of configure script (#2) f6af42c23 Remove SecRequestBodyInMemoryLimit from configuration template 1d3c4c670 Treating ARGS_NAMES as an array instead of scalar 81879cd13 parser: SecRequestBodyInMemoryLimit is now returning an error msg 2cf636cf7 parser: Adds generated parser files after 0xfce65 0be821ded change parsing of SetVar actions e0ebf2854 Adds `$' as a valid character in ruleRemoveTargetById 4b9bd499e Fix to_hex_if_need function on string utils 8d6209f65 gitignore: Adds binaries from examples to the ignore list 5e76d8563 Update test cases to include test propesed at #1523 31f1d0446 add validateByteRange regression test to list in Makefile 58872e7ed adds a test for validateByteRange with bytes > 127 86e74fac5 validateByteRange: correctly handle bytes > 127 7665d96a1 Improve action-allow test titles fc06915cc Extend RESPONSE_BODY test case. 31655e2c9 Updates secrules-language-tests 0a3dd824f Updates libinjection to v3.10.0 b8789ab9f add a test for negated implicit @rx operator 039bd2cc8 fix negated implicit @rx operator ca9cbf4dd Fix for @rbl operator to correctly recognize known supported RBL providers 9d4ed5251 test: Counts the disabled tests as skiped on the test summary d66f0c7e0 Add support for disabled test cases. ab14b7c08 Add support for disabling test cases. c22658ec8 Adds `msc_update_status_code' method to the libmodsec api fff5a5765 Changes auditlog type to serial by default bf281eb4d Relaxing the audit log sanity checks to allow empty relevant status 09ee47149 Handle zero byte rule files correctly. 945ee27a8 parser: Adds SecRuleUpdateActionById is not yet supported d7eab6b7a Adds support to SecRuleRemoveByMsg 562c2b2f5 parser: Adds support to tag action without quotes b4051246b Adds support to SecResponseBodyMimeTypesClear 48f147026 Adds support to SecArgumentSeparator a30253852 parser: Adds SecWebAppId not supported note 2c4e65f7e parser: Adds support to quoted paramenter in SecDataDir bb2fe0e03 parser: Adds note saying that SecServerSignature is not supported e6cfd5379 parser: Adds SecRuleScript not implemented note cd533e00e parser: Adds support to quoted arguments on SecUploadDir b5d0dc240 paser: Adds support for quoted argument on SecTmpDir 5ffc5c163 parser: Adds support to quoted arguments in asorted configurations 9abc37157 parser: Adds msg: ContentInjection is not yet supported 06447ea3d parser: Adds support to double quotes on adit logs file c525cbfb2 parser: Adds ability to inform auditlog status without quotes 9ee412735 parser: Improves the reading for the url in the redirect action 8c66a1b4c Adds support to double quotes on debug logs conf 0508395f8 Forces REQBODY_ERROR to zero whenever there is a valid XML b36c4260c Adds a graceful error if there is no memory for request body inspection 9a41942ce Optimization on the macro expansion function 53ff0e1a5 Adds initial support to SecHttpBlKey 515e07350 Rename FromNowOneAllowType to FromNowOnAllowType. bce5ef770 Add the missing g in Transaction::GetReponseBodyLenth() 56baef5f1 Fix test case as consequence of the changes at #1514 5e06a67fb Demote log lines to improve debug log SNR. 5c7892ce8 Reduce use of underscores in log output. e3b9e6061 Ignore droppings from make check. 4d1739a2c Ignore built files. 024264661 Adds test case for the ctl:ruleEngine action 4bec6b001 Adds support to ctl:ruleEngine 1f1e8324b Includes HTTP version and response code on auditlogs/F 43cb8ed65 Adds support to C section on auditlogs 15ca5ceab Yet another change on the audit log permissions b58c8fe7e Changes the default file creation permission to 1600 27a8abc05 Changes the auditlog new derectories permission to 1872 337216fd8 fix: remove target by {id,tag} are now considering collections 7c2dbf48c Typo in the debuglogs for rules::getFinalVars e14dc602e Adds support to SecRuleUpdateTargetById 9ce7d022c Fix memory leak in the regression utility 52c5631ae Adds test case to UpdateTargetByTag fba9c20ea Adds initial support to SecRuleUpdateTargetByTag 65bd06fb7 Adds verifyCPF operator to the unit test list 74bb022a2 Updates unit test cases 25175dd80 Adds support to verify CPF operator 787b388f8 Yet another update on the unit test repository ddac1fb6f Upgrades the unit test repo to the most recent version a7f7532a2 Adds verify ssn operator to the unit test list ad8182e2a Adds support to the verify ssn operator d465c2f1a Removes the beauty of the JSON logging 1edd3570e Adds a set of sanity checks to validate API inputs (2 of 2) 508a2b5a4 Adds sanity check on SecRemoteRules directive input 49b7ea99e Adds a set of sanity checks to validate API inputs (1 of 2) 5a32b389b chunks example: Sets the freed variables to NULL 6d77c76b2 Implements intervention support inside using chunks example f5b47a807 Duplicates the url variable in the disruptive action c3a0d8d9b Fix collections element selection by regex 3ebc2d61f Enables random number generation 4726912ec Audit Log: Adds space after response size 20134ef24 Fix examples/using_bodies_in_chunks compilation e1f52a1cf Adds using bodies in chunks example 9cb3f23b5 Adds support to setrsc action 616a95bfe Adds -lpthread to the reading_logs_via_rule_message example e795253ec Fix crash on SecRuleRemoveById malformated parameter 2a5085255 Using multiple threads in reading logs via rule message example 8fbb9e812 Using pthreads to avoid concurrent access to the collection 37868d153 Add missing feature: t:uppercase transformation 9d70345d3 Add missing hexDecode transformation to seclang parser a90b2a3ff Code cosmetics: init a vector. e1d3abc8e Removes memory leak on the counter variable modificator c49688fd7 Verify if a certain resource exists before do any other sanity check 6143eb99e Removes LMDB from the default configuration options 37619bae7 Removes local cache for transformations 0e05b7bb8 Avoids to load a directory structure as a rules file c97db2f36 Adds verbose message when a resource is not found. 77a658c7c Updates libinjection version 6421ff087 Forces disruptive to be first-rule-only 7e5925006 Fix JSON parsing error message b58f713fe add support for soap+xml e2bbe9858 XML Parser: removes unnecessary message from debug logs ba070c9ea Speeds up utils::string::toupper function b3c8e97ff Parse fix: accepting variables in between quotes c7053e572 Postponing the decision to whenever save or not a log message to the last rule 4d03ef512 Fix TX dictionary element name on logs 5f60bb522 Yet another fix on the debuglogs merge cf4deaa3a Using uint64_t instead of u_int64_t d15b57895 Fix the Multipart parser error for unknown content type 80cfca6fa Fix the debug log level merge function 2a54bf23e Fix the debug log merge function eb12b1514 Flush [shared-] file after write it dbcf5a719 API CHANGE: Rules::merge signature was change to includes error msg 5e59d1912 Improves macro expansion speed and variable set attribution f17da09fc Avoids call `toupper' twice while resolving a variable 85f98c8a6 Fix "make dist" after recent changes to parser c290c73f9 Updates travis' badge 53485c7f7 Fix pcre_exec offset values e79712095 Minor fix in the decision on whenever the log callback should be called e2af60e76 Expands log_cb to share ruleMessage structure instead text 9ea5b475b Fix missing initialization on rules-check utility 6d61bd6b5 Adds rules-check utility d2c5b31b1 Uses FILE instead of _IO_FILE e2bd87d07 Fix minor parser errors c3cb23f47 Removes the ';' from the x-www-form-urlencoded body-processor comparison d6363607a Accept quoted regexp in the collection selection 39761ce7b Discards the `charset' from the C-T while checking for body processors 7ab192e90 Using method instead of procol in the audit logs. fcad29015 Having the DebugLogs using the SharedFile schema 7f9cd7661 Improvements on the SharedFiles class 01c13da51 Fix segfault due to invalid memory access on SharedFiles class 87f6b478f Fix typo in returned string cc25390dc Fix copy/paste typo 027d50b76 Adds first version of `processContentOffset' 7aae5dc18 Fix Regex::searchAll to behave like global modifier 4d66481bf travis: Installs cppcheck on MacOS X 616cf84c3 Adds check-static to travis.yaml 4ad3574cf Adds offset regression tests and assorted fixes on var's offsets 795994bb0 Adds support to error_log in the regression tests ae8c2a486 Adds ZenHub Badge to Readme 073b0f6d6 Small changes in the README, including: having ModSecurity logo aba68a7b6 Adds ModSec log to the git repository efb90bb55 Adds OWASP rules to the gitignore list 71a9677f3 Adds configure.h to system.cc in oder to read the MACOSX def 09cfa2869 Removes dup on travis build matrix 44121bdee Updates secrules-language-tests 158ec7b2e Adds support to resources on the unit tests b021c15e4 Adds a little more build options to the travis file c06daba39 Adds support for curl resource on the regression tests f9552ede2 Adds missing file 36ab4b952 Fix lmdb compilation issue 6f4746211 Fix compilation when YAJL is not present 9d3399055 Very first travis file d85169952 Adds references to the collection variables e95efa05c Fix assorted memory and static analysis errors 8d0583eda Increments the cppcheck suppression list f40a6edec Adds valgrind suppression list f2d149fc5 Extends the direct access model to other collections ca24b6bb0 PoC: Adds support to direct access on ARGS collection 17e5a6357 Removes memory leak on the "offset" feature c1f11ab4e Cosmetics: assorted fixes on the coding style a88dc8efa Changes the check script to detect segfaults ff65d618e Adds missing Makefile.am file ecbf292f6 Adds first PoC for the operator offset feature 9a8fc3116 Instantiates the Class variable earlier ba6b972ca Makes global collection allowed to be set by setVar b516cc6de Adds operation unset to setVar action e95555132 Contionuation of 1 time variable patch 703da3c4f Adds PoC about 1-time variable resolution and draft for offset 6abbb7e91 Fix regular expression test case and updates the test list 1e8b37411 Removes the depency on bison/flex if it is not a parser build 3eccfaf1f Disables parser generation on all builds 03d0570e9 Deletes the Rule object in case of a parser failure 1aa2a9c01 Avoids memory leak by cleaning loc stack on Driver's destructor 8edffe353 Dirty hack to make the parser workable 839ac6258 Fix memory leaks in parser failures a6f07f621 Makes the lexical errors a little bit more verbose 5880524db cosmetics: Improves the tokens organization 9a1faab66 Deletes driver in case of parser failure 808fd2335 Avoids a second initialization of the Audit Log class 557c29fd4 Changes variables destructor to virtual 0c37ba336 Fixed utf8ToUnicode bad memory access a8e5cce74 Moving the rules deletion to the RuleProperties class 068a3eb51 Fixed bad memory access in utf8ToUnicode class fd341145d Fixed memory leak in the acmp implementation 60402d8b8 Renames defaultActions to m_defaultActions in RulesProperties 7927ddda9 Renames rules to m_rules in RulesProperties 5086fef49 Fix parser while continuation line is used between var and op 59114dd59 Refactoring on the operators parsers (2/2) 9cda4c0be cosmetics: Having the parser in a better shape regarding operators 1/2 3a413080f Fix string size on regexp search all 36d6bb966 Fix substring constructor in regex search all e181cb7e0 Fix lmdb collections backend b12cc9128 Adds valgrind suppression regarding rules load 8bd5f03a3 Fix memory leak on the regression tests f62dc287c Uses pointer instead of std::string copies while applying transformations 63f3f2fd8 Avoids unnecessary elapsed time calculations a7f465cf3 Avoids string copy by working with pointers while resolving variables 7834cf857 Fix memory leak on the benchmark utility 168fa22e1 Collections cleanup: removes resolveFirstCopy method 6fff8c954 Performance improvement: makes the collections lookup faster 15b81d09e Refactoring on the transformation classes bbb61d560 Changes the saving selection for the audit logs 10cdf8fed Enforces that relevant status on the AuditLogs 88fb456a1 Cosmetics: Reduces the static analysis warnings 9c7416da9 Refactoring the actions classes 73877d403 Adds support to section "E" in the auditlogs 317808fe5 Adds section "H" to serial audit log 2d29740ca Cosmetics: better format the serial audit logs c1e96d6c2 Fix rules messages in the audit logs 1218d8c84 Fix the audit log engine status selection 2e9a35c35 Refactoring on the audit logs implementation 9707d46e4 Adds `debug_log' headers in the no install list 64e292792 Moves debuglog stuff inside the debug_log namespace a3787fedb Fix building with -Wl,--as-needed linker option with older ld versions 31d5d7908 Removes charset=UTF-8 from content-type variable 8f1665059 Fix install and dist targets after 768cc74f, 9733cacd, bfc30dad 47f2e7ff4 Use correct debugging CFLAGS in readme. 89987806c Add (void) argument to be ANSI C compliant 1719e1d7e test-cases: updates the remote reference cce6179dc Refactoring: new structure for logging alerts bfc30dad3 Refactoring: how to report to error logs e6b58014d Cosmetics: Fix some static analysis report 9bd37ccb6 Refactoring: Rule class a776cce6d Changes RULE variable group to be save at transient collection 2930d40d5 Changes the actions to affect the ruleMessage instead of transaction 8fa0523fe Adds initial support to the multiMatch action 9116a19bc Using the decoded uri in REQUEST_URI instead of the encoded one 7a36499f2 Makes @pm compatible with the brand new capture schema eecb90cfd setvar: needs review c339194c0 Changes operator rx to use regexp::searchAll 9c7988d88 Adds support to regexp::searchAll d3a4ec760 Removes slash from REQUEST_BASENAME 293a84966 Adds m_uri_no_query_string_decoded to transaction ab8808315 parser: Fix the expanded list inclusion c98be42f8 Limits the transformation output to 80 chars in the debug logs f5898e94c Fix documentation typos 85edff522 Fix return value of msc_rules_merge() 464350150 parser: Improves the include error when the file does not exist 8b4f1bc46 Fix rule file inclusion path 361ec8340 benchmark: Removes the \n\r on the user agent 8ceaf99d5 Updates the CRS script to target the recent v3.0.0 release 3ab5c8057 Updates the fuzzer sub-project ee996a837 Adds configure option to [disa|ena]ble the library examples 936ec0b47 ~Rule will delete chainedRule 1b2877681 Fixed install and dist targets after 3ee7b24 3ee7b2492 Adds refCounter to actions ad05c74c3 Moves mbedtls to others and renames msc_string.h to string.h 2244e874e Moves static methods from class String to the namespace string 62a0cb468 Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 424418f54 Renames msc_system.[h|cc] to system.[h|cc] 4ced1d18e Using full path in the header inclusion 768cc74f0 Moves RuleMessage to its own file ac4cb53d0 parser: Better understands escaped quotes in operator parameters 1bf53c057 Deletes ruleMessage by the end of the rule execution 5fa02f17c Fix Utils::hexdigest 507ec44cc Refactoring on `utils.cc' and adjacents b48dccff7 Removes unused `urldecode_uni_nonstrict_inplace_ex' 78d6d2098 Moves `phase' related functions from `utils' to `utils/phase' f1e742c15 Moves system related functions from `utils' to `utils/system' 73c4d6917 Moves string related functions from `utils' to `utils/string' 9733cacd4 Refactoring: moves ctl_ actions into ctl namespace 2bb9d7988 Cosmetics: huge refactoring in the parser d3de1c743 Adds missing action-ctl_rule_remove_by_id.json 721983a05 Adds missing ctl_request_body.* 75a5000b1 Cosmetics: coding style 471164460 dds support to CtlRequestBodyAccess 10d263cd3 parser: Relax the characters accepted by ctl:ruleRemoveByX fead97155 Cosmetics: Fix typo. Remove not Remote 1c21d1aeb Adds support to action CtlRuleRemoveById 161cc36ac Adds support to action CtlRuleRemoteTargetById 9245369a5 Adds support to action CtlRuleRemoteTargetByTag 730d7dbd2 Cosmetic: Coding style fixes. 8757840bc Refactoring on the operators: negation is now being handled globally 28a44b966 SecLang uses RESPONSE_STATUS as variable, not STATUS 678a97d0f Refectoring on the DebugLog mechanism f3bbcfc7e Removes SecDebugLog directive from the test cases 8ac15e291 Removes wrong test case: there is not transformation ge 4e3a599f6 Add hack to fix MacOS X build 049f1abb6 Fix compilation error b48e4b3a3 refactoring: Moves Phases enum to outside ModSecurity class c680ddf2c Refactoring on rulesProperties class ae8698d8c Makes JIT support in PCRE to be optional 13b6a3ecf Fix: Rules ID are validated during a set merge ecd3fd0dc build: avoids compilation problems due to non existence of the lmdb.h 8f5c1c3cf parser: avoids parser error while loading an empty file 5553b2a5b Moves web server message to appropriate place and removing the garbage 16b8ef98f Fix: placed missing variable initialization 56cbbeff5 Adjust the phase value between the core and the rules 115afffe3 Cosmetic: Limit the matched log size a1a1c71d6 Makes LMDB support optional 0a22f880d Adds support to custom operator's message in case of a match ad6183811 Considering collection RULE independent of the case at macro expansion 241269eed Adds missing `nog_log' action c3378ec52 Fix the size of the rules and actions vectors 8d84ff6f4 Accepting both: normalizePath and normalisePath fb0afdb34 Fix @validateByteRange initialization ed18c73cd include pre-generated parser sources into the distribution 062dd17f1 Cosmetics: reducing the compilation warnings 0e5f72977 Changes MATCHED_VAR behaviour 665df0451 Cosmetics: avoid compilation warnings 5febc7b26 Looking for lmdb in the right location under MacOS 7f7bd9984 Adds missing file: rules_exceptions f723870f1 Fix case sensitive variable resolution in in memory backend 5d64f7381 Makes RULE collection to be resolved inside a macro expansion 5514b6614 Adds missing file: rules_exceptions.h 52808b6cf Allows REQUEST_HEADERS:Content-Type to be null c961373fc Adds missing header 8416eca98 Initializes m_maturity in the rule class 37079ef66 Adds support to SecRuleRemoveById d781b00f7 Fix the `log' action and the webserver error callback 8d9abfb46 Makes tests output buildbot friendly c0ebd45a6 Reduces bison required version to test it over the buildbots 8a135cff9 Extends the possible names for liblmdb0 75e2e9d4d Fixing multiprocess_c compile error 4cf6c714a Cosmetics: Fix coding style 3615c84ee Adds check-coding-style target to our Makefiles f26824bcf Adds more suppressions to the cppcheck 4078677b7 Cosmetic changes: applies changes suggested by static analysis 247f24c5b Removes check-valgrind files after a maintainer-clean 46f4b84a0 Removes collections db after maintainer-clean 3f38b5668 Renames `testdb' to `modsec-shared-collections' 4c8aa5409 build: Adds missing lmdb.m4 085d50c12 include test cases into the distribution 063850a4c exclude build-time required headers from install target 2aa1d1447 fixed build of unit tests (broken by 34e0284) 649365481 automake: include all needed files into "make dist" target. ee9f3ebc5 configure: conditional creation of Makefiles in test subdir. 38b338d1d Adds test case for regular express selection ad481be09 lmdb backend: Adds support to select variables using regex de8245d8f in-memory backend: Adds support to select variables using regex 4daf9d8ab Adds a test case for WEBSERVER_ERROR_LOG 833089eb7 Adds method resolveFirstCopy to collections 6e4226ee4 Adds support to global collections shared among different process ac6498327 Adds cppcheck target on makefile 7bcc9cf0d Bug fix: variable resolution inside global collections 20689145d Renames examples/multithread_c to multiprocess_c cd5a116ca Simplifies the multi thread sample 5daf4873b build: Searching for LMDB during the configuration phase afd7a21d1 Correctly handle return values from pcre_study(3) e231503bc Simplifies the collection interface f43704dbe Add explicit 'return true;' for Transaction::extractArguments() 45850d17d Fix typo (= vs ==) 71acdaf8c Accept new line + caridge return in the rules parser 578dabea8 Informs the https client a key if any is given 3d1d0514f Fix pass action behaviour: now only ingore actions within the same rule b332018cc Adds regressiont test for issue #1152 f72bd587e Adds support to the allow action e77e4c4c1 Adds missing test case to Makefile.am and initializes the skip var b0f69b126 Adds support to the `skip' action f00e625c8 Unbreak build with custom location of libyajl.so 90adb5393 Adds support to JSON request body parser 247747060 Adds support to the resource collection bad3e1361 parser: Fix commented SecRule parser 7d06c32b0 Adds error messages while failed to init a collection 193fa2e80 Changes regressions tests to fit the recent modification on the parser 0c0a9b308 Accepts component signature between brackets 74a34261a Adds function removeBracketsIfNeeded to utils 731707994 parser: Reporting the right column position in case of error 37c18326c parser: Avoid to duplicate the invalid character 0fdde5253 Fix setvar action to accept equals nothing cf2ffe7e1 Fix the line counter while showing an parser error e5583c24b Removed parserError from the rules class 02909f7cd parser: arbitraty text can be used instead of operator 0d53dda1a Adds support to @unconditionalMatch 60be385eb Adds support to the SERVER_NAME variable df1f7c5e0 Adds support to the RESPONSE_PROTOCOL variable b8bd0c596 API CHANGE: response status is now set on processResponseHeaders a36b2da86 Adds support to the STATUS variable 56d084a7f Adds support the variable rule 45bfb594b Adds missing tests cases 6052d2628 Adds support to URLENCODED_ERROR variable c5262d54f Fix argument uri decode order dbaf79fb8 Adds extractArguments facilitator method 5c088c8be Adds addArgument method to transaction class ebe842475 Adds support to REQBODY_ERROR_MSG and REQBODY_ERROR 7bd6e9a2b Makes XML request body processor to be selected only by ctl:equestBodyProcessor 7cb27eb9f Implements the support to fill the REQBODY_PROCESSOR variable 734f63bd0 Adds support to REQBODY_* varibales in the libmodsec parser 767289c8d Fix compilation for libpthread users. 647019a80 Use internal PCRE based implementation of regular expressions instead of std C++ regex library. 21777aec4 Fix invalid memory read in msc_tree 8b9041c2d Fix memory leak on VerifyCC operator a4c7d534f Fix invalid memory write on base64 forgiven decode 7be5fde62 Fix memory leak on the @pm operator 1b35e57c4 Adds more suppressions to the valgrind list 9cec9db79 Fix memory leak in the method toJSON from Transaction class f833a6108 Fix memory leak on html dentity decode transformation e6c542c5b Fix invalid read on sql hex decode transformation 991902662 Fixes regarding memory management cb91af537 Enforce bison requirement to 3.0.4. 32f22d1a7 Use explicit variable size for copying char. 57ad70bb2 Add missing 'retrun's for functions declared return value. This change fixes SIGILLs on executable built with clang 3.4. 1e6b40ebe Fix some improperly formatted test cases 8cdb13807 Adds support to make check-valgrind f0155e3f3 Adds support to `make check` 2e3da7ea2 Better support for multipart 9e5cf2de8 Adds Upload configuration paramters to the libmodsec parser 967c8c90f Fixed minor behavior on the trasnformations and added sha1-mbedtls f35d28b8d Loads the transformations test cases during the unit test 8d4990327 Adds support to the transformations parity[even|odd|zero]7bit 59b1fe030 Adds sqlHexDecode tranformation to libmodsecurity parser 1fe0e3420 Adds support to sqlHexDecode transformation bd2e95953 Adds support to the hexDecode transformation 2b056485d Adds support to Utf8ToUnicode transformation d70f08d01 test: Using regexp to transform binary representation into binary blobs b7e82261c Adds support to removeComments transformation on libmodsec 08df949bf Adds md5 transformation to the libmodsecurity parser 7ccf54d33 Adds md5 transformation bf4a9d763 Adds support to base64DecodeExt transformation 056753d57 Adds support to base64 encode transformation bb5cbc969 Fix return value of Utilis::Base64::decode e48f468cb Adds support to base64 decode transformation 348cf3bfa Adds support to the REMOTE_USER variable a3ae686f2 Adds base64 support via mbedtls 4b9cff3ec Partially adds the REMOTE_USER variable support f989ecd5c Adds support to SecXMLExternalEntity 6a7b970fe Adds support to ctl:requestBodyProcessor=XML 9202ffb17 Replacing include subdirectory name, transaction --> collection 1f45d6cea Adds full support to the libxml action a9e6716c6 Variables are now receiving the rule instance as parameter 8c714af8e Actions refactoring: now there is a clear definiation on the action name 1b88947d9 Adds support 'xmlns' action to the libmodsec parser 3e8defb85 Adds support to the operator @validateDTD 6a4075250 Adds XML variable, xml body request processor and @validateSchema 35636674e Adds the missing regression tests for USERID 758ecb5d6 Adds support to USER collection, setuid action and USERID variable ff9aa5c7c Adds support to the variable SESSIONID a2a47798e Adds support to the collection SESSION and setsid action 33a704e91 Fix macro expansion: no more % abandoned by the end of variable 572811027 Declaring variable outside the for loop c85529158 Adds support to the cmd_line transformation d0e000228 Fix the regression tests as reported on #1142 3062ff2aa Using Collection instead of GlobalCollection 64c4f23a4 Collection class was changed to be a simple interface bc887cdcf Fix Valgrind regression test script 5643d2fa2 Warming up to the remote collections support ff165a403 Adds support to the multithread example 1539a8c3e Fix the coding style of the pull request #1115 8b3b01406 updated transformation file to include removeWhitespace transformation 883b804d9 adding removeWhitespace transformation 0a60924c8 Reduces the amount of warnings 6f93563fc Fix in parser: now understanding the removeCommentsChar transformation 19137452c Updates `secrules-language-tests' reference. a5a21ea19 added remove_comments_char to address issue #971 8da49842d Fix typo on the audit logs. 85d8b8e9b Fixed typo error in the HTTPS client implementation 8d052853a Adds support to https audit log output e5acc95de First version of `global' and `ip' collections 214cc1578 Cosmetics: Reduce the coding style warnings c43391072 Fix some issues reported by the static analysis 28008be61 Build: Adds /usr/lib64 as possible path for YAJL d528b8ea6 Build: Looking for YAJL's LD flags instead of CFLAGS e3dd2937e Installs the library file in the right path [lib|lib64] 88ca73654 Avoids the installation of test utilities during `make install' e0926fee3 Fix parser error while dealing with operator negation 47a62b98b Saves `MATCHED_VAR' and related before execute the actions 778db259c Treats the keys of the sec language variables as case-insensitive 30d9ade19 Fix macro expansion: Now support } and/or }% to close a variable f44143436 Fix parser error on free text operator 1f68075a2 Process the logging phase on the benchmark utility 1e3cafb73 Fix memory management on the rules' messages (try 2) 71970915b Using `clear' to clean up lists instead of clean via integration 163483e8d Fix memory management on the rules' messages ed8b0c85d Fix `capture' memory management e34645437 Fix memory leaks on the collections/variables management 49fc1f8b7 Fix memory leak on the benchmark utility 8647d63e9 Fix m accuracy initialization inside the Rule class a2ffb3615 Adds "matched" line to the audit logs 362b376ac Adds verbose logs to audit logs while deciding or not to save a request 77a1dcab9 parser: fix issue with skipAfter action 049e4eb69 Adds support to the @rbl operator 4bdb4ed63 Fix chained rules execution order 8143f8ea8 Adds support to the action `maturity' 714df8db2 Adds support to the action `accuracy' 5a2a81a56 Adds support to the action `ver' 77900ed4e Fix rules `messages' on the auditlog 947437326 General improvements on audit logs information 31117d757 Fix error on older systems b9b3e8290 Fix AuditLog parts selection 934394239 Adds mutex around the write operation on the auditlogs b4691aa74 Updates python bindings version b46dc3457 Temporarily disable the HTML ENTITY DECODE transformation a102b5ce2 Improves the method fill the ARGS collection 98f45f357 Using a better number generator to avoid conflicts 36dfe81da Adds YAJL_CFLAGS to the project core fc225ff00 Fix whoAmI() call on Transaction b06eaadac Places the classes related to audit log into a separate namespace 2830525f8 Adds missing file: script.lua aaf995cc7 Adds missing file: transaction.h and removes assay.cc from git e45ad3b08 Updates Python bindings git hash 4db5cc7d2 Refactoring on Transaction class: adding comments and renaming variables 6f1e6f37d Fix trasanction cleanup on the C API a51e70751 Renames class Assay to Transaction f3fd5d662 Adds owasp/2 experiemntal rules on the test set for benchmark d780fd629 Fix the parse to distinguish between @pm content and a variable 702551ed4 Adds support to action `exec' to sec lang parser 331df90ba Enables OWASP CRS optional_rules on becnhmark test case 923620fbd Adds support to the action `allow' in the sec parser 7901c2c89 Adds the actions SetSID and SetUID to the seclang parser ab92bed6f Parser improvement: Supporting variables selection with regex 3acc013e4 Improves the secrules parser ed13cab9f Adds script to download and configure benchmark script to use owasp v[3,2] f23908f14 Improves the secrules parser a4d8dfd5e Adds ModSecurity recommended configuration file 29680d69a Updated geoip m4 file to support from path 527325826 Fix libxml configure script 8c7b6199f Optimization on the tolower function 076289236 Small fix on pull request #982 e38a468a2 Updated with suggestions from @zimmerle for code style b3ab9a408 Support for correct implimentation of REQUEST_URI dd35b4776 Removes initcol debug messages a225f8b5b Fix SecResponseBodyMimeType test case 6ebe6dfd8 Merge pull request #1038 from pwnbus/update_readme_shell_syntax ebf2c8855 Update readme to use shell syntax decf04d26 Adds support to SecResponseBodyMimeType c2d9a153c Adds support to afl fuzzer in the build system 7cebc632e Adds Python bindings to the main ModSecurity git repo 913e22a77 Adds initial support to initcol action fb3696ac0 Fix a few things to provide an easy interface for script bindings ac10d8863 Changes the operator evaluate method to only support two arguments 215c4d107 Fix ARGS_POST and ARGS_GET variables order on the parser 2a950a435 Fix various minor bugs in the regression test suite 42ce0475b Coding style: changes the namespace in the comments 0694cd30c Adds support to libxml2 detection on the build system 80b82d370 Adds the Global LDADD option and fed according to the platform 467c977af Fix compilation without the GeoIP headers installed on the system 854ca4c1c Removes libinjection sources from the main project and add it as subfolder ea636e80e Clarifies conditional by placing its parts into parentheses b5a43871e Changes library namespace from ModSecurity to modsecurity a69e49a1b Makes DebugLogs optional by compilation flag fbf8ea74f Makes YAJL dependency to be optional cf4377df7 Makes libCurl optional during configure d8793e444 Prints rules language tests version on the configure summary 43c9b9216 Adds information about libInjection version at configure summary 45711b522 Update issue-960.json with 3rd test. d8361d57c Adds a regression test for issue #960 8c0e96f31 Prints a fancy summary after the configure script 18c862a84 Adds the concept of `resources' to the regression test utility 09a958544 Makes @geoLookup optional depending on the availability of libGeoIP 21cae53d4 Improves the libgeoip detection during configure 283c8c818 Fix some static analysis warnings ac61d1c40 Adds missing file de7984828 Code cosmetics 3c45a5713 Fix regression tests structure : using method instead of protocol c035e76ed Avoid segfault if parser `ref' is empty f65b08b06 Fix parser to accept redirect action without single quote 7a300eb94 Fix pcre cflags variable and adds LDFLAGS for dependencies 47233adf3 Revert "Adds experimental operator cache" 4dcefa104 Adds more plausible names for libgeoip ca33ba420 Temporary adds the missing optimization.cc 9e295dedc Adds rules optimization test app 326696976 Adds experimental operator cache c204f1f00 test: Increases the cache size of the urldecode transformation bb30d42b5 Speed up the random number generation 45638ccc9 Limit the amount of transformations inside the cache storage 5bef19aa4 Variables resolution results now stored into a std::vector instead of std::list 2ee5d4ca8 Testing performance enhancements by enabling transformations cache e641c3cc1 Huge improve in the variables resolution time 4a771f8c2 Fix pkginclude_HEADERS 48704c27a Removes some memory leaks 061ba0131 Refactoring: Create class Collection to hold collection properties b6ae0585c Refactoring: Place m_variables inside Collections 787be9812 Refactoring: Pass all the control over the variables to the Variables class 6f617e6ca Refactoring: Move Variables and Variable to independent files 776502e02 Refactoring: changes ModSecurityStringVar to transaction::Variable 7afc07914 Cosmetics: Fix static analysis warnings 11a1045f4 Adds support to capture this fingerprint of the detectSQLi operator 93031d93d Cosmetics: Fix coding style issues ffb973700 Replaces libpcrecpp by libpcre 2a062b7fe Not using pcrecpp on verifycc anymore 4168ebc2b Adds support to EscapeSeqDecode transformation 1716add77 Adds support to replaceNulls transformation 993247870 Adds support to hexDecode transformation 93c3bc804 Adds hexEncode transformation 0ae09201f Adds support to replaceComments transformation 7e826633f Adds support to the transformation normalisePath and normalisePathWin 7ab75ac01 Adds support to length transformation 8d78952e1 Fix jsDecode transformation 333174417 Fix cssDecode transformation 743fb651d Adds partially support to t:sha1 transformation 91d29d284 Adds support to urlEncode transformation e3e8bac13 Adds support to URL decode transformation 0227fe9d6 Adds support to t:compressWhitespace 3d2ec2a3f Fix unit test utility to get it working with t:removeNulls 17faef565 Adds support for trim, left and right trim 59af8ab84 Cosmetics: fixed the coding style 90c74beca Fix the init method signature in some operators 4a5e6b3e5 Fixed bad test cases e7803ebd0 Fix bug on regexp matched results 3fff34300 Adds missing variables 827b15f5c Marks redirect action as disruptive c1e3eac09 Fix variable exclusion regression test (label only) e65f0db13 Fix on the variable parser 95a707964 Warn about parser error during the regression test c800214e6 Fix pcre_exec matched string 0285c944f Fix collections resolution b0089cfde Adds MODSEC_NO_LOGS option to be part of the configure 74045beab Performance improvement while expanding macros 335133855 Performance improvement of setVar action e57ee8908 Searches for included configuration using the resource policy e54ef7205 Looks for external resources in the same path of the rule 5cc9e9450 Splits operator into OPERATOR and FREE_TEXT on sec lang grammar df819dc43 Removes SPACE token form the GRAMMAR 54c51e251 Fix parser shift/reduce problem on state 133 03eabd9c1 Fix shift/reduce conflict in the sec lang grammar. 941b9e75c Adds support to rules with actions without quotes 0087a602f Fix phases execution 8255ce86c Adds reference to filename and line number to lexer errors 900af2cd4 Adds possibility to use include with wildcards and env vars cb9524ffd Adds support to collection in the parser d084ab5f2 Fix the "line counting" on parser errors 70e2a4b37 Adds support to include path between quotes b49709101 Cosmetics: Fix coding style f6e0b447b Merge branch 'libmodsecurity' of https://github.com/SpiderLabs/ModSecurity into libmodsecurity 1cf1e313c Added some comments about msc_set_log_cb d044c7aae Removed some extra comments 2c39f83b5 Fix the regression test regexp validation f93c0de94 Disable NO_LOGS by default 076a02951 Huge performance improvement: passing variables as pointers avoiding copies 2451bf05d Using pcre (with JIT) instead of pcrecpp ed86c24df Adds checks for the NO_LOGS definition and improved the vars resolution time 3e067e740 Core is now ready to deal with SecRulesEngine set to Off 11e1a67d5 Fix disruptive action flow while RuleEngine is in DetectionOnly 490ad23e4 Uses macro expansion before apply redirect action 90df21bbb Removes the \' from setvar before name the collections d0c215d78 Adds support for the server log integration 5228b685b Fix disruptive actions execution 081fe235a Cosmetic: fix variable-REQUEST_BODY.json format 6782fd098 Cosmetic: Makes the parser error more verbose on the regression tests 5b18db779 Makes multipart debug messages goes over modsec debug log not stdout a52a3a71e Fix some regression tests to fit the most recent changes 639ccf7dd Fix the rule execution debug log, so that tests won't complain 7f747d1dd Fix multipart parser in crlf blobs c8f91ca85 Adds expected results when a regression test failed due to unexpected debug logs e88d2120f Including space in the list of readable characters for debuglog 7a468a8fb Cosmetic: Prints regression test results in a better shape 9d60dc6df Adds macro expansion for all operators 320bcde89 Adds rule number to the debug logs and printing expaded variables 4bf7f7a44 Adds 'expandKeepOriginal' method to macro expansion class c425b24ff Extends redirect action to support url without quotes 530b15831 Adds scripts to call the tests using valgrind b1e845211 Limits the variable size into the debuglogs and print it in hex if needed 8772daec4 Adds functions limitTo and toHexIfNeed into utils.cc 97214edf6 Fix multipart parser on binary content 23d843259 Fix rule.h include on modsecurity.cc and seclang-parser.yy a0a2d2c77 Adds support to read request body from a file 140a62a2b Changes rule_id to long in order to have it visible by systemtap 2a8f45b89 Adds transformations removeComments and replaceComments to the seclang parsers 3c5386991 Adds transformation normalisePath to seclang parser 92563da93 Adds t:utf8toUnicode and variable XML to the seclang parser 736183b7f Adds ctl:forceRequestBodyVariable to the seclang parser 4095ae7b5 Adds action accuracy to the parser 1079b5ba5 Adds action maturity to the parser 09651baf9 Adds action ver to the seclang parser 254b29265 Adds action expirevar to the parser and fix the line counting ee8b88637 Adds parser support to ctl:[auditEngine|ruleEngine] ec6a5a0cd Adds support to t:sha1 and t:hexEncode at seclang parser d1fa2cfa7 Parser: Fix redirect action and adds SecRule first line-only comment syle 5c3a4b608 Adds support to SecMarker and skipAfter b048794f4 Adds support to unconditional rules 4e8bb276b Fixing compilation problem on newer versions of gcc (Fedora 22+) 010c18f63 Adds support to SecDefaultAction configuration directive f2ed890ea Now accept SecRules regardless of the letter case 8675383c0 Updated build instructions for Fedora 9a0c9d493 Updated build instructions for Fedora 84eba7ad1 Updated build instructions for Fedora 9cd9f7f11 Updated readme to reflect required Fedora packages d963e2dc2 Updated readme to reflect required Fedora packages 3cd54e753 Updated readme to reflect required Fedora packages 7afd93196 Adds contains to the list of operators compatibles with the capture action 3de845fac Fix macro expansion string replacement 45d81e1c0 Adds sanity check to the rule id action 6ab88472b Adds a simple regression test for the operator @rx a63aa50f1 Changes the default operator to be @rx not @pm ea4cd5322 Accepts phases with its name instead of a number 035040cd1 Adds sanity check to confirm that the rule has an ID and it is not duplicated aae8036c0 Cosmetics: Fix debug log message 5d24b237b Fix default parts to be logged on audit logs fa4f72d90 Adds support to ctl:auditLogParts variation e89e395a3 Fix various minor issues on the auditlog schema 24b7d7266 DebugLogs are now being redirected to the correct files 01542e28c Allows blank line (or line with space) at the end of a rules file e76af0eab Correctly handling nginx configuration merge 004ef066e Fix rules chain and action execution f2da6bb81 Fix the ruturn value while loading the rules c586ba017 Removes an unused state from the seclang parser 15893e312 Fix regression test and example: checking if rules are loaded ok e94226f1d Fix some build issues fd8578351 Fix segmentation fault in the regression tests a16850271 Adds missing file 1065e297b Fix several minor issues on the seclang grammar e78d7f5b9 Makes the parser understand some missing configuration directives a453a656c Fix continuation line and VARIABLENOCOLON 0b225f023 Parser: adds support to SecRequestBodyInMemoryLimit 2d56aa521 Cosmetics: fix actions on yy file a230a4ff3 parser: Adds support for continuation lines ef9961540 parser: Understanding @pm if no operator is provided 101fddfc9 Extends DICT_ELEMENT to support "-" d5bf95502 Using DetectionOnly instead of DetectOnly b7fb65fe6 seclanguage: ignore lines starting with "#" cff74e7ce Fix ValidateUrlEncoding corner case 1de6d07df Adds support to the @detectSQLi operator 4baee88eb Adds support to the @detectXSS operator f0535ae11 Adds libinjection repo as submodule ad65a1abe Adds @noMatch operator 73c6c8cf7 build: searching for pcre/geoip on /opt/local directory d5fe21ce3 Code cosmetics: reduce the amount of cppcheck warnings 21400ba45 Adds support to the @verifyCC operator 1b0a91833 Adds support to the @validateUrlEncoding operator b325834f1 Disables c++11 mutex, until we have a better approach ac2f0bfd0 Cosmetic: avoiding warning by including full path instead of file.h 2ff0a44df Eliminates the sec language grammar shift-reduce problem a324ff931 Fix validate byte range table initizliation 187be64ed Fix operator instantiation/selection 9a7506f9e Adds support to the beginsWith operator 209a3db47 Adds support to the @endsWith operator 577736abb Code cosmetics: Fix the coding style. fb161a69a Removes some warnings by adding missing returns c5a435534 Fix geolookup operator instantiation 64cbb1533 Adds support to the @containsWord operator 2f81b62d1 Adds missing return to ValidateByteRange::init b883888c0 Adds support to the operator @within 218eab641 Fix libgeoip lookup during the build 52c419df6 Updates secrules-language-tests version f231df16a Adds support to the ValidateUtf8Encoding operator 9096055ea Reduces bison dependency to 3.0 70c2621af Adds support to the strmatch operator f62e17c67 Adds support to the @eq operator 2f1bcf6cb Ignores the parameters order on the test case 9231f507b Fill PATH_INFO with decoded value 9431678f8 Adds missing return true on RequestBodyProcessor::Multipart 7c406529e Prints "failed!" for failed test cases 317c71e81 Using raw uri value to feed QUERY_STRING variable 70b25668b Checks if assay is set before calling the log method 0a91f2aa4 Changes the rule in the example folder to something really simple ce0d81c0d Adds sanity check for inputs 5cc38abfe Updates the reference for secrules-language-tests c06179f18 Adds support for Log and Rev actions ad9393a8c Adds support for the tag action f519717bd Adds support to the msg action 5fdb5b7d2 Adds support to macro expansion in setvar action e12d95b10 Adds support to the TX collection and setvar action a9e0fbb41 Adds variable variations test cases 88c53575b Adds support to & (count) and ! (exclusion) as variables variations 4308ee028 Adds t:none transformation 522f195aa Adds support to urlDecodeUni transformation 6dad6af4a Adds RemoveNulls trasnformation 62d004cf0 Adds support to the transformation normalisePathWin 1353403c9 Adds support to the HtmlEntityDecode transformation ce298165d Adds support to the cssDecode transformation 1924b4ebc Adds lowercase transformation 391002c66 Adds support for jsDecode transformation 4f47651a6 Adds variable TX and action "capture". be4a0cb41 Adds REQUEST_COOKIES and REQUEST_COOKIES_NAMES variables 0720fd479 Adds operator @pmFromFile and @pmF 57ceef1fe Update test cases submodule d4dd9c86d Accepts Suricata format on @pm operator 95efb99a8 Adds support to the @pm operator 774d89735 Adds support to the operator @ipMatchFromFile and @ipMatchF 6cd4c0492 Adds support to the Rx operator 3a4cef6fb cosmetic: Fix ValidateByteRange coding style. 8575c1078 unit-test: Fix the geoip debug code 17f88f582 Using libpcre instead of c++11 regex 2f4d4691c Disables @containsWord operator to enable the libpcre migration a4cf218a3 Removes chrono references to make it compile with gcc 4.8.x 933ade596 Cosmetics: 1st paragraph of README file is now with lines smaller than 80 chars 7ff38e901 Temporarily disable Geo Lookup logs to avoid crash on unit tests f811ec651 Adds support to @ipMatch operator bf0169b52 unit-tests: Releases operator after use a05fa8287 Adds support to the validateByteRange operator c2d33823f Adds method init to Operator class 7b4554216 Adds support to the operator le 606f03be4 Adds support to the operator gt 235bf9c01 Adds support to the operator gt 170cb60c8 Adds support to the @streq operator 35901c1eb Adds support to the operator ge 4462fd84e Adds support to negative on the contains operator f41f9e1f0 Adds "negation" property to the operators signature 2f3a8f088 Updated wording and grammer in README 6beca48c5 Fix C api signatures e016b72a8 Handles better the memory utilization 0e7c13e3c Adds more regression tests to SecRemoteRules 7ba5c76c7 Returns elegant errors if rules load operation failed b8f7fb441 Adds support to SecRemoteRules and Include directives ec9a97324 Fix actions: returning string copy after evaluation b2bbe24e2 Process the request body even if there is nothing to be done 76b34af35 Adds support to load remote rules 70bc15cb7 Adds support to quoted ID action 64543e3aa Using A-Z instead of A-z while parsing with ?i: to avoid warnings b5ca607e7 Places class Driver under the Parser namespace 9c2158958 parser: Loads content straight from buffer. d3eb0fd91 Driver class is extending the Rules class instead of duplicate elements dc0b13ad7 Cosmetic: fix copyright header 16bb253d0 Adds all variables to the 'Variables' name space 261ee9f11 Adds support to BodyLimitAction and support for parser errors 30b2624ec Adds support to parser error 5b3fd479f regression: better format errors, making easy to read the output 3f883df76 regression: Sorts test cases by file, making easy to read 3f8fa64c9 regression: Allows to specify a single file or directory a4af4f32c Fix transformations regression test 667586c42 Adds UNIQUE_ID variable d20a47fb0 Adds support to the variables: REMOTE_HOST, SERVER_{ADDR,PORT} ae81bb143 Adds support to the variables: RESPONSE{BODY,CONTENT_LENGTH,CONTENT_TYPE} ec34f676c Adds support to variables: REQUEST_{METHOD,PROTOCOL,URI,URI_RAW} bc925e01e Adds support to the REQUEST_LINE variable cb722c74b Adds support to REQUEST_HEADERS{_NAMES} and RESPONSE_HEADERS{_NAMES} vars 97c0d561f Adds suppor to the REQUEST_FILENAME variable 94eddfcf4 Adds support to the REQUEST_BODY_LENGTH variable b6221c981 Adds support to REQUEST_BODY and REQUEST_BASENAME variables 6f7d3fa67 Adds support to the TIME* variables ad442fb20 Fix transformation regression test dbbb2c526 Adds support to REMOTE_PORT variable e8476771e Adds support to REMOTE_HOST variable cc576533b Adds regression test to the REMOTE_HOST variable f05632acb Adds regression test for the REMOTE_ADDR variable 6af9e8e42 Fix QUERY_STRING variable 7f76bb6df Adds PATH_INFO variable 62fece782 Adds support to SecResponseBodyLimit directive and OUTBOUND_DATA_ERROR var 8e59b1822 Adds support to variable MULTIPART_UNMATCHED_BOUNDARY a9147b76a Adds support to the MULTIPART_STRICT_ERROR variable 09beb1a5c Adds support to MULTIPART_NAME variable 954e275b3 Adds support to MULTIPART_FILENAME variable abec93263 Adds support to MULTIPART_CRLF_LF_LINES variable 21f4c49a0 Adds support to MATCHED_VAR_NAME variable b089c44c1 Adds support to MATCHED_VARS_NAMES variable 09867791c Adds support to MATCHED_VARS variable 9d6950196 Adds support to MATCHED_VAR variable 4f20f5bf7 Adds initial support to chained rules 9c066e319 Adds support to the INBOUND_DATA_ERROR variable and SecRequestBodyLimit direc. 95c2fed89 Adds support to severity action and HIGHEST_SEVERITY variable e189055ec Adds support to GeoIP operator and variables. 41bf1490b Adds MODSEC_BUILD variable 6e46c5c7f Adds support to FULL_REQUEST_LENGTH variable e516ded1e Adds FULL_REQUEST variable a264fc11c Adds support to the FILES_TMP_CONTENT variable b6cccc798 Adds support to the FILES_SIZES variable ebb16d043 Adds support to FILES_COMBINED_SIZE variable e1cff89b4 Adds support to FILES_NAMES variable fe6a9913c Adds test case for FILES variable 5d5e10bfd Adds support for basic Multipart process d0b7a9966 Adds support to the ENV variable 27252bc80 Adds support to the variable DURATION 33dff0f1b Refactoring on the variables resoluvtion method 8c408ebcd Adds support to AUTH_TYPE variable d86427f1d Minor fix on the auditlog regression tests f0624bb08 Adds support to ARGS_GET_NAMES variable e7ec09623 Adds support to ARGS_POST_NAMES variable bc0553e72 Adds support to the variable ARGS_NAMES 92c132b64 Adds support to the ARGS_GET variable 492526cfc Minor fix on the actions test case 85f065363 Adds support to the variable ARGS_POST 228a5ce7c Adds support to ARGS_COMBINED_SIZE variable 76b769cc8 Decodes the url content before assing values to varibles b2954ff22 Fills ARGS variable even on POST 9f869a6aa Adds test case for the variable ARGS 80f13437e Refactoring on the variable read/store methods f13a1bd88 Adds support the Parallel audit log index creation 96a777a5c Adds initial serial audit logging support 001d5ebf7 Properly deal with classes destructors 0c98bdc80 Adds support to SecAuditLogParts 5e33a1a3c Opens auditlog files and directories with the correct mode c9620ac50 Writes audit log in parallel mode 693238b23 Process the log phase independent of disruptive actions 5e80e001e Adds Components information to the audit logs 1ddb36a78 Adds SecComponentSignature configuration directive 4aa521df6 Adds SecRuleEngine state information to the audit logs 75a9cfa27 Uses an enumeration to determine the state of the SecRuleEngine cb8d6249a Adds connector information to the audit logs 2138dd136 Adds method setConnectorInformation to ModSecurity class e42e7545d Adds ModSecurity version information to the audit logs 8dab5ac30 Adds whoAmI method to ModSecurity class aa8dc9115 Adds first version of Assay's materialization in a JSON format 610b10bcd Adds ascTime function to utils 888b9622c Adds random id to each assay 311279402 Adds a time stamp to assay class 278b51393 Adds protocol and http version to processUri method's signature 210991084 Adds support to the server ID generation aadbacf85 Adds basic regression test for AuditLog functionalities fd8f26f76 Adds all auditlog related directives to the configuration parser fc622c27d Checks if an assay is relevant to be saved as an auditlog 0beae17b4 Adds 'http_returned_code' property to Assay class 885fe14f3 Adds AuditLogWriter{Serial,Parallel} classes e44d6e280 Adds actions 'auditlog' and 'noauditlog' 71eb27bbe Adds a new constructor to Action it now receives kind as parameter 616a2ae6d Adds AuditLog class 7ea9ff883 Code cosmetic: Having the code following our coding style 73154b51a Adds processLogging phase to regression tests 64a34584c Build system fixes 344aa901b Updates README.md: highlight that the project still under development f262b404c Fixed issue #905 that dealt with compilation on c++ 5.x > b9507e396 Decreases the bison requirement from 3.0.4 to 3.0.2 721f95115 Adds transformation functions stub 95cb4c56a Very first commit: libmodsecurity 33cbe0452 Opens space for libmodsecurity 4a49d5b8d Adds information about the issue #871 on the CHANGES file d9bebfb87 Compiles against ssdeep in non-standard location 25666005e Modifies the CHANGES file to cite issue #609 1ed95ad93 Fix invalid storage reference by apr_psprintf() when creating a string from salt[]. salt[] is not '\0'-terminated, so apr_psprintf() needs to be told the extent of the bytes to read. a9a39255b Version 2.9.0 b304ab1aa Improves SecRemoteRules messages on IIS f7c7a30db Uses our own version of ap_find_command 462308be7 Improves the accuracy of version identification on status calls a235b536a Fix apr_crypto.h include in modsecurity.h and msc_remote_rules.c 2e09b8e54 Fixed comment incorrect comment de74b131c Version 2.9.0-RC2 b1e4954a8 Closes a file handle that was left opened on fuzzy hash f6d6cea01 IIS: Creates IIS_VERSION definition 6c0cdab35 IIS: Changes Curl version and removes OpenSSL dependency 0d2d01ba2 Disables mlogc compilation with Curl was not found 069122194 Reducing the amount of compilation warnings fa77c9358 Fix typo on fuzzy hash match message dc81e4f85 Informs problems and successfully loaded external resources during reload fe22446bd Adds missing 'ModSecurity:' prefix to log messages ce4cf24f6 Refactoring external resources download warn messages d4a055e78 Checks HTTP code after performing a resource download 87a401af0 Fix remote resources download while hosting SSL site on Apache 23823bb2c Makes Curl no longer a mandatory depedency for ModSecurity core 94fd570e3 Fix parser segfault on parser while parsing downloaded content 23f6f6e6e Version 2.9.0-RC1 b019f6056 fix typo 277f2e1e6 iis: adds openssl to the build scripts 9fe72b72d Improves the CA validation b02256cf1 IIS: temporary removes ssdeep support on IIS 85c7ba0c7 IIS: Adds ssdeep/libfuzzy to msi installer 858d480ec iis: Copy yajl.dll into release files folder 9f005c3de mlgoc: Adds option to enable or disable the SSL checks 73d7955ac Fix the compatible IIS versions eb61e891a Build: New alternative to identify the presence of libfuzzy 723336f1f Adds regression test for FILE_TMP_CONTENT 86787f2af Adds SecRemoteRules regression tests. b5398abaf Forces downloads using https-only for resources or rules 59fc24350 Adds the `crypto' option to SecRemoteRules directive c54bb746c Adds SecRemoteRules as an build option 38b992470 Adds the SecRemoteRulesFailAction directive 9b836b652 Initial support to load rules from a remote server 899ee0c36 Adds support to load remote resources to pmFromFile and ipMatchFromFile 81bde0842 Adds curl support to main core f45c6fe87 Build: fix the build script that looks for yajl 288fedfd2 Adds real_server_signature symbol to msc_test 59a1746be Using real server signature on status call 8305600d5 Trims long `apache version' in the status call cee205b10 Adds Status test case with the SecServerSignature being used 2615a5dfc mlogc: Checks if curl supports CURL_SSLVERSION_TLSv1_2 before use it 54bf71f8b mlogc: Changes the default SSL algo to TLS 1.2 d554b94d1 Include apr-util's LDFLAGS 66bb840a5 Adds doxygen configuration files f2b45bfaf Automake: Using ../ instead of $(top_srcdir) 11ede79bc Adds automake subdir-objects option c64a681c6 Temporarily disable a test that is leading nginx buildbot to fail. de1c028d1 Declares msre_var *rvar at the beggining of the function a45fe95ed FuzzyHash: if disable giving an run time error instead of config fa0c97ea7 Adds regression test to cover the @fuzzeHash operator 7affec82a iis: Adds ssdeep support 96865a92d Adds fuzzyHash operator 873c628b1 Adds ssdeep support in our build system accb1820e Adds collection FILES_TMP_CONTENT 87df4827d Print YAJL version on startup. Closing issue: #703 79639b5e4 Accepts random port on FULL_REQUEST regression test 6b5e9b127 Merge branch '0xbin-master' ed52c5462 typo rectify 046b55373 Fix ipMatch entry on ErrorLog and DebugLog 5d92e448a Fixes subnets representations using slash notation 731466cff Adds @ipMatch operator unit test. d4c2b96b8 IIS: Changes event ID (Issue #676) 0f7cbced8 IIS: Cosmetics: Removes CLFR. 1d3c8349f IIS: Adds a VS Custom build to speed up the dev process 3a7def63a IIS: Adds mlogc to ModSecurity solution 90c5a420d IIS: Cosmetics: Files are better grouped in VS c4a5a1e11 Version 2.8.0 50e4961dd Uses autotools to idenfiy if sys/utsname.h is present 33231378d Increases the package version on the configure.ac 480f6bac7 Merge pull request #692 from rcbarnett/master 62a76e1ed Update CHANGES ad5824c00 Fix type on the CHANGES file. 0826380ac Version 2.8.0 385a2828e Code cosmetics: Reduces the amounts of warning. 1e63e49db Uses %zu to print size_t instead of %d. 503e8f6c8 Updates the libinjection 66939d059 Adds initial support to @detectXSS 47f5cf92d Removes forced chartset efef989dd Renames Sec{Read|Write}StateLimits 48d85c7d6 Places connection filter engine in a separated configuration a15f8813e Honor the SecRuleEngine while filtering connections 0037a0732 Using RadixTree instead of list to storage IPs 80185e2a9 Bugfix: Missing ipv6 support check b9fdc4fe3 Adds support to suspicious and whitelist to Read and Write limits 8ff3de5b6 iis: Disables installer repair d6dd1f0e9 iis: Adding VC110 files to the Windows installer 28d4f9fce iis: Checks Win version before declare inet_pton bd0980f63 Reverts commit: a4202146b8d26b6615bbab986383fe0afae60d77 93b12df72 iis: Removes unnecessary files. fe727c702 iis: Updated OWASP crs to version 2.2.9 10db38431 iis: Adds cleanup methods to the installer f8f06f793 IIS: Updates build_msi.bat to fit the new WiX install options 4d7d1ba82 iis: Adds listing dependencies script 619758c0c iis: Adds condition to avoid the use of 32b msi on a 64b os 93a86f6f3 iis: Adds Visual C++ 12.0 Runtime to be part of the msi package ec61749a6 Changes JSON parser to not accept parcial contents 966e7e1ff Adds verification before access the strcmp c5c269080 Adds origin to the paramenters that cames from JSON 52bef20ce Adds unit test to the JSON parser a95f37196 Adds JSON support on ISS port 0787b4548 Adds support to JSON parser in the nginx module 09ced44ff Supports the yajl version 2 8d4c3e4f5 Makes the build system to look for yajl using a macro file e90874a69 Added sample JSON content-type rule c23097ce1 Added support for JSON body processor 410aca9d7 Optimization on the status engine call 20014c808 Adds modsecStatusEngineCall to standalone API d75e443b9 Adds regression test to SecStatusEngine a6d93441c Places StatusEngine to be Off by default e131e2222 Adds support to status engine on IIS version f86a71f7a Adds SecStatusEngine On/Off switch 0c6a661c6 First version of the status engine implementation d93ce9cee Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables 62f3d0289 Adds utf8toUnicode.t to our unit tests 5b0c933cf Fixes UTF8 to Unicode conversion bug in 4-byte encodings 7e459827e Log why writing to audit log failed 607dfd229 Fix segmentation fault if writing to audit log fails 5342f3616 iis: Uses code 400 instead of 44 in modsecurity.conf a0ed3dbbe Merge pull request #666 from derhansen/master dda91f168 Standalone: independently destroy the connection and request pools 27dd513ab Flip allocations that happen during initialization (typically) over to use non-global apr memory pools. 31d7fc6d3 Code cosmetics: Place copy_rules in nice shape. 62a6f228f Fixes for Parfait errors - mostly unhandled NULL pointer dereference and data type mismatch 5f996d45f Adds regression test to SecRequestBodyLimitAction 498b9b2e7 Don't reject a large request with ProcessPartial set ab9aede2e Update status code for rule 200002 063dd640e Adds internal error messages while parsing the configutarion da2ec008b Fixes a typo on the README.txt 1694a0cf3 Merge branch 'nginx_regression' f043ba33a Adds .a to the list of expected liblua extension 5d2e3d432 test: 10-misc-directives.t is not considering log anymore 8804b55cd test: Makes regression test mac friendly 8314791c9 test: nginx: Adds timeout while listening for a socket. 215042af2 test: nginx: Points the !# to envoriment. d26e63951 test: nginx: Speeds up regression test in nginx. fe14d9df4 nginx: Considering modsec state before apply any rules 9bf1f6a2b test: removes uncessary ifDefine at 10-tfn-cache.t 94097103c test: nginx: Adds missing environment variables. 6c106b1fd test: disabling: SecAuditLogType Concurrent 8e390899e test: nginx: Increses the timeout while reading the audit log. 3cf170179 test: Adds loading tests also to nginx. 795d6a64d nginx: Warn about not workable 'proxy' 7478faa5c test: Adds support to handle different content in log depending on the version 7ac515ee2 nginx: Adds proper support to SecServerSignature 2a4358939 nginx: Removes problematic performance improvement 21e25c50a test: nginx: Adds missing files 176396ddc tests: nginx: Allow POSTs in static files e20c80004 nginx: fix missing headers while SecResponseBodyAccess was On 445783d06 tests: Sleeps over 20 seconds if nginx failed to exit immediately fb4e1f1b6 tests: Adds random data to a post making it workable in nginx 450d621ca tests: adds test-regression-nginx to the makefile 96ad8267e tests: Marks the run-regression-tests-nginx.pl script as executable. 93c5b8c6a Merge branch 'regression' 0ad390d12 Tests: fixes tests/regression/rule/10-xml.t ba0818ca3 tests: cleans up the apache configuration file 6325ed8d4 Tests: fixes regression/misc/10-tfn-cache.t ddb4fceb6 Tests: fixes regression/rule/20-exceptions.t 0c99063aa Tests: fixes regression/rule/00-basics.t 7c9ebfeb2 Tests: fixes regression/action/10-logging.t 11287a6b9 test: fixes regression/misc/00-multipart-parser.t b0025c88f tests: fixes regression/config/10-request-directives.t e5560a6a4 tests: fixes regression/config/10-misc-directives.t 0ddd2b463 Add mod_extract_forwarded.c to run before mod_security2.c b788ce260 Clean the garbage character after the duplicated charset property 74ec78400 libinjection sync 227de9fb8 Reverts commit b1cbccdc6b18a0f3a4edda8a5dfa9f6621485e81 2f5af6af7 Merge tag 'refs/tags/v2.7.7' 87115e770 Adds a default config script to nginx 537b85edf Changes SecUnicodeMapFile in recommend configuration 90a44f688 Updates the changes file c473aabb4 Changes release version to 2.7.7 b1cbccdc6 Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases). 9543e136c Fix typo causing build issues 4a7d439de Merge branch 'release_2_7_6-rc2' 6d3606aad Updates CHANGES files. 1cde4d2dd Organizes all Makefile.am 351b9cc35 nginx: generates config file using configure input. da16d9e5d nginx: adds lua support 5046c8327 iis: Cosmetics fixies on sqli. ae252ee87 Regression tests: makes configuration compatible with 2.2 and 2.4 (try 2) 65d9272fd nginx: Trying apxs and apxs2 while compiling nginx module 35fd75d85 nginx: Trying apxs and apxs2 while compiling nginx module 751a9f4e4 macos: Using glibtoolize instead of libtoolize 6fc4cac37 regression-tests: makes configuration compatible with 2.2 and 2.4 e9813cd0d Regression test: get it working with apache 2.4 7366f35c1 Code cosmetics. 9bf2959c9 iis: Waiting for 5 seconds before move curl directory f70f6f428 Redefines unixd_set_global_mutex_perms on tests cef72855e test: Avoids conflict of fuctions definition cc982ae42 test: Makes the unit tests to work again ad330a44b iis: Avoids directory link while building 69c5ccac6 QA: Avoids the utilization of 3rd filedescriptor baaf50236 Supports WarningCountingShellCommand in cppcheck and vera 388943440 Adds verbose quality check b77e90152 Adds support for coding style and quality check 7b1537058 iis: Using base_rules instead of activated_rules 2ea5a74a7 iis: New improvements on the Wix installer 1a12648c9 iis: Removes the installer helper dependency 550d5aae2 iis: Remove readme.html a2c5fc831 iis: Adds batch script to compile Wix 3604763e1 iis: Adds Wix installer resources a4202146b iis: Fix inet_pton build problem b32cb7d9a iis: Adds Wix installer xml file.c 7e03e3f84 iis: build_modsecurity.bat fixies 947711890 iis: Adds release script 79875b1af iis: fixies the Installer.cpp coding style 91738f93b iis: Removes AppWizard remade file adfbeb85d iss: Removes pre-compiled headers 6adf25667 iis: Moves installer to InstallerHelper 8c3b8d81b iss: Removes fart dependencies 192599bf6 iss: Better err handling in build scripts. e25c6b2e8 iis: Moves build_module.bat to build_modsecurity.bat 9b7663fa7 iis: Fix mlogc build on windows 28bbde1bb iss: Removes Post-Build event. 368617ddb iis: Relative paths on the VS project file cf5de78df iis: Identifies arch before unzip apache 1447766e8 iis: Renamves winbuild to dependencies 9f8cbf6ed iis: Removes unnecessary files from winbuild dir b277e538f iis: Improves the iis build system a946a163f iis: Fixes the vcxproj file 26738d2e3 iis: Removes unecessary files from the build system 0a772cb07 iss: Changes httpd version 2.4.6 3e6fb41d3 iis: Changes the version of the dependencies e3c19d53d Removes standalone/Makefile.in 1734221d9 Fix #154, Uses addn instead of apr_table_setn 61e54f206 Merge pull request #579 from zimmerle/revert_139 7f7d00fa2 Revert "Merge pull request #139 from chaizhenhua/remotes/trunk" b0c397784 Merge pull request #578 from client9/remotes/trunk a5f175d79 libinjection sync 88ebf8a0b Merge pull request #152 from client9/remotes/trunk fcb6dc13e libinjection sync f52242a01 libinjection sync b76e26d81 Merge pull request #148 from zimmerle/bugfix_charset_missing_string_terminator ff19dcd5c Bugfix: missing string terminator while mounting the charset (nginx) 786773189 Merge pull request #147 from zimmerle/fix_nginx_build_config_top_of_trunk 57330da9a nginx: Makes the build script to check for deps 9a630eea2 Merge pull request #141 from client9/remotes/trunk 11217207e libinjection sync f8d441cd2 Fix Chunked string case sensitive issue - CVE-2013-5705 3901128f1 Revert "Fix Chuncked string case sensitive issue" 16a815a3c Fix Chuncked string case sensitive issue 10fd40fb0 Merge pull request #139 from chaizhenhua/remotes/trunk 414033aaf Merge pull request #138 from client9/remotes/trunk e0993fcd7 Fixed fd leackage after reload 2268626c2 libinjection sync 7e0a9ecf7 Fix logical disjunction and conjunction issues 876d4f5f9 Merge pull request #136 from SpiderLabs/remotes/trunk 2c2adc20f Fix IIS Makefile.win typo 370069a08 Update CHANGES 88a9282c6 standalone: fix mutex compilation error with apache 2.4 464ac1eca Fix crash when use SessionID as paramenter in SecHashKey e6f94eac4 Update CHANGES 50f9d0140 Merge pull request #130 from client9/remotes/trunk 8b6efc013 Fix make (rx regex) test cefddebe1 libinjection sync 3f080fa8c Merge pull request #128 from client9/remotes/trunk 15f3a3040 libinjection v3.3.0 sync 65e97684b libinjection v3.2.0 7ca8830a3 Update CHANGES 0fc4142a3 Change strncpy to memcpy f44a535c9 Merge pull request #125 from client9/remotes/trunk a6fd09b69 Fix null byte convertion into utf8toUnicode 229d4e4fe Merge pull request #124 from client9/remotes/trunk 9eca8b5ca v3.1.0 b1f61617b Merge pull request #122 from client9/remotes/trunk 83fdf34dd sync with 3.0.0 tag c07b9a536 libinjection v3.0.0pre21 take 2 4064e74cc Fixed: Libjection 3.0.0 compilation errors 9bf132334 Merge pull request #121 from client9/remotes/trunk bebb45f3b SecUnicodeMapFile now accepts the code page. SecUnicodeCodePage is deprecated 034bf1912 Fix double free 885eeecef Fix outbound size of salt variable b362ab0d9 Fix standalone makefile.am a79e81849 Merge pull request #116 from chaizhenhua/remotes/trunk 4ffdf9bf6 Nginx: Fixed segfaults on reload 9851769ea Fixed: increasing compatibility with older versions of install 5cf5ff043 Fixed: flush libxml2 output buffer df0b04825 Setting crypt outpur buffer as libxml2 output size 9517c3475 Fixed: URL normalization for SecHashEngine 1b3b38e6d Added: Release to 2.7.5 f955ba7e7 Added: severity action now supports strings 5ee4c1786 Fix libjection Makefile 867843c8a Merge pull request #113 from client9/remotes/trunk 69b109594 fix makefiles 4af03f208 Update to libinjection 3.0.0-pre8 760314a1c Fix make test dafd9aeeb Fix make test 0532d20e4 update to 3.0.0-pre2 f003243d9 Merge pull request #106 from client9/remotes/trunk 41111ba47 Merge pull request #110 from SpiderLabs/remotes/trunk 0e269f1b3 Update CHANGES ed24a6176 Merge pull request #108 from SpiderLabs/remotes/trunk 9835a32c3 Merge pull request #107 from gwroblew/remotes/trunk cf9493aaf Fixing build makefile for IIS version. 3a3fda25f libinjection 2.0.0 2cf6cd5af Merge pull request #103 from SpiderLabs/remotes/trunk b9a4322a3 Nginx: set to STABLE 82593f1f2 Merge pull request #99 from SpiderLabs/remotes/trunk 31df14919 Merge pull request #97 from SpiderLabs/remotes/trunk bad458627 Nginx: Try to fix eats 100% cpu in ngx_event_pipe_write_to_downstream issue 400a5f5f5 Nginx: Fix implicit declaration of base64 encode funtion 35b36b703 Nginx: Fix UNIQUE_ID 612637489 Merge pull request #96 from chaizhenhua/remotes/trunk ffbd350d9 Merge pull request #94 from SpiderLabs/remotes/trunk f31724e20 Merge pull request #93 from SpiderLabs/remotes/trunk 1f4757d17 Reverting Quality of Nginx. CPU issue is not fixed fed38c810 Fixed: return msgs at detectSQLi db964c422 Fixed: return msgs at detectSQLi 4bc068e58 Sync to 1.2.0, fix regression in small sqli detection 2585964b6 NGINX set to STABLE b2d76750c Update CHANGES cd31b39ce Removed SecDefineRemoteAddr and fixed Apache 2.4 mod_remoteip integration 06fc5e56c Merge pull request #85 from client9/remotes/trunk d30cf4153 Merge pull request #83 from client9/remotes/trunk ebcfe2c18 Update libinjection to version 1.1.0 1f271fdca Fixed: Rule 200003 returning default status 84d27cca1 Remove unwanted comment 6e038228c Update CHANGES security issues 29ed5c4dc Added: SDBM_DELETE_ERROR variable eb9538457 Fixed: SecPerfRuleTimes storing unwanted rules 86d939fbe MODSEC-362 6cd3a14db MODSEC-362 08471afaf Merge pull request #80 from client9/remotes/trunk 3ca159e7b sync with upstream, fix read-past-end errors 9f36e55ad Merge pull request #78 from client9/remotes/trunk c10551dcf sync with upstream: c89 support, win32 support, more detection, less false postives b6b284ea6 test 9aca58c3d Updated release version aa18ec7f4 Updated copyright dates 72d26e80e Fixed: libinjection for windows 835661964 Fixed: tests for detectSQLi 2c833f1c0 MODSEC-392 c5e460504 Added Libjection tests e97c12f8a Added Libjection 417d7daf2 Added Libjection f10669b34 Merge pull request #72 from chaizhenhua/remotes/trunk fd2c30fa2 Nginx: minor improve 9b13d245e Merge pull request #70 from chaizhenhua/remotes/trunk fdf0ba540 Nginx Improved: set filter_need_in_memory flag so that nginx transfer response in memory, we do not need read from file buffer. 1919c3a44 Merge pull request #67 from chaizhenhua/remotes/trunk 74278a8e9 Nginx Improved response body filter, issue #56 might be fixed 72a3389b6 Merge pull request #65 from chaizhenhua/remotes/trunk e553761ae Nginx Improved: if "SecResponseBodyAccess off" do not copy response body buffer 3da87da15 Fixed: typo 20947937f Merge pull request #61 from chaizhenhua/remotes/trunk ddd6bd2a7 Nginx Improved: modsec terminate handling c30bb6d6d Fixed: SDBM deadlock 3bd497946 Fixed: possible memory leak in rsub 0840b1361 Fixed: chuck null pointer when unknown CT is sent and over in-memory limit d8262fc6c Fixed: standalone Makefile.am c71ef0508 Merge pull request #57 from chaizhenhua/remotes/trunk 5ce1818a9 Nginx Fixed if "master_process off" is set nginx will crash at exit 36c2e1bcc Merge pull request #54 from chaizhenhua/regression-tests a951a83ee Nginx: Improved redirect action work for phases except log e9af8a3ab Added Nginx regression test 088c660d5 Improved build script 04cdca84e Merge pull request #52 from SpiderLabs/remotes/trunk d93be4804 Fixed: Regression tests with no ID present ca78eba85 Fixed: Regression tests with no ID present e8189d97b Merge pull request #50 from chaizhenhua/Bugfix 42e9a5ab2 Nginx: Fixed internal request finalized after rewrite with regex 86871ccab Fixed: Nginx crash in ngx_pool_context.c 9b1d6bfc0 Merge pull request #49 from chaizhenhua/Bugfix 6934acf0e Nginx: Fixed memory leakage a87b06f9f Nginx: Fixed config file a77e5dc0f Merge pull request #48 from gwroblew/remotes/trunk b7d3a084c Fixed config.c to compile on Unix. 22b8e6cfd Fixed: Nginx crash in ngx_pool_context.c 022d5db21 Fixed config and memory leakage a47a4ce4f Fixed two crashing bugs: race condition when module was initialized and failing config commands in libapr. 601d3ed63 Fixed config.c to compile on Unix. 5457ebe0d Nginx: fix makefile 2fcc08952 Nginx: fix makefile 5303c003b Update master to 2.7.3 3ff17fcd1 Update CHANGES f73635ab5 Merge pull request #45 from gwroblew/remotes/trunk bc235a855 Merge pull request #44 from chaizhenhua/SecDisableBackendCompression 177b5b9c9 Nginx: Added SecDisableBackendCompression support Nginx: Added internel redirected request processing 55850a9c8 Update CHANGES a5c149204 [MODSEC-386] Added error msg for update target by id function 43162f52c Fixed: Nginx return 500 when request body is off df383b9b8 Better error messages for sdbm code d4d80b38a Added SecXmlExternalEntity 4db1f51f3 Added MULTIPART_NAME and MULTIPART_FILENAME variables bc65c3e40 MODSEC-58 5fefb6a2c MODSEC-58 2472dcb54 Change release version 25c4146eb Merge pull request #39 from gwroblew/remotes/trunk 1ead2f631 Removing OWASP CRS copy. c1ba71ab1 Fixed files overwriting in installer; added OWASP CRS. 9725e71f0 ModSecurity: improving duplicate ID search 8816254cc ModSecurity: fixed compiling with lua 5.2 f9b113b86 Nginx: fixed compiling with lua 4a8e536b0 Nginx: fixed SecRequestBodyAccess 154e80750 Nginx: fixed crash in pcre 34d5289e7 Merge pull request #36 from chaizhenhua/remotes/trunk 1a89b6b8a Fixed deny not work in response phase, Fixed debug log message 65d889664 Fixed Action Deny not Work ed1d3d927 Fixed Action Drop not work eabc39ad8 Added SecCookieV0Separator b3418be75 Merge pull request #35 from chaizhenhua/remotes/trunk ae0bee062 Merge pull request #34 from chaizhenhua/remotes/trunk 972d9e2ab Added Response Phase for Nginx 48bd09939 dos2unix standalone/api.c df7cafe85 Merge pull request #33 from gwroblew/remotes/trunk 635a57389 New IIS installer project files. 406d48200 Fix issue in ipmatchf 067e7d197 Fix issue in ipmatchf ff335fddc Update CHANGES 8148a8071 Update CHANGES 49c505156 Merging 2.7.2 into master adb38adc7 IIS version as stable e15bbac21 Merge pull request #31 from gwroblew/remotes/trunk c53e743c8 IIS version improvements 54245c924 Merge pull request #27 from chaizhenhua/read_client_request_body 0566d652c Fixed hang up when post multiple request 22b8293fd Fixed content length error 275cb28a0 Added 'ngx_modsecurity_write_body_cb' so that NGINX can deal with STREAM_INPUT_BODY 604643c4b change CRLF to LF d5a6df167 promote modsecurity_handler from CONTENT_PHASE to PREACCESS_PHASE, so that we can process and pass request to backend without internal redirect. fc7b3ef22 Fixed valgrind complain 213cd1e84 Fixed: detect comma plus white space as a cookie separator - change variable names 80146b2c7 Fixed: detect comma plus white space as a cookie separator 86e045572 Fixed compile error 48030ca05 Merge pull request #22 from chaizhenhua/read_client_request_body 82d44071d Fixed 'request body is larger ...' error 231921ce2 Revert "Fixed request body is larger" ee47cccb6 Fixed request body is larger 3f6c14de5 Fixed msc_test crash using pcre jit in some platforms f6bf1a2b9 Fixed compat issue with automake >= 1.12 973bfae33 Fixed compat lua_load() with lua 5.2.x 21b877048 Added dirs to build nginx on Fedora 344ec7dfa Added cleanup handler for finalize request 5f97bec8d read client body in a better manner 77ccd0b7b Fixed: ngx_http_read_client_request_body returned unexpected buffer type cc6e8532f Merge pull request #18 from chaizhenhua/remotes/trunk 6815d1769 Added drop action for nginx f920303e8 Fixed change from double to single quotes in find_pcre.m4 7ed0c305f Fixed MODSEC-364 18e0c45e3 Fixed MODSEC-360 adca6e4b2 Merge pull request #13 from hideaki/cpf_verify_fix c98da92cf fixed bugs in cpf_verify fc45a3fe3 Fixed compilation issue under Windows when APR ipv6 is disabled bd3cb0c72 MODSEC-359 4564c6548 MODSEC-359 5c6bdb90f change msc_release.h to 2.7.2 c4e9dbaed added APR_HAVE_ARPA_INET_H pre-compile macro ac4815f49 modsecurity_config.h was empty breaking SecUploadModeFile directive 2f7a1ac0e Merge pull request #12 from gwroblew/remotes/trunk 0e2b07b00 Fixed \ handling in Include command on Windows. a4c75689f remotestrunk 0265607df Merge pull request #11 from gwroblew/remotes/trunk bfdb28e2a Fix for broken logging of IP client address in some cases. 42aa05408 remotestrunk c2c491861 fix for issues in ssn_verify such as infinite loop. 91e5f85cc fix for issues in ssn_verify such as infinite loop. bd3d07024 Merge pull request #10 from hideaki/verifyssn_infinite_loop 7beb244df fix for issues in ssn_verify such as infinite loop. 00b22f0c5 Fixed NGINX compilation issues d7280c61f Fixed NGINX compilation issues 8560642b9 Update CHANGES 19d71f794 Update CHANGES 179b53661 Fixed crash with invalid commands and marked IIS server as non-virtua… … d1c002d6c handle invalid escape sequence passed to strmatch operator dc8d464e9 Merge pull request #9 from gwroblew/remotes/trunk b31f83b29 Merge pull request #8 from hideaki/strmatch_coredump 74b8daaad Fixed crash with invalid commands and marked IIS server as non-virtual, so many commands would work (like SecDataDir). 9e6dddff8 handle invalid escape sequence passed to strmatch operator 2b1c1ad74 Merge pull request #7 from gwroblew/remotes/trunk f14eaeb3d Fixed build on Apache 2.4. ee1112530 Merge pull request #6 from gwroblew/remotes/trunk 2336cf929 Minor changes to IIS module. b353bd60a Fixed build on Apache 2.4. 267bfe6ca Minor changes to IIS module 408f37015 Fixed byte conversion issue during logging under zlinux ce3cf00a2 Fixed byte conversion issue during logging under zlinux f22bca10f Fix error_message type 6d9327f4a Fix error_message type a01b85b89 Update CHANGES and doc/ 9027fbbfd Update CHANGES and doc/ 428cbcb6b Change names of HMAC feature to HASH eb41bd44f Change names of HMAC feature to HASH 451041cd8 Change names of HMAC feature to HASH 208d9d3a9 Change names of HMAC feature to HASH 5f98d8008 Change names of HMAC feature to HASH 0757a9f87 Added -R option to libtool with pcre lib path a528e1c92 Added -R option to libtool with pcre lib path 53d422e9d Change names of HMAC feature to HASH 3bca8d41f Change names of HMAC feature to HASH af22ddf87 Merge pull request #3 from bnordgren/install f23dbcba7 Merge pull request #2 from alanjumpi/remotes/trunk 606cd72f9 Fixed small bug in install phase, where mod_security2.so ignores $DESTDIR 18c42d513 TODO updated 76fc19401 Merging with master 3ef77de11 Merging to release 2.7.1 f4fe08f7e Update CHANGES 18429396a Fixed bug when used ctl:ruleRemoveByTag b58598988 Update CRS info into README.txt 05e3a1798 Update CRS info into README.txt 95211c820 Update CHANGES c0c722ccb Update CHANGES 52a535cca Update CHANGES 9fe676406 Update CHANGES afea6dbe6 Fixed drop action was disabled by mistake for apache2 a3a39a21d Update CHANGES 14eff8470 Update CHANGES d4bd47893 Update CHANGES 3ab2289ec Fixed drop action was disabled by mistake for apache2 4346e54a1 Update CHANGES 9f4bd2188 Update CHANGES 2403a1a54 Fix some strange breakline situation in apache24 612d9e473 Fix some strange breakline situation in apache24 b64185024 Update msc_release.h ed74a60bf Update msc_release.h df58972ab Update documentation bfab0397f Update documentation a27e3a901 Removed prng() function and added apr_generate_random_bytes 6bc9ae2c4 Removed prng() function and added apr_generate_random_bytes 8aa17b546 Removed prng() function and added apr_generate_random_bytes 6f13bd11f Removed prng() function and added apr_generate_random_bytes ee31c5ba9 Fix LibXml2.9.0 issue d3164f8db Fix LibXml2.9.0 issue a9266d4ca Updated getkey function 75a5e1d3f Updated getkey function 75a7cfb1b Update msc_release.h 190afbfc3 Update msc_release.h 79423f9cf Minor fix, two functions name change. 72b079139 Minor fix, two functions name change. 7dea71bd7 Update Reference Manual 53cdabdf8 Update Reference Manual 87c47a882 Fix rule 200002 6e107a8b1 Fix rule 200002 30526c6e4 Update CHANGES and msc_release.h 8fd1c0f76 Update CHANGES and msc_release.h ef3fa0b1f Added MULTIPART_INVALID_PART flag 6335e5426 Added MULTIPART_INVALID_PART flag af537253d Merging rev 2079 with the branch 2.7.x 6900616fa Standalone: added Include command IIS: added locking, response processing check, fixed file chunk reading bugs d7b9ad862 Update Reference Manual and CHANGES f00cb1a4e Update Reference Manual and CHANGES 513dba260 MODSEC-337 060cf0ab3 MODSEC-337 80abe0fdf MODSEC-226 0e85d9f75 MODSEC-226 7de3f1e50 MODSEC-297 735510071 MODSEC-297 e6afef5c1 MODSEC-297 5c5107a86 MODSEC-297 88513bd28 MODSEC-336 2d519ff85 MODSEC-336 10e2eec5b MODSEC-336 0d2307192 MODSEC-336 9661ac4de MODSEC-261 dc8352852 MODSEC-261 724060a29 Reverted SecCookiev0Separator 919e3f5e2 Reverted SecCookiev0Separator 4c7ab5974 MODSEC-261 aee22ea46 MODSEC-261 73e87c035 module bugfixes (kyprizel) 031080c72 Added unicode mapping directives to recommended file 0499f1444 Added unicode mapping directives to recommended file 20cd5d069 Added unicode mapping directives to recommended file 57b80fedc Added unicode mapping directives to recommended file 081a0af6e Update to release 2.6.8 a9ab4632f Update to release 2.6.8 100168260 Fix MODSEC-315 18f98e755 Fix MODSEC-315 6059fc144 Fix MODSEC-333 e821aaf04 Fix MODSEC-333 db73e14ed branch 2.7.x 09450c266 branch 2.7.x 35a9a6c3e Changes from kyprizel (Eldar Zaitov) ecb39070e branch 2.7.x 22b1e2fb1 Fix typo 203e34651 update msc_release.h 8dc9ae913 Added client IP passing to IIS and two missing IIS installer files. e4d2dabe0 Improved IIS build process and more fixes to handle Apache 2.4. a63008b16 Changes from kyprizel. 3425aa9b4 Fixing Apache 2.2 build. 040d4469d Enable warning message with over SecRequestBodyNoFilesLimit d5ccfbafc Fix compilation issues in server.c 092559a58 Added missing functions to make non-Apache versions compile with Apache 2.4. 9eaa6a9a4 Update CHANGES dc4ec2df4 Fixed format string issue in ngx_log_error 7ea0e1223 Libxml2 must be at least 2.6.29 for 2.7.0 eeb331ca4 Added utf8toUnicode tfn - fix typo 781a506bc Added utf8toUnicode tfn 499819e23 standalone module enabled by --enable-standalone-module configure option 1e7fd3e5f for build standalone infrastructure necessary for IIS/NGINX 7b014be28 Update CHANGES 1d36512c0 Standalone module shouldnt be default d36120b41 Fix compilation issues in server.c and config.c ada16d3e9 Fix compilation issues in server.c. Looks like unixd_config is different in apache major and minor versions 054e015de Fix compilation issues in api.c c9202a44b Update license 1df668c94 Remove CRLF from Makefile.am 2dbe4ab4f Second part of IIS/nginx merge into M2 trunk. f3e31c75a Merging IIS and nginx code into M2 trunk. 7f33b00f7 Fixed some dereferenced pointers 8d5131a18 Fixed some dereferenced pointers c09d6e57d Fixed some dereferenced 221aba605 Fixed some dereferenced d267142bb Fixed check if s->name & value is NULL fc8edbb46 Fixed check if s->name & value is NULL a95f337ed Fixed check if ip_strv is NULL 7385b120a Fixed check if ip_strv is NULL 928ae2a22 Fixed unused error_msg in msc_crypt c24eaec77 Fixed unused error_msg in msc_crypt 9d19e7b06 Make internal m_strcasestr default 8cec8c7e6 Make internal m_strcasestr default a4c68c863 Revert configure.ac. Waiting for the merge bc5930086 Add license to standalone/ 22b763257 Fixing missing code between branches 429ba6ac4 Fixing missing code between branches 76925c6e7 Update CHANGES f624802d3 Update CHANGES bdcecf50f MODSEC-328 ecc2ee8fd MODSEC-328 bf5cd6211 MODSEC-326 eb7a9ed7a MODSEC-326 e8bd4c05f Revert pcre message warning mismatch 16376f075 Revert pcre message warning mismatch 4460061d2 Fix return msgs c4b12060c Fix return msgs 5f6985183 Init variables fdee16ddd Init variables 592ec392d Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 890a1cfb7 Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 543a7db8a Check for strcasestr 6b943dbb2 Check for strcasestr 1e8259b4a Avoid double close() for multipart file descriptors 912606fc3 Avoid double close() for multipart file descriptors 1c3efe02f Update Reference Manual 60960a1f0 Update Reference Manual 71c1e7813 Fix replacing targets 67cf78cd4 Fix replacing targets f4d446574 Fix pcre version mismatch warning d5866ff3e Fix pcre version mismatch warning 3a05349e0 Fix setting key len for child conf 2e055003c Fix setting key len for child conf 21e21b23a Release 2.7.0-rc2 9c73ad68e Release 2.7.0-rc2 245f6dc61 Release 2.7.0-rc2 ef64c7070 Release 2.7.0-rc2 c22376aa5 Fix warnings 027ae6eea Fix warnings f896591fc Fix warnings 3bb931e18 Fix warnings 89fb40248 change release to 2.7.0-rc2 21be05c7f change release to 2.7.0-rc2 2791e7766 Fix code for windows 81b74ba63 Fix code for windows 5b46e6c61 Fix code for windows 35d97d586 Fix code for windows 6223499dd Update CHANGES e2d0715c1 Update CHANGES ad059c9e6 Add inet_pton for windows de56a8bcf Add inet_pton for windows ead368268 Add inet_pton for windows 780db2039 Add inet_pton for windows ab4d5acce Fix windows error compilation 22e20c699 Fix windows error compilation 88331d122 Fix windows error compilation 04fa8bbd0 Fix windows error compilation 8bf46a3d8 Fix PRNG code and windows compilation errors 4ab785c19 Fix PRNG code and windows compilation errors a958dfd49 Fix PRNG code 575356f10 Fix PRNG code d20354917 Improve random number generator 4ef3cc8eb Improve random number generator 3caaf60fa Improve random number generator f72ba4d36 Improve random number generator 517abc595 Improve random number generator 39fcad456 Improve random number generator 0ed1a1b8b Fix loop into getkey 563017fce Fix loop into getkey 51067c23d update CHANGES 24b5c96c2 update CHANGES 9d2b4568f 2.7.x 56a396519 backport HURD and KfreeBSD build support c5cc0bfa9 Update CHANGES 28621131a Update Reference manual e584123ab Fix quote validation in multipart code 988e78e9a Fix quote validation in multipart code 8ead49a9b Added id to recommended file rules b6414bbdf Update reference manual f16240985 Added null pointer check 3457fcbd5 Added support to KfreeBSD and HURD d88a24da1 fix rsub input parsing and add maturity, ver and accuracy actions 480af9375 update CHANGES 14156d831 Add ipmatchFromfile d3ad05e9c MODSEC-312 4ed9015ea README.txt c19269dc4 Update mlogc code f0fab2a80 Fix apache 2.4 compilation issue during make test 4888769e7 Update trunk for 2.7 866cb6d6b Update trunk for 2.7 4bebeb6dd Revert any lua change 24ac0c4a9 Fix typo in CHANGES 864212074 Code cleanups 5b82006fe Code cleanup 25d1816c2 MODSEC-282 9948c424a Fix typo 2be4d8b02 Fix new apache api 2046a43bf Fixed AP_SERVER_MINOR instead of AP_SERVER_MAJOR e1e43cfa1 Fixed new apache API 2e00ae0f4 Fixed new apache API 992d075d8 Update doc/ 7d327e8df Update lastest Apache API 76e909c5a Rename collection timeout diretive 6cf207ce3 update CHANGES f92f8219d fix stream vars memory leak 1daafed72 fix arg name with double dot in SecUpdateTargetById f47fb8ebf Dont create new lua vms 3090edd85 sqlHexDecode fully hex decode 9cbc44eea Fix PCRE jit issue when not enable jit in configure c48d84313 Enable default configure options 3cb5edde2 Add extra debug info for pcre jit 1c0ed192d Add pcre JIT support - experimental 2a585fba8 Check for X in uppercase into sqlHexDecode 162f219f1 MODSEC-273 16ae74172 Fix issue in sqlhexdecode f6e53252b add collection timeout in the trunk c3b0cfc35 add sqlHexDecode tfn 150bc418d Fix issue in sqlHexDecode d4079971c MODSEC-160 1bf5f4532 MODSEC-272 82dfd037c MODSEC-272 c99d14797 MODSEC-270 a4f0957b0 Revert hexDecode and add new sqlHexDecode 5d0e3f910 change release version, doc, CHANGES a16c002f3 Fix make test ce0f5522b force pointers to null after free() ea09d6848 fix free() typo a2b45bfeb update CHANGES 3ec3d652a fix multiple variables when appending new targets 31183499e MODSEC-254 b0e9468d6 MODSEC-249 d43c7e0bf MODSEC-132 8a5a53431 MODSEC-258 0ae09036b MODSEC-255 5cacf63b3 MODSEC-142 77c4c70f5 Fix windows makefile 9f526bbea Fixes on autogen.sh 8ed0c1051 Fix build system with PCRE_ vars 78880129b Fix urbl whitelist msg 1cc9ac781 Update CHANGES 3517f8659 update manual cf7eecbe8 update msc_release 6c89afcf7 MODSEC-211 6c71b2698 [Reverted] Check POST request for SecWriteStateLimit 644d0b58f Check POST request for SecWriteStateLimit 152164b77 CHANGES de02ea5e4 Add new unicode map settings and fix requet body truncate bug b2a486e4b Only reinject stream if data is changed by rsub ad168c801 Only reinject stream if data is changed by rsub 3d69126de Build and code fixes d0da1372f Build and code fixes 06dd5907b Build and code fixes dc41b967b Fixed building with LUA c41c3cee2 Fixed building with LUA 9623fbd5b Cleanup unicode map file f59591910 Implement unicode map 646564cd4 Renaming GSB functions c8d292105 Renaming GSB functions 9ece2422c Remove unused geo code 1341c4983 Remove log part K from default configuration edf039b8a Fix MODSEC-245 6d7781754 Fix MODSEC-247 0cf21202e Update CHANGES - fix Marc name d84face22 Update CHANGES e1025d0f0 Change apr version macro by apache one de463a85c Fixed matched_var bug 3e0acbe16 Fixed matched_var bug 50293aef9 Add domain to tx.1 whe gsblookup matchs 5eaa1a734 Added SecWriteStateLimit for slow post DoS c78903e98 Fix problem when buffering in input filter 241f222a1 Wrong lenght information in input filter when forward stream variable 1bfbe0c14 Fix issue counting requet body len aa3fa1450 Fix issue in MATCHED_VARS_NAMES 21c81331c Uncomment input stream 352fc200b Remove extra useless files b3b68d1e3 Edit CHANGES 21dcfde3c Remove unused defines b19f32bb3 Make clean and maintainer-clean removes unused files, also add # when rule chain doenst match d4d349753 clean stream buffer 0ee85b348 clean stream buffer 0cc30904b Fix issue in input stream 1aa4cace6 Fix compiler warnings f468224a4 Change log_escape_nq to log_escape 6b7edc4d4 Fixes, code cleanups, improvements 0b3ed4181 Avoid *FLAGS resetting - Diego Elio 162e0ff81 Remove unused localtime function 123018cfc Rewriting parser for gsblookup ab339c7b1 Rewriting parser for gsblookup 8c8c583de Rewriting parser for gsblookup 5328bcdea Rewriting parser for gsblookup 3ed70ea17 Rewriting parser for gsblookup 0eb1f68da Improvements on gsblookup - reduce multiple slashes ab8c7e6f4 Improvements on gsblookup cf97731cc Fix logging MATCHED_VARS issue 352514f7d Fix comment to reflext the base64DecodeExt change 808a7bbc1 Add support to AIX and HPUX build (untested) 4ae9a91d7 Only change stream var->value if we have the realloced buffer c1d3fd636 Applied patches from Diego 9fb9aeb6a Detele useless files 15338bbf9 Rename DecodeBase64Ext to base64DecodeExt 7493f01ef Delete useless files 0e4f88630 Delete useless files f3f7d6488 Delete useless files ef56f47b4 delete useless files 748aea7b6 delete useless files c4f3d121f Fix without-lua into trunk - Diego Elio 43e3ea65b update recommended configuration ec29fb539 update release trunk for 2.7.x a21e03eaf Update CHANGES and Reference Manual d68731a38 APR-Ipmatch operator 4c6419cf7 Remove extra debug msg for log section K 9cd2efd97 Added extra debug msg for log section K 025d41f71 Added extra debug msg for log section K 5bfb2973e Change rule comparing to log section K 502e97642 Author at README_WINDOWS ba651304d Fix make test 6ea5cba17 Move version() to mod_security2 57140c25f MODSEC-37 30da07b59 MODSEC-37 f64b5544a Move version() to mod_security2 371df205d Change license on msc_test 9ca34a322 Change apr_cpystr to strncpy 6047658d0 Cleaning stream out buf d98231e11 Cleaning stream out buf eec65ea29 Include sucess msg in ipmatch 775f10598 MODSEC-221 843f7fc01 Test makefile 7635bd5f1 Improvements in detection only a9557a66c Add more char to escape in log_escape_re 34d2f43a1 fixes for solaris compilation 4643799ba fixes for solaris compilation d878fce0c fixes for solaris compilation 3b4c46f27 Improvements in detection only 9c5e0a4f9 Improvements in detection only b8828ad3f Improvements in detection only 13980bd04 Improvements in detection only ae006f7a8 Improvements in detection only cb3353f13 Improvements in detection only 3377831b3 Improvements in detection only 50205ebf6 Improvements in detection only 0f5b0debe Print when request is blocked when it is larger than the configuration 6e3bb889c Print when request is blocked when it is larger than the configuration 1e2f836b3 Print when request is blocked when it is larger than the configuration ed06ed2ae Fix issue in detection only 2a8c8a747 force process partial when use ctl to detectiononly ed4e98c64 Fix issue on solaris a75f2c0c6 Testing new approach to tag macro expansion b64d28eb5 Testing new approach to tag macro expansion 6b7c138a9 Testing new approach to tag macro expansion f524cfee4 Testing new approach to tag macro expansion 6d3b3802d return value to unique_id 41f338a4d Include arpa/inet.h to *nix 97bc9b056 Fix typo issue cd41e9327 Fix typo issue b2140ab72 include msc_gsb.h into re_operators.c 6703a7df0 include msc_util.h into re_operators.c 9ed1200c1 Fix ipmatch issues 0d32c17c3 Memory pool fixes and code cleanup 82a9652ae Tag test 093cb2495 Tag test 6031e7fda Improvements, bug fixes and cleanup from Tom Donavan f0d6a06a9 Fix ipv6 bug to solaris 463b0df78 MODSEC-219 5d540e059 MODSEC-219 5e480d85a Fix bug in pmf b7a926c20 Fix bug in pmf 9ddad65f0 Rsub escaping 4aba02a10 rbl improvements 2ff42243f Add escape option to rsub and rbl improvements d69634166 ErrorDocuments and internal redirect hook is available for testing 53b0276b0 set base url to tx when canon #2 a99ca02d9 change return code at rsub 8642c0134 gsb now saves the base url in tx.1 when match a full url 0c8161081 add util remove escape function and apply it for gsb c43867d64 change remove_escape function name a9e010084 update license text b3243374f New doc 104f0de46 New License 1a2d377e3 MODSEC-178 a5ddb8189 Remove extra debug msgs a2f01d31a Experimental reallocation memory for rsub 3c5eae03b fix free function because of double free 117cc1352 revert free operation c0a097304 Remove free function because of double free ede971a9e Fix unknown error msg on rsub b5607ea87 Fix memory leak rsub 21e422318 Fix ipmatch c2504b100 Fix rsub 49732256f Improvements, fixes and new features 4f1ab2f71 Allow replace with substrings a6c240537 Adjust gsb error msg 7bd27c400 Gsb matched urls set into tx variable a13887065 Gsb matched urls set into tx variable 9380fdbdd Rename gsb db directive 69551d2d0 Add Google safe browsing lookup caa6d89f8 revert MODSEC-171 c04a4edb4 MODSEC-144 8b52a7d1e MODSEC-173 fa8c45e7c MODSEC-171 d0c2a5d34 Add verifyCPF 5464f300e Renaming opt and args of SecRequestProcessPartial(on,off) to SecRequestBodyLimitAction(ProcessPartial,Reject) 98e6a1c28 Cleanup ipmatch function 74666fe2c MODSEC-181 c4100a184 rename Stream options to SecStream e267c6ffe MODSEC-204 8cbcf7898 Add initial plataform check code into autotools 7235a14b3 Add initial plataform check code into autotools 7f838acdf Ipmatch now is not supported under windows 3f1d91183 Make ipv6 portable 8b907225e Make ipv6 portable d170dd4eb MODSEC-57 e0a49f0b0 Change ipmatch to msre_ipmatch 025ca49cc Change ipmatch to ipMatch f536ba11a Ipmatch mistake d4d97505d Under CentOS inet_pton return invalid address for valid ip6, remove the return code for now cd31e80b8 Cleanup ipmatch 3c53fe5be Add ifdef when print lua version 882e537c9 MODSEC-140 7f52d86e4 Include data edition, sanitizematched and few fixes 37e8cba18 change old lookup algorithm 8e9582bed MODSEC-196 d0e2546f9 MODSEC-21 fdded3383 MODSEC-60 8907f66f3 MODSEC-127 5040c5568 MODSEC-70 change loglevel to 3 86cc9d6e3 Request process partial under detectiononly 1260d2b09 MODSEC-104 56fc2ea71 MODSEC-148 fix issues c8033a59f MODSEC-148 60a1725d0 MODSEC-12 52c33e7c5 MODEC-105 549f05948 move 2.5.13 into trunk df61af462 add breno user to authors file d3293916e Change scope of state var so multiMatch works once again. 68f79e7f0 Add the git-svn authors mapping file. 78dfd8d82 Add the example lua script to doc dir. 3a10f9fb8 Fix autoconf header and include path so trunk builds. 7aa83b5c9 Change copyright date on alp2 files. 86e9b42db Added alp2 as a build option. b186e7349 Add some missing files. ea34defc0 Added mod_remoteip.c to to postread_beforeme_list (MODSEC-158). c7c65f9dd Change default install prefix to /usr/local/modsecurity. 058283fb5 Add the ability to build custom request body parser extensions. Add an example for a request body parser extension. f7f305991 Add license headers to extension examples. 8553cab4a Moved api examples to "ext" dir and hooked them into autotools for building with "--enable-extentions". Upgraded to autoconf 2.65. cea87f408 Fixed test/test-gregression build targets. 42b981319 Update doc for new build system. eb6b9274a Redo build system to properly use autotools and avoid compilation with apxs util. 972e46825 Add an option to grab the latest release candidate or stable which is intended to be used on dev servers to stage production. 98982e296 Added the SecDisableBackendCompression directive b784acd31 Merged in 2.5.x changes into trunk. f925a978a Update CHANGES b48fdddf4 Merged changes from 2.5.x to trunk. 6f548e91f Fixed bad merge in CHANGES. 08edc0c26 Merge 2.5.x (2.5.12) changes into trunk. ed11e27e0 Moving performance logging from level 3 to level 4 to prevent it from polluting the error log e0f160840 Move writing to collections and GC earlier so that the results can be logged. 0ecfe86c3 Add PERF_GC. 5448b3fc2 Log the duration of garbage collection at level 3. 5c4733f1a Add REQUEST_BODY_LENGTH. b8837bbfb Change the format string from m (already taken) to M. 4cd09b9da Revert unneeded changes in r1459. c24e61ac8 Added missing conditional debug logging. 9bd9f3359 Run phase 5 prior to mod_log_config. Now for real. 86407062e Do not use 'total' to refer to PERF_COMBINED in the logs. Use 'combined' instead.' 221af6f5c Add PERF_ALL, sepearate PERF_STORAGE into PERF_SREAD and PERF_SWRITE. bc35ab7e0 Implement variables for access to performance measurements. a4d5d50be Integrate with mod_log_config (MODSEC-108). 7b56982f2 Implemented a new time-measuring mechanism. Added Stopwatch2. d25937333 Add DURATION. 51e7bfcc0 Document phase 5 changes in CHANGES f740b4f22 Run phase 5 prior to mod_log_config. ce106df27 Generate error messages when registration fails. Change all examples to use modsecurity.h to avoid the duplication of the optional function declarations. c60ab6bfd Merged changes from 2.5.x into trunk. c341899b4 Merge in changes from 2.5.x. ea4b75d8b Document changes d1c38bf02 Change SECACTION_TARGETS and SECMARKET_TARGETS to REMOTE_ADDR 6d5e752cb Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered 62f7e6823 Update CHANGES retroactively 6a2930820 Remove one missed reference to the PDF UXSS filter aa3b20ecc Optimise the unsetting of the previous data capture variables 23c3237d1 Added missing log level checks before logging. 7916942fe Remove unused variable 76583d80f Added the missing log messages for the ctl action; optimised the existing log messages (MODSEC-99). 839b7f81e Removed the obsolete PDF UXSS functionality (MODSEC-96). 853b1f9fc Convert 'normalise' into 'normalize' throughout, but support the previous version for backward compatibility (MODSEC-103) 1fb6f974d Update the documentation referring to phase processing cb8b76f4e Process phase 1 in the same Apache hook as phase 2 (MODSEC-98) 3b1298968 Merge 2.5.x changes into trunk. b01f8190e Merged 2.5.x changes for 2.5.11 into trunk. 8fe278e84 Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility. 6d83f91b2 More updates to build, removing Apache based build files. 9a526c090 Merge in 2.5.x build changes into trunk. 55f54e17e Merge 2.5.x changes into trunk. a1a67592f Do not log debugging message as a warning (MODSEC-91) 21ecf99da Merge 2.5.x changes into trunk. aa1e05302 Fix typo 91b215562 Merge 2.5.x doc changes into trunk. 826124b37 Merge 2.5.x changes to trunk. 7379a4fb3 Merge 2.5.x changes into trunk. 155608be3 Really remove the rules dir this time (not just contents). 67f7f9377 Merge changes from 2.5.x, removing rules dir to its own structure. 6adc53fd4 Merge 2.5.x changes to trunk. 73fb8eae5 Merge latest 2.5.x changes to trunk. 08e651a1c Merge in some doc typos from 2.5 branch (MODSEC-77). 05bd24334 Merge 2.5.x changes into trunk. e5becf840 Merge 2.5.x changes to trunk. 12b9bcd33 Merge 2.5.x changes into trunk. ffc5d968e Merge 2.5.x changes into trunk. 944a08822 Merged 2.5.x changes back to trunk. 31ddf4c86 Merge 2.5.x changes into trunk. a16eb9677 Merge 2.5.x changes into trunk. 9d26b16e2 Merge 2.5.x changes into trunk. 48981bb7c Merge in changes from 2.5.x branch. 5fcca65fc Merge 2.5.x build changes back to trunk. 84099df54 Metadata. 25a394452 Cleanup docs. e30176125 Merge in 2.5 doc changes. Cleanup doc formatting. f905bf083 Cleanup the API examples and add more docs. dc0a2161a Merge 2.5.9 changes into trunk. fa96c349e Merge 2.5 changes. a06d8f8ce Fixed strict compiler warnings for mlogc. Updated mlogc copyright year. bef5c53c0 Removed "make -C ..." in favor of a more portable method. Added verbose output option to configure. 4f3c9d991 Small clarifications. 9c3c0d8c8 Update the reference manual to refer to the new data formats documentation. fd5cf18ca Add the data formats documentation. facacae23 Fix a typo in the SecRuleInheritance example. c012db7e6 Make a note of configure options that can affect performance (MODSEC-28). 4a336dadf Removed an invalid "Internal error" message forcing auditing of a request (MODSEC-29). Cleaned up error messages prior to using send_error_bucket(). c3c822ea0 Revert r1205 as it was fixed in mod_jk upstream. becf69403 Updated REQUEST_BODY documentation. 7b0e71f92 CHANGES text describing when REQUEST_BODY is populated was not accurate. 3848ff5b3 Worked around mod_jk issue where a 401 response was not including the WWW-Authentication header (MODSEC-16). 67c48bfdf Added ability to use ctl:requestBodyAccess=off in phase:1 to avoid limit check. Added regression tests for this as well. c5e258f0b Added additional check for XML well formed. b2c7424a9 Added a comment. 309510d70 Change from ctl:requestBodyBuffering to ctl:forceRequestBodyVariable. 5740f7a3e Tidy up. 2ee69ce46 Document css_inplace_decode(). 2f7ff8f7a Tidy up. ec49ce05c Updated docs to point out some features are not available on all OSes. MODSEC-9 ac767de86 Typo in SecRuleUpdateActionById example. f20059b00 Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5. f5af5ef42 Remove declaration of an unused variable. 34798e9ab Allow ability to force request body buffering to memory. Fixes MODSEC-2. 139d651bb Updated the CHANGES. deb6a816b Fixed MODSEC-2 by using the msr->hostname (ap_get_server_name(r)) vs r->hostname in the log. 20cc39551 Added mlogc source. 2818e66a9 Tidy up the code for the performance-measurement mode. Remove the per-phase measurements, which don't seem to work (at least not in my case). acec75be4 Make PERFORMANCE_MEASUREMENT more accurate by removing stray msr_log() invocation. Clean the code a bit. 9997cee04 Clarified that SecMarker IDs are the same thing as rule IDs. 1b977e610 Clarifications in response to comments from Kiyohiko Kajihara. a686b0633 Update configure to better find lua libs. ab5cd9261 Update a regression test due to changed error message. 7eef5ce7a Update test stup with new msr_log_* wrappers. d419a2168 Update CHANGES. Sync up docs. 225339525 Allow disabling processing of request body size limit in phase 1. See #518. 5298e2954 Added XML warn/error output to debug log. See #519. 458fe8423 Add parity transformations. See #516. 94370b2c7 Update default action in unit test stub. bb2e4b9a3 Fix cssDecode. See #512. 5f648db89 Updated regression suite to use full path to LoadModule. 10713fbd3 Sync up branches/2.5.x and trunk. 9c6b26744 Change licence file to Unix format. a05445e33 Tidy up whitespace. More characters in the commit messages than in the change itself! Way, way, more. This is what happens when you work too much. 924ce68c5 Update readme to point to new exception filename. 7899b5c6e Update licensing. 6a33fedc8 Regression suite cleanup merged from 2.5.x. 478389d5a Added regression tests for ctl:ruleRemoveById and disruptive actions in DetectionOnly mode. ae40b8c21 Implemented cssDecode. e6e06bff7 Update trunk CHANGES with 2.5.5 release. 200d9e5fe Firewalls not fireballs ;) 326208d02 Newer apaches default to text/plain instead of null. Make matching files a bit more robust. 21f305095 Fixed warning for mixed CRLF/LF lines and LF lines in changeset:1070. See #504. f072738c8 Remove an extraneous debug statement and update version date. 0b1e2d674 Fix a minor typo in a comment. d9ba0e98b Fixed a typo from changeset:1072. See #498. 493e71a9e Tweak some regression tests. e1e200c00 Disabled phase 5 after interception by mistake. Fixed c3fd0231d Prevent phases from being processed more than once. b2119411d Minor code cleanup. 81d98de28 Log strict multipart errors at level 4. 83ff6c479 Re-enable error output filter with a fix after more testing/tracing of code. See #498. Update versions to ready for release of 2.5.5. 230837d4a Update/reorg some regression tests. 16acbe494 Fixed issue where logging was not occuring unless "auditlog" was enabled. See #497, #4, #451 and #445. f2449c6f3 Enable "auditlog" action by default. See #445 and #451. e209cb768 More regression testing updates. 6cd8459bc Update docs on persistant storage. See #479 and #495. 0c95f9c64 Backport fix to improve request body processing error messages. See #504. 4d2fa2741 Backported changeset:1056 to 2.5.x which handles a lacking new line after the final multipart boundary. See #502. 6241dfe96 Fixed XML multithreading crash. See #501. 0c1f2f2e0 Fixed blocking in phase 3 by reverting changeset:591 (for now). See #65 and #498. 81145fe2b (Changeset Tracker. See #1234.) c8e35797f Improve request body processing error messages (#504). d06a3beab More tested regression tests. Cleaned up script. 043a5d608 Handle the case when there isn't a new line after the final boundary in a multipart request. This fix takes care of the WordPress Flash file uploader problem. 8844813c9 Some more updates/tweaks to the regression suite. Allow the ability to "make test-regression". 3e58e99be Another small update to the regression tests. 7ad2766e7 Some more updates for regression testing. 4bc1fc39f Some reorg of regression tests. 49e63a3e3 More regression updates. 59629a6af Add/update regression tests. 29cd97b24 Reorg. 813127aa1 Added some basic regression tests. f90ffeb97 Add the beginnings of a regression test suite. eb77be6e0 Fixed issue where transformation cache used default (fixed in 2.5.4). f394c6faa Add atomic updates for persistent counters. See #20. 5f6cb3aea Update msc_test with -N, better error support and support for actions. 8f7b861d9 Added mod_rpaf-2.0 and mod_custom_header to the beforeme list. ec19e2517 Update changes with 2.5.4 release. e74a17117 Update docs to show Lua as optional in the install instructions. 56e9aba04 Add an action directory for tests. 248bd0971 Update generated configure. c63d0ea21 Update the performance unit test generation example scripts. 6d3da8c39 Add the configure script (even though it is generated) to make it easier for others. 40fba3355 Allow actions to be unit tested. Allow unit tests to be performance tested. Add an example script to generate @rx vs @pm tests. cfeb3b976 Update CRS to 1.6.1. See #484. 06eeb7ef0 Fixed crash if a persistent variable name was more than 126 characters. See #478. 5735d5fc6 Fixed issue where the exec action may not be able to execute shell scripts. See #475. b4f473f87 Expand macros in expirevar and deprecatevar. See #477. Cleaned up debug logs in actions. Warn on mismatched curly braces in macro expansion. d37ab9482 Minor tweaks to msc_test build. 27601f6b4 Remove some extraneous debugging. 070e0bb0c Update CHANGES with current releases. fa3462f48 Add the MODSEC_2.5 define to 2.6 for compatibility. 563a8e0f0 Fixed issue where the exec action may not be able to execute shell scripts. See #475. c50e5b0b3 Update versions for release. 955163389 Add docs for macro expansion. See #462. aa6be1614 Make sure all filehandles are closed at the end of a trasaction. See #464 and #465. Fixes a few typos in some error messages when we are over the limits. b74b65911 Update version for trunk. 5f09dbb3e Sync up trunk with changes from 2.5.x. d797619fc Cleanup and update docs for 2.5.0. 7a1e2db14 Fixed code according to Ivan's review. bdc746baf Update rules to 1.6.0. e4eaade2c Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 63bccf793 Add additional CRS files. aef091a84 Reverted r950 which moved the periods from the message to after the "[offset ...]" tag. This tag was intended to be interpreted as metadata. Enhanced the documentation from r951 to reflect "[offset ...]" as metadata and not the message. 1fbf0c97f Update CHANGES, versions and dates for 2.5.0. 8cf74f5c9 Update version dates. Fix a small typo in Lua example: nil, not null. fb9585735 Add operator messages to documentation. 258ef32ad Minor changes to operator messages. 7ef661217 Make sure the test target gets the APR/APU CFLAGS. f00e15cc0 More updates for Windows builds suggested by Tom Donovan at apachelounge. cc2110b18 Updates to build on Windows with MS VC++ 8. 1789b9935 Remove the generated apxs-wrapper on dist-clean. 20bc34a53 Update core rules to 1.6.0-rc3. de115fc4e Update core rules to 1.6.0-rc3. 731ac3321 Update version date for 2.5.0-rc3. 935677a78 Do not add alert message when a transformation is not specified in a Lua rule. 2c74c55d4 Add the copywrite blurb in msc_lua.c. e9d1a44ce Explicitly define the target msc_test.lo target output file. 94f617ae1 Update CHANGES and release dates. d3831d679 Include the pmFromFile data file. 06715a0de Make sure to include the apxs cflags and apr cflags when building msc_test. 96b3ea6f2 Update unit test framework to build with libtool and show test name in debug log. 45e85e4c8 Update CHANGES and version dates. d24976a83 Add message to failed tests as well. 8e4310782 Add target name to validateUrlEncoding message. 83c13abfe Add/update more unit tests. 16b2821d5 Update string match text for @within to not include the target test. Make sure the empty string always matches (it does in @rx and @m so it should in other string operators). 827a5831e A pattern of "" (empty string) should always match. b579e704a Added unit tests for numeric comparison operators. 50a9f76dd Fixed getting exit code for determining test status. ac449776f Add pm operator unit tests. 540de37e7 Fixed error detection for operator init. b93466003 Cleanup unit test debug log on make clean. f428d3768 Cleanup - remove extraneous whitespace and tabs. 4b55882c4 Made msr_log() work with unit tests. Now display the message generated by operators for unit tests. 46cb2beeb Cleanup build to be more portable at searching for libs. fd8f4e319 Update CHANGES and versions for 2.5.0-rc3. e2ad283fd Fix some sprintf formatters so they do not generate warnings. d3d4c6694 Allow "none" transformation to start the transformation chain over and not crash. See #456. 13b5cdd5f Expand macros in setenv (name and value). See #458. 7250e4d03 Fix crash when there is no parameter to ENV target var. See #459. 3232a2d41 Fix debug log "Expanded" msg to only print when expanded. 7540f7118 Remove the "Experimental" tag from PDF and content injection functions. e12a2f08d The apu is under the apr dir on Solaris. 0903a061a Fix regression on non-solaris for lua (lua5.1, not lua51). 8d05c9966 Add some further searching for apr/apu/lua for solaris. 698bff5fa Make sure solaris can find the stupid httpd included pcre lib if need be. 588b4fba8 Fix apr_size_t formatting. Do not bother with formatting errors on solaris. b39bd8679 Fixed typo in lua finding script. 229b1f9db Fix CPPFLAGS when building against httpd src libs. 764fe94ab Wrap the apxs command so we can fix -R option not working on solaris. d350c5f5d Add in a hack to find lua binary install. 8f6f8c7c0 Add download links for lixml2 and lua in the docs. af69a4514 Add some extra build files to clean up with "make dist-clean". 4535b2e67 Cleanup CHANGES and set release dates for 2.5.0-rc2. 8b207a536 Note in docs that the K part has fully qualified rules. ed581b56f Revert part of the noauditlog fix in changelog:878. See #451. 751ce0684 Add signature verification support to the rulset updater script. See #280. 17219368c Added reading options from a config file, unpacking rulesets and email notifications to rules-updater.pl. See #280. 7777c35a6 Add new type parameter to msre_rule_create() for msc_test. f8dedc940 Update make to put mlogc in the tools dir. 2aca5f63f Add a basic auto-rule-update script that can download the latest version. See #280. 4c6dccada Fixed noauditlog. See #451. 52ccced72 Cleanup building actionsets and use minimal default. See #445. Fully resolve all rules before logging. 946a35004 Fixed removing cained rules with ctl action. ef6f75f4f Update docs for SecUploadFileMode to include the "default" value. f8adea949 Implemented SecUploadFileMode. See #448. 09ada31a2 Fixed potential crash if actionset was NULL. See #441 and #442. a3584993f Implement "block" pseudo-action. See #441. 9dbc7807d Remove query string from error log. See #447. e0c0d6690 Update severity documentation, deprecate numerical values. 00731cc70 Update versions in preparation for 2.5.0-rc2. c72057bc5 Cleanup CHANGES. 85e0b4d96 Add parens for clarity. 18e9ef080 Remove default transformations. See #445. c4e1ede35 Fixed merging actionsets so we can build a more accurate rule for auditing. 0d24a08f3 Implemented SecRuleUpdateActionById. See #442. be096d8f7 Explain how to install mlogc after building. c6c400394 More configure cleanup. Update docs for new install: configure && make && make install Spell check the docs. 96ff268f6 Replace TABs with 4 spaces. f4a44bc32 Remove an extraneous debug log. c68beb2fa Update text version of my review (removed areas that were invalid and/or fixed). 9fb03d277 Fixing code based on review comments... Cleaned up what vars are cacheable. Added parens around "*foo++" where it clarified the operation to be "*(foo++)". Added " at VARNAME" to operator matches where needed. Escaped var->name in the var generation (user-supplied data). Marked a bunch of TODOs as ENHs instead. Transformed some C++ style comments to C style. Removed the %0-9 macros code which was commented out. Optimized some ctl action code so that multiple ifs are else ifs. Implemented some error messages marked as ENH. Make commented out acmp debugging a configure-time option. Cleanup GEO debug log messages. Added relative filename support for geo dbs. Added help text to Sec* directives. 99c41afc3 Added a check that SecServerSignature actually worked (Apache changed some of this code as of 2.2.4 and could potentially change it again and break this). Cleaned up some configure code. Cleaned up some extraneous cache logging. Cleaned up the output from the test script. fabeaf505 Final mlogc configure cleanup. 62dfbeb80 Do not bother with libcurl if there is no mlogc-src. bc6c0c76a Add the ability to find curl for mlogc. 0a6ac0559 Add the ability to build mlogc if it is in the mlogc-src subdir. b5033e6e2 It is 2008 now :) 800dacd74 Add text version of review. 2d034c5ce Finished with pre-2.5 source code review. 0b9c2810e Fix speling. d8fa66515 Document data formats. d106a5c4d Yet more review data. b0f7dc1fc More review updates. f15ef01be Tweak error message to make it clear it's not our fault. b6446dc83 Fixed an old bug in ctl:auditLogParts that was fixed in 2.1.x, but not trunk. 4b05cfe3d Update current review data. 106a54f87 Fixed partial transformation caching and reduced some debugging output. 31e3ada84 Fixed phase 5 rules not being excludable. 433ecf342 Cleanup configure and add support for using apache src included libs (--with-httpd-src). 7baf94992 Add --enable-FEATURE options to configure. 4473e483c Update current review and report generation script. c622e7ec9 Expand PERFORMANCE_MEASUREMENT output to break down the full rule timing into transformation, operator and full. Add a "Transformation completed in N usec." debug line to compliment the operator timing. a53969a99 Add the beginings of a pre-2.5 code review ala Jupiter. 2ab009ee9 Add files to support using eclipse w/Jupiter code review plugin. 36dbd608c Add a review dir for testing/using Jupiter eclipse plugin. See: http://csdl.ics.hawaii.edu/Tools/Jupiter/ baac392bf More configure cleanup. 40c57f871 Cleanup configure script and add back unit tests (make test). badb2791f Initial 'configure' based compilation (buildconf generates configure script). be9931e00 Make sure all tests pass. 402f6318b More test updates. 2068357af Added m.getvars() and finalised Lua support. 8924f605d Add some more test cases. 6dd615646 Fixed returns for urlDecodeUni, urlDecode, urlEncode and normalisePathWin. See #439. 9551218d2 Fixed URL decoding with invalid encoding. See #439. a210e7325 Fixed return codes for base64Decode, base64Encode, compressWhitespace as well as replaceComments not adding the space for a comment w/o ending. See #439. ef18503f0 More cleanup and fixes in the testing framework. 78f83198d Remove \0ooo support from t:escapeSeqDecode. See #423. 4104e261e Update verifyCC checks w/data Ofer sent me. 9504be7d7 Fix a bug in testing framework where NUL is lost in parameter and add support for running only a single test in a conf file. 246ed9cbc Make sure a zero-length CC# does not verify. 59685455d Update core rules to 1.5.1. f64c7c39e Lua: Added support for scripting to @inspectFile. 4cecdf4c5 Added support for Lua to the exec action. a45c4bb55 Lua: Fix compile warnings. 4fcd787b9 Lua: Support relative filenames in SecRuleScript. 235fd2c07 Lua: Add ability to retrieve values from persistent collections. fa4738e86 Lua: Preserve entire scripts, not just main(). This allows for more complex logic to be written as the user can now use functions. It also allows room for future expansion. 3860a702a Added support for unit testing operators. Only verifyCC tests written. 3a8e0a4df Some more reorg of tests. a04e03b2c Some reorg of tests. 61e4623ba Move around some code to make unit tests easier to build. 2103fb560 Rename msc-test to msc_test. 4e7c243c3 Make libxml2 *required*. 6974a1c78 Fixed l_log to prevent percentage characters from Lua interfering with formatting. a0198a9e6 Polish up docs for md5/sha1. f3fae3155 Adjust Lua debugging levels to 8, to avoid logging at level 9 from skewing the results. 80aa065d2 Document the Lua functionality added so far. e834a860d Avoid double close of DBM on error. a96cbc0f6 Merge in Lua to test framework. e357bb55a Add quoting to unparsed rule generation. cdcb3bdb1 Lua: Added support for retrieving parametarised parameters (e.g. ARGS:p). 4414cb852 Lua: Support retrieval of individual variables from scripts. aef5a460b Fix Lua support. Enable logging from Lua scripts (using m.log()). e0c444953 Update Makefile to compile with Lua support afd3cbf14 Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. 6f6934e9d Code polish. d2dee97a3 Fix jsDecode \xHH to verify HH is there and valid hex. See #439. 5da9a05d1 Remove the callback from the verifyCC regex (not used anymore). 499c3f316 Add initial unit testing framework. See #438. 2657154ea Update docs for t:md5 and t:sha1 to note that they are in binary form and should be hex encoded to be human readable. 8360aacc2 Use use new msr->rule_was_intercepted flag. See #425. a99357ad5 Add ability to use <IfDefine MODSEC_2.5>. See #436. a703c9c62 Minor allow bug fix. dc081c5df Removed some code that implemented SecRequestEncoding. Left the directive in, as well as the structure member as they are harmless. b9a28882b Enhanced allow. 9b0ce5ae6 Move an extraneous debug log line from level 4 to level 9. 8a1687bf3 Make phase 5 more strict and catch an inherited disruptive action. See #429. 5bd9e0640 Add CHANGES entry. See #425. 32100608e Handle actionset being NULL. See #66 and #429. 05c8ccd07 Moved modsecurity_crs_55_marketing.conf. d6beae556 Should have moved this not added. f12cc94f9 Update props for rules. 3c4eacf6f Update Core Rules to those in 2.1.4. 4602f7d90 Remove tabs from CHANGES. 9136d391d Forgoten CHANGES entry for last commit. 476684e6e Stricter configuration parsing. See #66 and #429. cd51a1004 Allow all rules to run in phase 5. See #425. 515290434 Add 2.1.4 changes to trunk CHANGES. f68f0156c Cleanup CHANGES. 5065852df More efficient collection persistance and deletion on retrieval. See #345 and #426. 4c11791a9 Escape cache value in log. aa68fff10 Fixed decoding \9 with t:escapeSeqDecode. See #423. 8aa31fd09 Change jsDecodeuni to jsDecode which also decodes all the other JS escapes. See #193. b0de65913 Added t:jsDecodeUni handling unicode similar to t:urlDecodeUni. See #193. cbf79d43b Update version to ready for 2.5.0-rc1. 54cac6461 Add IS_NEW and IS_EXPIRED collection variables. See #345. 220342850 Prefer "offset" to "pos". e7e975696 Add var name to validateUtf8Encoding message. See #408. 3c1d5a021 More efficient multimatch support and cleaned up debugging and messages. See #69. 2dff0fb9f Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 423fd0eea Update skipAfter docs to mention markers. See #416. 715a8eae5 Implement SecMarker. See #416. 37f5231cc Minor code fixes. bbcf1d08f Added an APR-Util variant of character encoding conversion. c25071b83 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 22873995f Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2bf4556cd Checkin fix to rule removal code to avoid placeholders. 9e9bb318b Rewrite the luhn algorithm to be faster and easier to read. See #69. 13e209909 Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. This still needs to be fixed. a6c2d867f Improvements to audit logging matching rules. See #93. dcdce0cbc Added matching rules to audit log data. See #93. 85053718d Cleanup log output for skipAfter. See #258. ff12e6f1c Remove comment that is not needed. 526bcc0b5 More informative change log message for fixing utf-8 validation. c5c759d6f Forgot to update CHANGES. d3a0a2887 Fix utf-8 validation (again\!\!\!). 575e86388 Implemented SecRequestBodyNoFilesLimit (#103). fd5e4fb32 Fix bugs introduced by the recent change to audit logging. ab6a81fe7 Remove unused reqbody_status from modsec_rec. 1cfc906fa Fixed apr_size_t formatting warnings by using portable %APR_SIZE_T_FMT instead of %lu. 8cec4dd25 Some more debugging and fixes for skipAfter. See #258. 4a08d7e6b Handle out-of-disk-space conditions gracefully when writing to audit log. 800cfc2cc Added missing #else block for printf attributes. e47fdeb42 Changed %p formatter to APRs %pp (wish that was documented). Marked msr_log() as a printf style function so GNU compiler can check formatting types. Fixed a few other warnings with msr_log() formatters. 9447ae67b Added placeholder support for skipAfter so that it works with removed rules. See #258. 1860e2a35 Renamed SecGeoLookupsDb to SecGeoLookupDB. 6ca5b831f Document SecComponentSignature. Update CHANGES. b163864ba Implemented SecComponentSignature. e467d3cac Unified messages in the error log and in the audit log. f0be2ff6b Added warning message when XML request body parser fails. 2cefbda2e Fix quotes in an example. 40c5b2004 Remove extraneous 'void *' cast. aff690053 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate. Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit. b9defc0ad Warn in the debug log when request body processing fails. cd2287a41 Fix for an evasion false positive. 83fb4b4da Fix more formatting errors/warnings on 64bit systems. 7f71ae377 Fix another warning on %u used where %lu needed. e45ea12fc Fix warnings on Solaris and/or 64bit builds. faec5b8e9 Fix a possible loss of data warning when compiling 64bit reported by Marc Stern. 2b346dd08 Updated input filter insertion code for sub-requests. 8e9909006 Add the input filter if we have read the body (even if a sub-request). See #335. 9d49adf02 Basic implementation of skipAfter (still need to implement placeholders so it works with removed rules). See #258. 974298a76 Added ctl:ruleRemoveById action. See #259. 9efa02f42 Change ctl parameters to be case insensitive. Initial implementation of ctl:removeRuleById. See #259. f66e8c5b3 Document MULTIPART_CRLF_LF_LINES. b0d514478 Fix blocking multipart FP, which affected Safari. d5f3b9ce5 Fix multipart parser blocking FP with Safari ( (#317). 793b57670 Added support for MATCHED_VAR and MATCHED_VAR_NAME. See #123. b784e6cb7 Change from TX:LAST_MATCHED_VAR_NAME to MATCHED_VAR. See #123. 83a788607 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. Added @containsWord. See #182. a6cf7957b Update ModSecurity chroot documentation. da1399f0b Added TX:LAST_MATCHED_VAR_NAME. See #123. e0e031d16 Oops, too fast to blame apr :) This bug was a forgotten NULL in the apr_pstrcat function. Apparently newer APRs can handle this. dc71842ce Revert to apr_psprintf (vs apr_pstrcat) to get around what appears to be an apr bug with FC4. 9d4965b29 Fix macro expansion in setvar. See #126. 2d526f143 Fix typo in a comment. b66157497 Document the 'tag' action. See #276. 27ba3027b Move init of msr->msc_rule_mptmp before msr storage. fe1021e36 More cleanup of error messages and marking as relevant. See #4. 8b6f0e72a Wrap PERFORMANCE_MEASUREMENT variable as conditional compile. 63a47c370 Prefer %d string formatter to %i so we do not get warnings on some platforms. f3a8854fe Mark any error conditions/alerts as 'relevant'. Clean up/add error messages where this can happen. 5022ddcad Cleanup more subrequest code. Do not run with subrequests in phase 3-4. Still need to look at phase 5 to see what I can cleanup there. See #135. 86c9a9bf1 Cleanup CHANGES. 9f898a0e0 Fixed comment. 7c393c487 Fixed the wrong status being displayed in the error page. See #3. 72f814933 Do not process subrequests in phase 2. See #135. 426ce1aea Fixed deprecatevar. See #59. a1955d09e Add crude performance measurement. 009c3b0fa Document SecResponseBodyLimitAction. 9ed3cf9e5 Added support for partial response body processing. 59333a6a8 Update CHANGES. 79ee3a6a7 Process debug log statements only if the debug log level is sufficiently high. dfe09ff1b Fix content injection C++ style comments. 2a707d437 Enable our output filters to intercept bodies of error responses (#65). eb6b456f5 Fix potential buffer overrun by 1 byte in base64Decode caused by bad docs from APR-Util. See #255. b217e4262 Merge in fix for ErrorDocument. ad940d1ff Partially corrected the filter error code. See #3. 53011819d Cleanup some doc formatting. Prepare trunk for use as 2.5.0-devN tree. c8e5c7fcd Sync trunk from branches/2.1.x (merge in branch fixes). 8a54517f0 Updated copyright dates in xsl files. See #253. 1e603d8a3 Detect and use new API calls to get the server version/banner when available. 8549546b5 Add a cast to unsigned char * to avoid warning. b95cc3b37 Updated the manuals (trunk and the 2.1.x branch) to cover the new multipart stuff. More detail is needed but there is not enough time for that today. Also added back the impedance mismatch stuff and the PHP peculiarities. ba85c17b0 Update minimal configuration template to use strict multipart parsing. fa2b97ddb Tidy code. Small bug fixes. 0769f2378 More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. d7a92cac2 Adjust hook placement so mod_breach_trans fixes the request before us. 70e8246ae Update CHANGES. 9e08017b3 Force rpaf and similar modules before mod_security2. 9301461b3 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). 608f7f2b4 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. 239fa0095 Fix silly errors, typos. baf6f59df Multipart parsing improvements. e27516246 Quiet "warning: int format, pid_t arg" type warnings. 28d44486e Fixed data corruption in the multipart parser. 222f1f6f7 Cleanup. MULTIPART_STRICT_ERROR now returns 1 on parsing error too. 323f9f81a Better discovery of partial quoting evasion. b1949b7eb Another check for evasion through partial quoting of multipart boundary. d0ac05c3e Add check for evasion using double quote inside multipart boundary. 25fb1b262 Moved XML request body processor error to debug level 1. 5898e9e11 Fixed a potential segmentation fault, introduced with recent changes. 7c856eef1 Fix typo and make clearer the intent by using defined(). See #198. 716d0fd41 Added a check for nul bytes in multipart part headers. c85773b34 Added MULTIPART_UNMATCHED_BOUNDARY. Not very reliable, as it detects anything that looks like a boundary, which means any line that begins with -- but we don't think it's a boundary. 70324713e Added checks to detect quoted boundary evasion (although we are not susceptable any more) and to detect duplicate final bounary. 32905f9d4 Add ability to compile without API support (-DNO_MODSEC_API). See #198. f4389c9a5 Update docs and CHANGES for logdata action. 8f6385f78 Added logdata action (still needs byte limit). See #40. 765dfd027 Fixed typo. 9cfdd8f0d Rename TX_SEVERITY to HIGHEST_SEVERITY, fix and document. b71687c7f Add ARGS_GET* and ARGS_POST docs. c520886e1 Detect and prevent multipart evasion. cb0cb9375 Sorted variables in the registration code. 648037fdb Added TX_SEVERITY variable. See #60. d2fd881c0 Fix typo in CHANGES. f41c27a28 Added ARGS_GET, ARGS_POST, ARGS_GET_NAME, ARGS_POST_NAMES variables. See #136. fe8c564ed Added MODSEC_BUILD variable. See #38. 2ec596e83 Fix error message in validateByteRange to include the target variable name. See #157. 5a6ce0142 Added logging of target variable expansion. See #62. 820ba5f1d Add debug message when not buffering response body due to MIME type not configured. See trac #63. 892938dee Enhanced multipart parsing to support quotted boundaries and LF line terminators (RFC demands CRLF but some applications use only LF). 9695f2b81 Improvements in transformation cache (add options, document). Update CHANGES. 43f7fa72f Remove non-ASCII characters. b761c1c01 Merge in some doc changes. Fix some doc formatting issues. Update the CHANGES file. 72832c1b3 Working on cache enhancements. See trac #14. 3e5e2a06b Stricter validation for @validateUtf8Encoding. Capture the match in TX:0 when using "capture" action w/@pm operators. 5a38dde99 Disable XML parsing by default in the included core rules. bafe8ad77 Remove old comment. 31f119664 Updated README files to refer to GPLv2. 3facacf92 Emphasize the need to check REQBODY_PROCESSOR_ERROR in configuration example. 73706c8bc Update documentation to emphasize the importance of REQBODY_PROCESSOR_ERROR handling. 8b9d914ed Merge in code fixes to create msr context on request failure. 4d03b029f Remove the error message on a failed request so we can handle it in a pater phase. 9be72c39d Update to core rules 1.4.3 e251a9bd5 Add back code to send an alert on request failure. 656021c20 Fix typo. bff23e3eb Updated the rule IDs documentation (reserved ranges). 96edb02fe Updated documentation to specify libxml is no longer optional. 881e8e66c Update LICENSE removing part that is not the licence (but can cause confusion). 7fbf664ec Added cygwin to list of compilers that do not support hidden visibility attribute. 8cd8f42d2 Clarified which variables are URL-decoded and which aren't. f19622b04 Clarified that we are a GPLv2-only project. 129a5ab25 Reserved a rule ID range for ScallyWack. 698955aae Update changes to reflect the 2.2 -> 2.5 change. 8dea31635 Update @within docs according to Ofer's comments. See #134. 19887f9cc Added @within string comparison operator with support for macro expansion. See #134. b58efb346 Update CHANGES. Reversion from 2.2. to 2.5. Update @pmFromFile to base relative filenames off of rule file path. de739c60c Updated documentation for RESPONSE_CONTENT_TYPE and RESPONSE_CONTENT_LENGTH. 8de8e44e0 Removed RESPONSE_CONTENT_ENCODING, which never worked as intended. 5cb4823c4 Documented that we do not support atomic updates of persistent variables at this time. 1c639cf7d Added two payload examples for XPath expression examples. efe52d4e7 Initialize rules tmp pool properly. Update to latest core rules. a4835b73f Fix bad merge of mem pool fix from trunk. Update to latest core rules. 6569c444d Make rules/README UNIX style EOL. Merge another branch/2.1.x change. d55e023bf Revert msr_log as macro (still work-in-progress) 81d0f84ad Update copyright text to Breach Security, Inc. Merge in changes from branches/2.1.x c39723c3a Document SecPdfProtectMethod. 74738b29b Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases). 8b843127b Revert incorrect change to GET/HEAD detection code. This will teach me to always compile before I commit. c7f5dc335 Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented. eec279c8d Cleanup code. 6350e2bad Do not log alert message for subrequests. See #124. Cleanup CHANGES. 23bd6b433 Do not pause if we are not the main request. See #124. 46d7a5ec6 Move transformation cache rec def re.h from modsecurity.h 71eb6e17a Added XPath references. dd6755985 Move the transformation cache recort into re.h. See #14. 11456dd87 Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16. e5c00d156 Added rule file/line to audit log messages. See #49. f1607d007 Cleanup message output. See #16. 86f648d26 Remove extraneous debug log message. 84c0ca303 Fixed patch for subrequests to be more complete. See #124. e887faac2 Add @pm/@pmfile operators (parallel patch). See #16. f53c4241f Add entry to CHANGES. db04c6442 Cleanup af6160b9c Fixed problem with subrequests not being intercepted. See #124. c594c205c Fix new string operators to all resolve macros. Rename startsWith operator in code to match docs. See #54. 6cc0173cf Add caching for transformations. See #14. 61238ca22 Argh! That last one was not meant to be checked in - reverting 281. e11ff8542 Fixed log_escape_raw when length was <= 0 220abd344 Quiet uninitialized warning. a1a0c24b8 Do not compile on Solaris with visibility attributes. 3fbf2b93c Modify docs for t:urlDecodeUni. (See #122) a627e96c7 Lessen "capture" debug log messages. eaa8e444d Fixed decoding full-width unicode in t:urlDecodeUni for ASCII range 0xFF01-0xFF5E. Probably need more work/testing. (See #122) 97a1718d3 Only calculate debug data when we are debugging. NOTE: Last commit message was wrong. e03ea11f9 Only calculate debug data when we are debugging. b60f20697 Remove use of GNU extention strnlen(). Fix CHANGES. a68eb0488 Add geo lookup support. See #22. d8abb48ad Fixed a problem with content injection that resulted in content being injected twice. 2733cc739 Do not try to intercept a request after a failed rule. (See #53) dfde8169e Documented the PDF XSS protection functionality. It's not much but it will do for now. f1d4e0e2f Documented RESPONSE_CONTENT_LENGTH and RESPONSE_CONTENT_TYPE. d8418c3aa Documented SecContentInjection, append, and prepend. c0c5d8d89 Removed extraneous symbols from dso via DSOLOCAL. fca9eabaf Merged the PDF XSS protection functionality into ModSecurity. c559f3ee2 Change @eq to @streq. See #54. 2aa6e6160 Exported API for registering custom variables. See #120. Simple example in api/mod_var_remote_host_port.c b47059a5b Remove docs for HTTP_* vars. See #23. cd62f2002 Add docs for new transformations and operators. See #54, #55 and #117. 0c234c115 Cleanup debug log output: add rev to 'Invoking rule' line, remove clearing mem pool line. fa13b02f7 Updated the CHANGES file with the RESPONSE_* variable changes. e0a860292 Added experiemental support for content injection. 20c0b11dd Added experimental RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE. 3661a294a Added experimental RESPONSE_CONTENT_ENCODING. 3f7fc7c75 Added string comparison operators: @contains, @is, @beginsWith and @endsWith with support for macro expansion. See #54. 0a1610f85 More debug log enhancements - quote values to easier see whitespace. a3c3f25ae Fix macro expansion. See #118. Fix some debug log output to escape NULs properly in preparation for #54. Up version to prepare for 2.2.0 pre-releases. b93eef9db Added t:length to transform a value to its character length. See #55. 5482606c3 Added t:trimLeft, t:trimRight, t:trim to remove whitespace from a value on the left, right or both. (see trac #117) d9a26780a Add SecAuditLog2 directive (trac #102) e556a914f Remove tabs f2c96bae2 I added notes about accessing response headers in phase:3 and phase:5. e72540b0a I added the XML and HTML files for the Migration Matrix doc. 82fdc7cf3 Format CHANGES to add space before '*' 51a5418b4 Update changes to reflect merges into 2.1.x branch eab433187 Add PCRE_DOLLAR_ENDONLY to doc 00dcb2714 Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. (trac #57) a93c77e9a Updated line/num/id debug output with a format that is easier to parse. (trac #47) 9e669fcc7 Better CHANGES entry. (trac #43) 383119a14 Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. (trac #51) f6de76b05 Removed CGI style HTTP_* variables in favor of REQUEST_HEADERS:Header-Name. (trac #23) 485c664a4 Enhance debug log output for capturing to detect all regex/capture mismatches (trac #21). 891859f9c Revert back to using captured regex execution as it seems to be more effecient as the ovector can be used for working space even if it is not used for captures. Warn when captures are used in the regex, but "capture" not specified. 59928bfe6 This was not meant to be checked in yet (trac #42) 4676132ed Add the file/line to the rule so we can use it in the debug log and eventually in the alerts. 58afede3f Do not log 'allow' action as intercepted in the debug log. d1ada359d Optimize regex execution to not capture unless 'capture' action used. 09b704f11 Recycle the mptmp pool (trac #43). 8876a03ab Recycle the mptmp pool (trac #43). f508c0a33 Fix a compile warning. 473a471bb Oops, forgot my parens. bce096216 Fixed collection variable name printing in debug log (trac #45) ab55a8716 Fix potential memory corruption in msre_create_var_ex allocating per-request data out of global pool. 8898759c4 Add back the check for overflow on length 9b56d6314 More generic Makefile 4370819f7 Fixed potential DIV0 when a collection var was fetched in the same second as creation 4e02be621 Fixed parsing of ASCIIZ for application/x-www-form-urlencoded forms cf024ded0 Fix segfault when logging NULL text during request reading errors and upcoming fix for sending alerts on such errors. ebdd0400d Generate an alerts for error log entries for requests we did not process *if* it has a UNIQUE_ID available. 8aeff06fc Fixed faulty REQUEST_FILENAME. f4fb4ed4f Updates to quiet some compiler warnings. 79d232ccf Fixed some casting issues for compiling on NetWare (Guenter Knauf). 3e95d3c34 Changed version number to 2.1.0. 98188bd9b Document was not valid DocBook. Fixed. 6ebecdb3e Small fixes. f9999c440 Downgraded 'Connection reset by peer' from ERROR to NOTICE, as it has nothing to do with us. b57a1f024 Fixed an invalid conversion specifier. 6c5d19ed8 Removed the (harmless) message mentioning LAST_UPDATE_TIME missing. 8eb0aa7e4 Updated fix message. f807697e3 SecRuleRemoveById was unable to remove a phase 4 rule. 08c231a6b Fix some spelling, grammer and formatting issues. c48277409 Branched 2.1.0-rc7 3f80fdac3 Import ModSecurity 2.1.0-rc7 REVERT:bbccedbddChange tags into hashes in deps.json REVERT:14d69fa59Update mmdb files REVERT:e0055328aFix add missing deps for core db tests REVERT:c93d5a2fcFix CVE CVE-2023-3316 REVERT:5631e2737Merge pull request #547 from bunkerity/subtrees REVERT:3505c0d18Remove clone.sh file REVERT:ffd310031Merge commit '7b566b885e99301b243c5f61360e65238035e048' as 'src/deps/src/zlib' REVERT:7b566b885Squashed 'src/deps/src/zlib/' content from commit 04f42ceca REVERT:45dca7b44Merge commit '2ab324a69f219b4051b2e77d211ee1a7fb1462b5' as 'src/deps/src/stream-lua-nginx-module' REVERT:2ab324a69Squashed 'src/deps/src/stream-lua-nginx-module/' content from commit 309198abf REVERT:f85f86e46Merge commit 'c1073460677ba8aa2e325a1c57c3db1458f9fde5' as 'src/deps/src/luasocket' REVERT:c10734606Squashed 'src/deps/src/luasocket/' content from commit 95b7efa9d REVERT:bd600e0d0Merge commit 'a7d4cc5bbaabf8683b3b5cc1f42f9bd145cf1aa8' as 'src/deps/src/luasec' REVERT:a7d4cc5bbSquashed 'src/deps/src/luasec/' content from commit fddde111f REVERT:d15662693Merge commit '2d86912af87048b94c2921a60b3a8a5a0953e132' as 'src/deps/src/lualogging' REVERT:2d86912afSquashed 'src/deps/src/lualogging/' content from commit 465c99478 REVERT:1fb404757Merge commit 'f3ceeb73a958e774b1e2fa55d2607cdd3eb419ca' as 'src/deps/src/luajit-geoip' REVERT:f3ceeb73aSquashed 'src/deps/src/luajit-geoip/' content from commit fde33e045 REVERT:f81788c00Merge commit '2678b91586e9183b47327fbb0f11ad23020f195f' as 'src/deps/src/lua-resty-upload' REVERT:2678b9158Squashed 'src/deps/src/lua-resty-upload/' content from commit 03704aee4 REVERT:2d06f2d7aMerge commit 'bc06cd71b8896c6e7a1aac4610c9c3f878956238' as 'src/deps/src/lua-resty-template' REVERT:bc06cd71bSquashed 'src/deps/src/lua-resty-template/' content from commit c08c6bc9e REVERT:a6379356eMerge commit '3038a0b027f09090e1cd8f101d2ee8c52c383070' as 'src/deps/src/lua-resty-string' REVERT:3038a0b02Squashed 'src/deps/src/lua-resty-string/' content from commit b192878f6 REVERT:fdf0050a9Merge commit 'ee5198ba2810e33e08ff987ede5abe10fc74f6e3' as 'src/deps/src/lua-resty-signal' REVERT:ee5198ba2Squashed 'src/deps/src/lua-resty-signal/' content from commit d07163e8c REVERT:6f8ff3f12Merge commit 'a3cd342f3e1fffd7b16b83a24e03bb9ed501b319' as 'src/deps/src/lua-resty-session' REVERT:a3cd342f3Squashed 'src/deps/src/lua-resty-session/' content from commit 8b5f8752f REVERT:2f1cde097Merge commit 'eca8662cfe981f66ab92b53bbf83af65da02b2b7' as 'src/deps/src/lua-resty-redis' REVERT:eca8662cfSquashed 'src/deps/src/lua-resty-redis/' content from commit d7c25f1b3 REVERT:0b94df087Merge commit 'e59161ec204c7a95e4751b1c0e9a6bead7fcab39' as 'src/deps/src/lua-resty-random' REVERT:e59161ec2Squashed 'src/deps/src/lua-resty-random/' content from commit 17b604f7f REVERT:38fdd39d0Merge commit 'a2800598825bb5a03b577cca2874ff1cfae863f4' as 'src/deps/src/lua-resty-openssl' REVERT:a28005988Squashed 'src/deps/src/lua-resty-openssl/' content from commit b23c072a4 REVERT:c2fa53ca1Merge commit '31bf774f63b8b46a3c7b53028853036fff6fa0b8' as 'src/deps/src/lua-resty-mlcache' REVERT:31bf774f6Squashed 'src/deps/src/lua-resty-mlcache/' content from commit f140f5666 REVERT:7b2273aebMerge commit 'c82b0bdd27762d2d4a9901a187506d2e5abd74f5' as 'src/deps/src/lua-resty-lrucache' REVERT:c82b0bdd2Squashed 'src/deps/src/lua-resty-lrucache/' content from commit a79615ec9 REVERT:3dc8cc87cMerge commit '746a6e16d027ab3bddfc610c987e5d61ab9b69d0' as 'src/deps/src/lua-resty-lock' REVERT:746a6e16dSquashed 'src/deps/src/lua-resty-lock/' content from commit 9dc550e56 REVERT:62e740a0bMerge commit '19515d9b26f2f4886ca117b91384509087f0ff3a' as 'src/deps/src/lua-resty-ipmatcher' REVERT:19515d9b2Squashed 'src/deps/src/lua-resty-ipmatcher/' content from commit 7fbb618f7 REVERT:e566b98afMerge commit '7160fd94e3dc22299ee3c9f8b0e71a5e2c1bb501' as 'src/deps/src/lua-resty-http' REVERT:7160fd94eSquashed 'src/deps/src/lua-resty-http/' content from commit 4ab4269cf REVERT:cdd42bf25Merge commit '1a7d4e58be28238599df3f5c15c56380c3e99732' as 'src/deps/src/lua-resty-env' REVERT:1a7d4e58bSquashed 'src/deps/src/lua-resty-env/' content from commit adb294def REVERT:49db9c24dMerge commit '0f4a0cb0ef514bee6b810f6d6cf982c5ef0abfca' as 'src/deps/src/lua-resty-dns' REVERT:0f4a0cb0eSquashed 'src/deps/src/lua-resty-dns/' content from commit 869d2fbb0 REVERT:fe76b6830Merge commit 'fd02afef8ec1ceb8a816dc202d05c6ece9887d31' as 'src/deps/src/lua-resty-core' REVERT:fd02afef8Squashed 'src/deps/src/lua-resty-core/' content from commit 31fae862a REVERT:29d135bdbMerge commit '36023392a6e3c8fb6aebb46140db759e61da220e' as 'src/deps/src/lua-nginx-module' REVERT:36023392aSquashed 'src/deps/src/lua-nginx-module/' content from commit c47084b5d REVERT:b01aa0b15Merge commit '32485e2860c2ea31fcef5b575f446c7a3036a550' as 'src/deps/src/lua-gd' REVERT:32485e286Squashed 'src/deps/src/lua-gd/' content from commit 2ce8e478a REVERT:909841ea6Merge commit 'c46cd666ab76bad7bd05c6261d692cda5b380f32' as 'src/deps/src/lua-ffi-zlib' REVERT:c46cd666aSquashed 'src/deps/src/lua-ffi-zlib/' content from commit 1fb69ca50 REVERT:47ee3884fMerge commit '4f9b885a2e8b7a10653653fee3bb91cf5102b0ef' as 'src/deps/src/lua-cjson' REVERT:4f9b885a2Squashed 'src/deps/src/lua-cjson/' content from commit 881accc8f REVERT:e13868c63Merge commit 'bb450ac96595432625ac34de8f7f42b3d06a5b30' as 'src/deps/src/libmaxminddb' REVERT:bb450ac96Squashed 'src/deps/src/libmaxminddb/' content from commit ac4d0d248 REVERT:772e05d37Merge commit '4a7228d2dcb7fe62526016b90a7c497fb6531e76' as 'src/deps/src/libinjection' REVERT:4a7228d2dSquashed 'src/deps/src/libinjection/' content from commit 49904c42a REVERT:209d4a461Merge commit 'ae8d8b233d52cbfdee68bd3ba21713149f5659c8' as 'src/deps/src/lbase64' REVERT:ae8d8b233Squashed 'src/deps/src/lbase64/' content from commit c261320ed REVERT:992710650Merge commit '1d1739b4eaa274c25c52b8ceb79ebdc717633ec0' as 'src/deps/src/headers-more-nginx-module' REVERT:1d1739b4eSquashed 'src/deps/src/headers-more-nginx-module/' content from commit bea1be3bb REVERT:a09d5eb2cMerge commit 'e43880b08395df25663560da3d8154226a167a77' as 'src/deps/src/ngx_devel_kit' REVERT:e43880b08Squashed 'src/deps/src/ngx_devel_kit/' content from commit b4642d6ca REVERT:8973eb029Merge commit '26773844e7bd57df1216bd74360a62ec2dc976e3' as 'src/deps/src/nginx_cookie_flag_module' REVERT:26773844eSquashed 'src/deps/src/nginx_cookie_flag_module/' content from commit 4e48acf13 REVERT:79d1b4459Merge commit '22e69251d9b5cd2611abf77ef7352abfa4d409d7' as 'src/deps/src/ngx_brotli' REVERT:22e69251dSquashed 'src/deps/src/ngx_brotli/' content from commit 6e975bcb0 REVERT:4cd57ab8fMerge commit 'b99663928782619ef854b4bf10a2bf7450d75266' as 'src/deps/src/nginx' REVERT:b99663928Squashed 'src/deps/src/nginx/' content from commit 84cd72177 REVERT:d7f25398aMerge commit 'a676d333fda890838d8fc4766720cc3f1d4c5389' as 'src/deps/src/modsecurity-nginx' REVERT:a676d333fSquashed 'src/deps/src/modsecurity-nginx/' content from commit d59e4ad12 REVERT:999fb6b8eMerge commit '7e8f4adc3b2b2a655640c73198fb920a5e8441d5' as 'src/deps/src/modsecurity' REVERT:7e8f4adc3Squashed 'src/deps/src/modsecurity/' content from commit 205dac0e8 REVERT:6d05b14ebMerge commit '6c0468f62b1120497a6fd0d21101dc41f29e7397' as 'src/deps/src/luajit' REVERT:6c0468f62Squashed 'src/deps/src/luajit/' content from commit 04f33ff0 REVERT:1141afd20Fix install.sh for nginx dynamic modules REVERT:97406bff4Add libinjection deps back REVERT:a58ad9b50Remove duplicate lua-ffi-zlib in deps REVERT:831ae129cMake init_deps.sh executable REVERT:451648fa7Remove old deps temporarily except lua REVERT:185d75076Update how the deps are initialized REVERT:6a048e68fUpdate how the deps are managed REVERT:265123835Update python deps REVERT:b0bc9a1bfUpdate the documentation REVERT:2f7ed064fdocs - Fix typo in webhook link in plugins.md REVERT:deed39a1fUpdate lua-resty-openssl to version 0.8.23 REVERT:dd295729bAdd deps project submodules REVERT:b27f38349Update lua-resty-session to version 4.0.4 and remove lua-pack deps as it's no longer needed REVERT:aeca252d9Bump lua-resty-core version to 0.1.27 and lua-nginx-module version to 0.10.25 REVERT:1ec21261cRevert "Init work with submodules" REVERT:718a9305dRevert "Fix .gitmodules file" REVERT:a253f4a59Revert "Remove old folders that are now submodules" REVERT:2e1e9a08cRevert "Initialize submodules" REVERT:e2f1aba3cRevert "Add other projects to submodules" REVERT:d9a98c6faRevert "Update commit SHA for submodule libinjection" REVERT:5ed3ba1d5Revert "Fix path resolution for modules and remove nginx submodule" REVERT:b529d8525Revert "Update checkout part of workflow to include submodules" REVERT:43783edb9Revert "Add nginx as a submodule" REVERT:8417ed132Add nginx as a submodule REVERT:6cbbd0d56Update timeout for wordpress tests to 120 seconds REVERT:d687b228eFix PERMISSIONS_POLICY authorizing self and links to be aside without spaces REVERT:bcc9fdef9[#533] Fix SERVER_NAME regex to limit domains' size individually instead of the whole setting's value REVERT:524a140d2[#534] [#504] Update ALLOWED_METHODS regex to accept more methods REVERT:a197e20d2[#531] Fix typo in documentation about SSL REVERT:07ed136afUpdate setup-kubernetes of wordpress example REVERT:30fec8a14Remove python submodule, will add it back in the next major REVERT:4b4e0f8b3Update checkout part of workflow to include submodules REVERT:c2cfd4dd9Remove checkout from dev.yml REVERT:642da402bFix dev workflow REVERT:4bb6d40a5Update dev workflow to checkout the code and submodules first REVERT:3bcdd9ca2Merge pull request #536 from bunkerity/submodules REVERT:28d59221bFix path resolution for modules and remove nginx submodule REVERT:c8e25bcdeUpdate commit SHA for submodule libinjection REVERT:e1a5782a3Update how the dependencies are being cleaned up REVERT:68bea47edAdd other projects to submodules REVERT:2cd5c7f45Initialize submodules REVERT:d7d3e2429Remove old folders that are now submodules REVERT:a74727891Fix .gitmodules file REVERT:b5fffc1f3Init work with submodules REVERT:ddc337394Update log location for nginx and letsencrypt REVERT:1c362d078Remove the deletion of let's encrypt lib and log folders after the job is finished REVERT:95c9bad8eRemove unused enums in database model REVERT:7a972274fAdd database schema to concepts.md in the docs REVERT:561499536Revert "Update README.md links to use local branch files" REVERT:4536e328eUpdate README.md links to use local branch files REVERT:89070cfb7Merge pull request #529 from bunkerity/ui REVERT:d6942a46eUpdate where the scheduler copies its config REVERT:8a98da898Merge pull request #528 from bunkerity/ui REVERT:26f831cb4Merge branch 'dev' into ui REVERT:162198bb9Update db core tests to ignore the added value for env custom configs REVERT:7a524b43eRevert back to 30 seconds of sleep in tests ui after creating a custom config REVERT:b007916d6Optimize the scheduler and gen even more (we love threads) REVERT:0661916ffUpdate ui tests to wait more after creating a custom config REVERT:2105dc0f3Update core db tests to use the right hash for plugins_page files REVERT:823119821Fix rare error when hashing dictionaries in the scheduler REVERT:1e62626acFix KeyError in scheduler REVERT:4d984f623Update CHANGELOG REVERT:d0fd6884cFix shinanigans with the custom configs and plugins jobs REVERT:8e6de2bdfAugment authelia timeout REVERT:3565dd7b3Update CHANGELOG.md REVERT:df1359e87Add possibility to download lists and plugins from a file path + Update python deps + Plugins now support tar and tar.gz as well REVERT:b756b2d7dLint py files REVERT:f57b6dad1fix cursor gap on ace editor REVERT:91c33f1d4Merge branch 'dev' into ui REVERT:3e871efedUpdate python deps REVERT:9982ec36dRemove useless import REVERT:80033642cAdd reverse proxy headers back REVERT:2a2b7b6f5Merge pull request #521 from bunkerity/staging REVERT:78236abe8Check Aqua Security REVERT:c5ff63a40Fix CVE CVE-2023-3138 REVERT:78ef5c482Fix problems when creating custom configs or plugins and removing them completely REVERT:2c190ee96add writeable /var/run/bunkerweb directory to hardened example REVERT:94867d0d6letsencrypt - use same job name when retrieving data from db REVERT:9e00b9dd1letsencrypt - use same job_name for both new and renew jobs REVERT:9adb209a8lua - fix missing multisite variables in LRU REVERT:fdd3367a6Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging REVERT:dcf156135prepare for 1.5.1 🚀 REVERT:4023e6dc6road to v1.5.1 REVERT:af9e125c8linux - merge change for debian packager REVERT:ab6025ec9linux - fix missing zope modules REVERT:7e221eb89debian working REVERT:f1435f231Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:b14dba775bw - fix multiple variables not loaded in LUA REVERT:81bb9ede1Removing python 3.11 from linux REVERT:7e66c577fRemoving python 3.11 in linux REVERT:236572f58ui - remove python 3.11 import for Linux integrations REVERT:73060e42aFix limit core tests REVERT:df0c03cefFix UI wrong import REVERT:5d7ef69c9Update limit core tests to avoid false negative REVERT:855ae8936Update limit core tests to avoid false positive REVERT:16a1916dbRemove useless imports in lua code + lint REVERT:605e237fdRemove 404 from Bad behavior status codes REVERT:fc8d76f33Rollback on hcaptcha passive feature REVERT:c08e8d151Update settings.md REVERT:44097cad0Move the COEP, COOP and CORP headers to Cors plugin and change default values REVERT:3446e5f9bUpgrade antibot to add a custom CSP on each pages + update plugins order REVERT:70f227febFix error with multisite variables when requesting default server REVERT:f81b0bb4dFix multisite variables not being added in helpers REVERT:978697500Fix has_variable method of utils REVERT:5b0b183a4Remove no longer needed decode for plugin order from datastore REVERT:a2759e377Add small tweaks on the datastore REVERT:b6d879257Fix how we fetch plugins_order in the default server REVERT:94964a910Update how we handle custom configs REVERT:6a1ff499cFix Lets'encrypt plugin api and internal API REVERT:179a7aa34Fix lua sessions with antibot REVERT:a1385fe9bfix ctx usage in reverse proxy + remove useless log in limit REVERT:23f9f14a4Remove old CVEs fixes from Dockerfile REVERT:f77150bc2Test Aqua Security CVEs REVERT:ec48e6601Fix return value when no plugins have been found in api.lua REVERT:6ab48d9ddUpdate python image to tag 3.11.4-alpine REVERT:ce24a0482apply changes to current core REVERT:02d940393perf - ctx caching and per worker LRU for readonly variables REVERT:a7069bd60Update UI to stop using env variables but werkzeug middleware + Send X-Forwarded-Prefix headers to UI service REVERT:c39dd78aeUpdate cors plugin tests REVERT:3b459b0e2Fix shinanigans with API (again) REVERT:718310312Fix shinanigans with the API REVERT:5deeacc3dFix letsencrypt jobs REVERT:c18f743d4Fix PosixPath in jobs REVERT:85a53278eAdd a charset to cors Content-Type header REVERT:e01c14f11Add Cross-Origin-*-Policy headers management and default values REVERT:0b3c1a8a0Update KEEP_UPSTREAM_HEADERS setting's default value REVERT:95f673c1dUpdate doc about headers REVERT:cee7672b5Update settings.md in the doc REVERT:d5ea95da9Increase load-balancer example test timeout REVERT:39e6821a4Lint lua code REVERT:64aa12b70Update python deps REVERT:c392a0b5fUpdate mmdb files REVERT:f93dd34f6Extend KEEP_UPSTREAM_HEADERS setting to clientcache and reverseproxy core plugins REVERT:a23d189d3Merge pull request #516 from bunkerity/dev REVERT:df47ba0e9Merge pull request #515 from bunkerity/dev REVERT:0ca7de1deAdd CVEs fixes back REVERT:84fcfb726Test Aqua Security 2 REVERT:c20bd05d3Test Aqua Security REVERT:c85a4183dFix Strict-Transport-Security not being sent REVERT:654172f43Update headers core plugin lua code REVERT:afe6da4cfAutomatically add Content-Security-Policy header to response headers in the UI REVERT:5c7cd38b5Edit headers core plugins to use lua Code + Add new setting KEEP_UPSTREAM_HEADERS REVERT:299a0b5c2Remove apk update at beginning of each Dockerfile REVERT:6cc20efe7Update bad behavior test BAD_BEHAVIOR_COUNT_TIME to 30 seconds REVERT:e2a3bfb10Bad behavior core tests change the ban time to 60 seconds REVERT:4bbddf797Merge pull request #509 from bunkerity/dev REVERT:1eeefead9Core tests sleep between each request REVERT:9829ef752Update UI to automatically set SCRIPT_NAME and ABSOLUTE_URI REVERT:b27958a19Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:410a64810core - patch modsec to use access phase instead of preaccess REVERT:f7d986d6aChange the way linux starts and the scheduler REVERT:95d4f0f87Small tweaks on core jobs REVERT:4f324231dFix tmp variables path (again) REVERT:dc18f9884Edit start.sh REVERT:3b36965f4Fix tmp_variables_path in scheduler REVERT:ccc051e78Fix /var/run/bunkerweb in fpm args REVERT:8b2517cdfRemove ui cache download test - to much unstable REVERT:d1138855eFix gunicorn config for Docker and Linux REVERT:0c8bc97faFix UI on Linux not using the right user REVERT:a68fb0c06Refactor to make more sens and avoid specific errors REVERT:fff21746aCorrecting: Dockerfile-ubuntu End of statement block Jinja REVERT:3ab4a59b6Update debian Dockerfiles to avoid updating apt packages only once REVERT:760ec3b3bAdd /var/run/bunkerweb removal script when uninstalling BunkerWeb REVERT:be459d240Update pid files paths to /var/run/bunkerweb REVERT:8b697d87dFix Scheduler errors with the internal apis REVERT:89a3c8b0bUpdate bunkerweb-ui file according to the new gunicorn usage REVERT:5e237d0d0Update gunicorn to use a config file as well + Fix headers error + Small fixes REVERT:a424d59b1Add apk update at the beginning of each Dockerfile REVERT:1d14db7e1Update custom cert job to not duplicate certs if the cert is global REVERT:7efb82a7eUpdate python deps REVERT:e920cba43Fix CVE CVE-2023-2650 REVERT:413b75b04Fix customcert plugin to accept multisite certs as well REVERT:87a9545d9Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:c53394845various fixes REVERT:aca0d6da4Small refactor on the ApiCaller and the Scheduler REVERT:1bd40a877Removing vmware support in doc REVERT:612333d2aMerge pull request #508 from bunkerity/dev REVERT:474ecbb41Fix typo in phases list in plugin.lua REVERT:5fa21b3c8Fix CVE CVE-2023-29491 REVERT:16a459bf7Lint antibot html files REVERT:fd06a1e71Add Turnstile antibot REVERT:d5e64320cFix small typo in misc.lua REVERT:4d6d95037Merge pull request #507 from bunkerity/dev REVERT:b60657e21Merge pull request #506 from gin-gitaxias/patch-3 REVERT:1f2c973a3Fix docker-compose file for custom cert job REVERT:b314f4349Update integrations to add LOG_LEVEL=warning env variable to docker proxy REVERT:0edfb2db3Update example to add a LOG_LEVEL=warning to the docker proxy REVERT:83413aef2Remove open ports from core tests docker compose files REVERT:334be4346Fix custom-cert core plugin REVERT:953128be6Update scheduler changes check to reduce CPU usage REVERT:bb7dcda48Refactor paths resolutions for core plugins REVERT:108827952whitelist - remove unused IPs of duckduckgo crawler REVERT:665b110c6[#504] Fix ALLOWED_METHODS regex REVERT:5a2aa20bcUpdate plugins.md REVERT:168dfc439Refactor paths resolutions for UI + optimizations on the plugin upload REVERT:6e80c7b8dFix variable being ignored instead of saved inside the database when the value is empty REVERT:8dad7a0b7Starting work on paths resolution refactor REVERT:b5a78c3aaTest Acqua Security vulns (2) REVERT:ed6bee69cTest Acqua Security vulns REVERT:3dba058b4Fix custom configs not being cleared out once created REVERT:d9b093dabFix plugin example in documentation REVERT:162f1d978Merge pull request #502 from bunkerity/ui REVERT:1f2fa95e7Remove useless line in the head.html file + lint HTML files REVERT:1cd356781Add multiple plugin upload in one compressed folder support for the UI REVERT:29673f918fix font REVERT:180493616Fix CVE CVE-2023-1999 REVERT:7fe7a997fMerge pull request #501 from bunkerity/ui REVERT:5b75894d4Fix UI latest version checking & Fix conditions in quick settings for services REVERT:1f6b3d59aMerge pull request #500 from bunkerity/dev REVERT:548630e3eUpdate python deps REVERT:aa299f085Update plugin update and add to get only the necessary keys REVERT:f0126b6d6Fix update-check job REVERT:a7535c300docs - fix yt preview in readme REVERT:340b4a492change arm server flavor REVERT:e7ea3952bui - add missing dep for docker/x86 REVERT:3b7d8b6c1Merge branch 'staging' into dev REVERT:6666a25fcedit version, update images on docs and fix bug in Linux script REVERT:f84af3402Add error ignoring when using the rmtree function REVERT:0b082bdabAdd handling of stderr being None in the scheduler REVERT:1f2b550f6ci/cd - fix swarm examples and init work on release workflow REVERT:d5fcc6969Merge branch 'dev' into staging REVERT:eda275589Merge pull request #485 from bunkerity/dev REVERT:7506768c4Merge branch 'ui' into dev REVERT:be3d40f18Fix CLIENT_CACHE_CONTROL setting's regex to also work with JS REVERT:41059fb28Merge pull request #484 from Hado-K3n/patch-16 REVERT:88f85b282Merge branch 'dev' into patch-16 REVERT:e5e031b6bMerge pull request #483 from Hado-K3n/patch-15 REVERT:2dbadbd29Merge pull request #482 from Hado-K3n/patch-14 REVERT:95c7b5410Merge pull request #481 from Hado-K3n/patch-13 REVERT:00739a5abMerge pull request #480 from Hado-K3n/patch-12 REVERT:a9f4be475Merge pull request #479 from Hado-K3n/patch-11 REVERT:f85f73678Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:f1efe06e9ci/cd - fix /opt/actions-runner perms for self-hosted runners REVERT:ad71be460login now use local font REVERT:dcb800d2bUpdate k8s.postgres.ui.yml REVERT:5a7f7f3c6Update k8s.postgres.yml REVERT:e1f60127eUpdate k8s.postgres.ui.yml REVERT:7553ffb63fix client_cache_control regex REVERT:9324648f2Update k8s.mysql.yml REVERT:eafe006a6Update k8s.mysql.ui.yml REVERT:62a8ec975Update k8s.mysql.ui.yml REVERT:dfcaba9adMerge pull request #478 from bunkerity/dev REVERT:737b999cdSet CLIENT_CACHE_CONTROL setting's regex REVERT:9339af44cMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:78f7570e1core - Fix bwcli condition when checking bans REVERT:40e30ed44use shared redis connection pool in cachestore when we can REVERT:d6ca98ed1Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:10a4cefd0update lua-resty-openssl deps and replace nginx -s calls with signals REVERT:97723185bcore - Add bwcli tests REVERT:ab3b3ea8fui-tests - update waiting time after creating a custom conf REVERT:5adec84d5fix redis not contacted in subsequent phases and reflect changes on stream configs REVERT:1624c4e76Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:eea6d32cdshare common objects during the phase and add threading to DNSBL and reverse scan REVERT:99f8f69faMerge pull request #477 from bunkerity/ui REVERT:9b58b397cFix ui tests (again) REVERT:ace88d865Fix plugins fetching for the UI REVERT:69b35636eFix UI tests (once again) REVERT:5dfe35b7bUpdate how the plugins are being fetched by the UI REVERT:b75690fdfChange the way python deps are installed REVERT:b19ebbe6aMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:c0c646aaeMerge pull request #476 from bunkerity/dev REVERT:edd6e2dedimproved session management and add IP/UA checks REVERT:c7ca5a822Fix Database overriding services_settings if a global_value is set REVERT:e1883a04bMerge pull request #475 from bunkerity/dev REVERT:af19cc226core - Add redis tests REVERT:0087ae583Update python deps REVERT:8133c134ecore - Fix db tests by removing "order" key check REVERT:f725d0fe6Update keys name in datastore REVERT:05c478e83Edit COOKIE_FLAGS regex REVERT:b5aaf6266add forward reverse DNS to whitelist, disable redis in cachestore when sockets are not enabled, fix typo in cachestore and improve dns/rdns caching REVERT:8a8dd6fb7db - remove order from plugin model REVERT:93c766e56Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:179beea4dimproved core plugin execution order REVERT:1d126e1d0core - fix cors tests with the preflight request REVERT:dbb884099core - Update allowed_methods test method to GET REVERT:62cb85453core - Remove cert verification when testing allowed methods in misc tests REVERT:04919e8a0Fix multiple CVEs REVERT:b32f31891Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:4962f786bfix wrong env parsing in init phase, bypass modsec/crs when method is not allowed, refactor ALLOWED_METHODS and improve error page management REVERT:10bdf551acore - Add misc tests REVERT:7158e7e9acore - Optimize cors tests REVERT:3f51f59bcAdd check when plugins are configured + Add Semaphore to accelerate jobs execution + Code optimization REVERT:4c4fa44fbci/cd - fix core/cors tests REVERT:84d43c84dMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:b58798746Update mmdb download to check the checksum at start REVERT:a9be973d5use PCRE regex instead of LUA pattern and edit cors doc REVERT:4378f18ccfix typo in bunkernet.lua, add missing Origin header in cors tests and fix allow origin expected value REVERT:7d84e03a1fix header plugin phase not called for internal request (fixes CORS), fix bunkernet init_worker bug where ngx.ctx.bw is not available, add CORS_DENY_REQUEST setting and edit values for core/cors tests REVERT:838662141Lint Lua code REVERT:36fdec105core - fix sessions tests REVERT:ab54b18e0core - fix reverse scan cache retrieval REVERT:9c6ca6a86cors - various improvements REVERT:991f7ff8dFix tests core reverse scan wasn't using the image REVERT:9c77f77faFix test core DB REVERT:9ee74aef4Add up back when retrying to up the stack + remove useless print REVERT:7bf4c11bcWhen docker up fails in core tests retry one time REVERT:82aadfa38Update core db tests to add the settings.json file and optimizations REVERT:2a78d2c05ci/cd - perform all core tests even if one failed REVERT:e3fc55be9deps - add missing hash for python dep async-timeout REVERT:5f668aecaci/cd - fix syntax error in test core wf REVERT:e5e336c4fMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:9a2e37984ci/cd core tests and antibot refactoring REVERT:2ac77ee49Fix deps not being synced REVERT:394f5fe4bMove back to images in the whitelist tests REVERT:b06210bdfRemove unused files in tests core REVERT:e6bb9fb55Add tests for core plugins REVERT:29f020f15Update python deps REVERT:051923b6ffix deprecated external network in compose files, various fixes in the documentation and add ipv6 to doc REVERT:2e1296d9ashow useful info in BW logs after startup/reload and reduce container images size REVERT:a686562f1performance - cache empty rdns results REVERT:e36c743c7performance - cache dns responses REVERT:75f3d6490init IPv6 support, add missing healthcheck script in UI and purge local cache on init REVERT:a258612e4add global data on settings filter REVERT:bc3ea0ed3change select method check REVERT:ab71c484eadd global condition for disabled state REVERT:5c415afa1various fixes - ttl on /bans api, dnsbl undercover bug, greylist, whitelist and wrong path in realip job REVERT:5c50f57f1Revert "regular inp and multiple global=true are enabled" REVERT:9ceaaa874regular inp and multiple global=true are enabled REVERT:3dde3ac0aFix no longer save SERVER_NAME when MULTISITE is set to "no" REVERT:c01b493c9Increase compression level of tar files being saved in the database REVERT:4f4a8b508Fix default global values being added to database when MULTISITE is set to "no" REVERT:408806718Add external plugins being updated at the start of the scheduler REVERT:402ff16c8Add "global" key to settings when fetching methods as well REVERT:dcdb43cf0Merge pull request #473 from bunkerity/dev REVERT:ca8c56aaaRemove unused function in UI src.Config REVERT:905946463Fix scheduler restarting for no reason when having an external database REVERT:8a308b1a8Fix database not providing the right SERVER_NAME setting value REVERT:cf26d7aa2Fix database saving default values to global_values when multisite was set to "no" REVERT:8bb6f63faMerge pull request #472 from bunkerity/dev REVERT:64789276aUpdate python deps REVERT:30194f959Fix Access-Control-Allow-Credentials not being set to the right value when deactivated REVERT:50ee37db0cors - refactoring REVERT:b8d89fe79Fix customcert plugin REVERT:63f4e44c6Fix CORS when sending an OPTIONS request REVERT:ac2e4dd64Merge branch 'staging' into dev REVERT:e14475de4ci/cd - fix missing version in linux package name REVERT:136f68cd3ci/cd - fix typo in beta wf REVERT:d83730cf7ci/cd - fix linux package name in upload/download steps REVERT:ae042854fFix blacklist download jobs where ignore urls were not being downloaded REVERT:86053d3dcUpdate RDNS regex in jobs files REVERT:b2e26fc8fRevert "Revert "Update RDNS regex"" REVERT:48354fb26Revert "Update RDNS regex" REVERT:a544f18e2Update update-check job to add stars so that the end of line shows REVERT:c6f304b37Update RDNS regex REVERT:14ca85cdbci/cd - fix package.sh name in linux build wf REVERT:dc1cb6a6fci/cd - fix scp command in linux build wf REVERT:73acbe085ci/cd - fix typo in linux build wf REVERT:45c90527cci/cd - fix linux package generation when arch is ARM REVERT:f4590749dlinux - fix arch in rhel package image REVERT:141f5a1d5ci/cd - fix typo in beta wf (again) REVERT:6e82fde8aci/cd - fix typo in beta wf REVERT:00ba46ebfprepare for 1.5.0-beta update REVERT:9a1c09c56Merge branch 'staging' into beta REVERT:df787c75dlinux - add pcre dep to fedora package REVERT:93e567bb6linux - fix fedora deps name and add architecture to fpm config REVERT:8b6d788c2ci/cd - fix bitnami chart values REVERT:541b64698increase drupal delay time for tests, fix tmp dir not created for realip-download job and fix has_*_variable check when multisite is yes REVERT:59324526cspeedup build process for python deps and fix default env value for autoconf/k8s REVERT:a58e5c60cdeps - upgrade python dependencies REVERT:27b1dddb0linux - pin pip version REVERT:fd056102dfix centos repo command in rhel dockerfiles and fix delete infras order for staging wf REVERT:fb0373343ci/cd - use single quote in linux build wf REVERT:43cbc79c7ci/cd - move ARM_* to secrets in linux build wf REVERT:7592e5a84ci/cd - fix typo in staging.yml REVERT:39ace8175fix load-balancer example and add server_name to cache keys when required REVERT:48d7e72e5Merge branch 'dev' into ui REVERT:66921b007Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:819ad60a4fix hcaptcha antibot and refactor ci/cd for staging REVERT:20913808cAdd .mypy_cache to .gitignore file REVERT:a086ff690Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:a286e7bd3fix wrong container in autoconf/k8s, init work on linux arm and ci/cd refactoring REVERT:5a233ff90Fix Database model types REVERT:18b3d7148Update db model to use SmallIntegers REVERT:b36cd924fAdd `bw_` prefix to database table names REVERT:63ce1afcdHandle errors more gently when API requests fails REVERT:d4934cfeeRemove test-ui service in the main docker compose file as it's been extracted REVERT:500d58e50Separate the compose file back REVERT:21dc67b68Update test.sh for ui-tests an the compose file REVERT:75d2be7dbUpdate tests-ui to fix them REVERT:041b7f71eUpdate ui-tests to make a valid password REVERT:1245b8b01Update regex in ui + Add regex module to requirements REVERT:913e9a2c2Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:97dc6540eci/cd - fix typo in dev wf REVERT:b75ba601bMerge branch 'staging' into dev REVERT:573fe8feeChange UI admin password check to a regex REVERT:51514df57Remove not needed file in linux scripts REVERT:9ff64426bFix ui tests with the external plugins REVERT:74fe9d5c1Lint jobs py files REVERT:97b362bb1Fix let's encrypt error when deactivated REVERT:964d31893Fix wrong attribute value when checking for external plugins REVERT:914686e78Fix often occurring bug when testing the web UI REVERT:58db1352fRevert "Fix often occurring bug when testing UI" REVERT:987af951dFix often occurring bug when testing UI REVERT:1c74c5d8dci/cd - refactoring REVERT:1cc9f5773prepare for v1.5.0-beta fixes REVERT:ac94e5072fix double .conf suffix in custom conf, migrate /etc/letsencrypt to /var/cache/letsencrypt, fix bunkernet jobs and lua code and fix reload for jobs REVERT:773874154move /etc/letsencrypt to /var/cache/bunkerweb/letsencrypt (wip) REVERT:75ca603b7WIP - fix bunkernet and missing reload for scheduled jobs REVERT:027605452Fix bunkernet initial message when checking connection + add TODO REVERT:bddfb58a0Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:c7ab00208Merge pull request #462 from bunkerity/testmmdb REVERT:ef551846bci/cd Update mmdb - Let only the schedule and change branch to push on REVERT:f41c096ecMerge branch 'testmmdb' of https://github.com/bunkerity/bunkerweb into testmmdb REVERT:a7b7c2031ci/cd Update mmdb - Add check for curl commands REVERT:fb5529566Monthly mmdb update REVERT:0afb250b9ci/cd mmdb update - Changed branch to push on REVERT:019a927b0ci/cd remove secret required for auto mmdb update REVERT:283a63f16ci/cd try fixing workflow auto download mmdb REVERT:42707ad46ci/cd test mmdb update REVERT:cd57eb423ci/cd - fix automatic push of doc REVERT:01fbacf0fci/cd - fix pdf path for draft release + fix missing git fetch before deploying doc REVERT:d693d065fci/cd - allow to update release tag, add PDF to release and fix multiline CHANGELOG in release REVERT:aa2ada0a0ci/cd - update git user/mail for push doc wf REVERT:a47d7df40ci/cd - execute apt install as root for doc to pdf workflow REVERT:c4093a2d7ci/cd - increase ARM node storage REVERT:01e599493ci/cd - concurrent builds for ARM + fix version string for RPM packages REVERT:aaa070165linux - fix VERSION path in package script REVERT:0b93c6e10ci/cd - add more cores to ARM instance REVERT:88db3fa34ci/cd - fix build rhel var REVERT:5c01bd3f7ci/cd - various fixes for push workflows REVERT:604d4c1a0Merge pull request #459 from bunkerity/dev REVERT:bed6d742fDecrease the compression level when sending configs to BunkerWeb REVERT:57cb6e9c4Update python deps REVERT:0d1580cffSmall code refactor of the jobs and the scheduler's function that generates configs REVERT:766ca0e9cMerge pull request #458 from bunkerity/dev REVERT:0ab07678dMerge pull request #457 from bunkerity/ui REVERT:5412e6d24fix logs checkbox REVERT:ba7422218ci/cd - fix push workflows REVERT:fda2948e0ci/cd - fix typo in push docker wf REVERT:59e5b1d54ci/cd - fix push workflows REVERT:7ca7d7847Merge branch 'beta' of github.com:bunkerity/bunkerweb into beta REVERT:939545644add missing postgresql-dev build deps for ARM images REVERT:0b5746abaci/cd - add missing inputs for build arm REVERT:94dc501c1ci/cd - remove load image in buildkit for ARM archs because of docker limitation REVERT:8ffaa7cf7ci/cd - force shutdown when deleting ARM node REVERT:6e99e7a98cicd - fix docker buildx arm driver REVERT:2eef2b8bbci/cd - fix variable share for ARM (again) REVERT:406c686e4ci/cd - fix variable share for ARM REVERT:6cecc70c3ci/cd - fix ssh command for ARM builder REVERT:2f992baabLint py files with black REVERT:7befd927dUpdate python deps REVERT:a4ae0d517Update cached mmdb files REVERT:c3d0d7ca7Add workflow that automatically update cached mmdb files REVERT:d4ceb7c10Remove dev comments for ui tests REVERT:b37c86e62Fix ui tests problem with the logs page REVERT:a7b07c959Fix wrong condition when fetching the logs on Docker REVERT:3b237ed3cFix UI tests REVERT:a55a0df5dci/cd - remove useless condition in create ARM workflow REVERT:ae33ca52eci/cd - fix wait-on variable REVERT:8867eb23bci/cd - fix wrong json keys from scw api REVERT:1b79e291eci/cd - various fixes for arm build REVERT:98ce5041dci/cd - use fixed sha1 commit for scw action in rm arm workflow REVERT:66d7216dcci/cd - fix typo in create arm workflow REVERT:45fa4d1c2ci/cd - ignore /root/.cargo dir for security checks, use fixed sha1 commit for scw actions and add missing deps for ui/arm REVERT:9cd13990eci/cd - pass ARM ID as secret REVERT:266383abbci/cd - dynamic arm build node REVERT:4e0d2fce5add missing dependencies when prebuilt crypto package is not present REVERT:823c09195ci/cd - add missing var for ARM builds REVERT:e71dc132eci/cd - fix typo in container build workflow REVERT:0db5f7cf0ci/cd - fix typo in beta workflow REVERT:4bfc5b693ci/cd - fix wrong cache name in container build workflow REVERT:93d0a991aci/cd - fix typo in push doc workflow REVERT:1c178ed75ci/cd - fix version output for beta/release workflows REVERT:ab7e1f624ci/cd - add missing runs-on in beta/release workflows REVERT:0f499c9d3ci/cd - fix typo in push packagecloud workflow REVERT:d0f6d59f6road to v1.5.0-beta 🚀 REVERT:408662869ci/cd - fix typo in doc-to-pdf REVERT:312757594ci/cd - fix typo in beta/release (again) REVERT:11f86ea75ci/cd - fix typo in beta/release REVERT:ad1606742use proper links in docs, automatic doc push and add pdf to releases REVERT:08e1d157dFix ui-tests by removing no longer present checks REVERT:c8908695bRemove unnecessary prints REVERT:641a27f5eci/cd - remove useless needs for ui branch REVERT:468407081ci/cd - fix typo in staging workflow REVERT:6784bd691ci/cd - fix wrong condition for container-build workflow REVERT:ef1897de8ci/cd - add missing needs to tests-ui staging REVERT:9815f22d7ci/cd fix typo in container-build workflow REVERT:65c6e48e9Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:14a4db8bduse current_bw_version for docs, add automatic tests to ui branch and fix letsencrypt permissions for linux REVERT:f6b8d23fbFix ui tests by editing the attributes name to the new ones REVERT:58fd04430ci/cd - fix typo in staging.yml REVERT:54a17c775init work on CI/CD for generic beta releases, remove useless autoconf examples and fix linux postinstall script REVERT:4f2c58bd7temp disable authelia test for k8s and add missing folders for LE on Linux REVERT:5e4ce4579various fixes REVERT:fa67c5d7bci/cd - fix missing arg for copytree REVERT:04db308c9ci/cd - edit staging workflow REVERT:5d2045803ci/cd - edit staging workflow REVERT:e7717ba7fMerge branch 'ui' into dev REVERT:bbaaad848docs - last polish REVERT:0658230e2enhance responsive REVERT:f5c28b27dMerge branch 'ui' into dev REVERT:575312336harmonize all titles dark color REVERT:2f336be77enhance file manager and jobs svg REVERT:81a37a377enhance actions btns REVERT:c3119f04edocs - plugins REVERT:ffa91933edocs - add YT demo REVERT:5741dce6dMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:7695a839fdocs - web UI REVERT:5fe0e0bfdMerge pull request #454 from Hado-K3n/patch-7 REVERT:8c71f7d27Merge pull request #455 from Hado-K3n/patch-8 REVERT:124378d7cMerge pull request #456 from Hado-K3n/patch-9 REVERT:c6a184d90fix ui integrations and fix stream support in db REVERT:d8b7db167merge from ui REVERT:ddd83a808docs - add stream support info and plugin description to settings page REVERT:289b58567docs - add stream support info on security tuning page REVERT:4dda54a11enhance style REVERT:0ca473c69fix style issue between load and page transition REVERT:1145b798ffix filter setting from custom selectors REVERT:63e7ccf13better centering loading logo with text REVERT:001a63efccontinue custom selectors + fix script + style REVERT:4144faa93fix create service issue + remove stash REVERT:72bc9e4bbstart creating custom selectors REVERT:98de3fc2fdocs - quickstart REVERT:f118f992fmerge from ui REVERT:5285a2f4aforce stash REVERT:1d354c9c6docs - quickstart (wip) REVERT:55a7c8feeforce stash REVERT:64a9fe4dbfix checkbox + style issues + script duplicate REVERT:a90d9e627ui - fix default value for inputs REVERT:7e1efcbc6Merge branch 'ui' into dev REVERT:b5f0fe856docks quickstart wip REVERT:01d8c65c9remove hidden input checkbox + fix script REVERT:b7f63450eadd special method for mode REVERT:bc47f1fa5Merge branch 'ui' into dev REVERT:7089e8b4dfix checked state REVERT:d4fd4c473fix checkbox + template REVERT:db5789fcbMerge branch 'ui' into dev REVERT:ab20f83b2Update k8s.postgres.ui.yml REVERT:bbea8ba3fUpdate k8s.mysql.ui.yml REVERT:9a2005d1aUpdate k8s.mariadb.ui.yml REVERT:9512de630docs - quickstart guide (wip) REVERT:956a7bd23Merge pull request #453 from gin-gitaxias/patch-2 REVERT:f8c5543fdUpdate plugins.md REVERT:667bb3003docs - quickstart guide (wip) REVERT:6b76596a8Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:78c2e16eaadd missing cluster config for ui/k8s and start quickstart guide doc REVERT:1e6cfe8b0fix filter disabled issue + reset on modal open REVERT:574ecbd6bLower the environnement variable for the mode REVERT:aa3ce13a8Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:6f39fce6ddocs - integrations REVERT:92fc5d981Remove ascii art showing in UI logs REVERT:ae7e3ddd9Fix how the ApiCaller is initialized for UI instances REVERT:df94bc4afMerge pull request #452 from bunkerity/dev REVERT:bf29fa2f9Show how many plugins there are correctly in the home page REVERT:509bd21b0Add log when deleting plugin REVERT:1530745a7Merge pull request #451 from bunkerity/ui REVERT:a87abf3ceupdate home dark mode + variable REVERT:8a5836dd9add popup darkmode REVERT:3a4a6ee5fnew service doesn't force method="default" REVERT:1321a76c0update service submit name for new or edit action REVERT:53e145b91show method involved in disabled setting on hover REVERT:ceec21faaupdate web-ui INTERCEPTED_ERROR_CODES REVERT:63ba00180Fix logic when saving a service in the UI REVERT:479f18b17Merge pull request #450 from bunkerity/ui REVERT:ab43bf84aMake it so the UI and the scheduler no longer run as root in Linux REVERT:a7849a6e7Fix mic mac with config files and UI REVERT:9009859aaMerge pull request #449 from gin-gitaxias/patch-1 REVERT:0bf2116c4docs - concepts REVERT:3616a9f20Update security-tuning.md REVERT:435aae7cfdocs - index and migrating REVERT:c0e649d68fix logs + select custom REVERT:1c3bbf1bcstream - add example and fix ssl support REVERT:37ebde363fix logs and plugins dropdown + margin REVERT:b64e55f75Add bigger timeout to loading.html REVERT:da4bb8dceFix condition in helpers.lua REVERT:ab509c270Fix UI with Linux REVERT:6916a81c5bunkerweb is now W3C friendly REVERT:c7bc493e3stream - fix various errors REVERT:bc1dbe18aMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:bd577cfb2country fix (again) and init work on stream REVERT:a829528c3Add bwcli to scheduler and fix it for the autoconf REVERT:9d829ebcaFinish updating bwcli REVERT:94b97a6bbMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:780c0c8c5api - fix errors in calls and use ngx.ctx instead of ngx.var REVERT:5fb0be70aMerge pull request #447 from Hado-K3n/patch-6 REVERT:6843902dbMerge pull request #446 from Hado-K3n/patch-5 REVERT:3419dca98Update k8s.postgres.ui.yml REVERT:38c71cf94Update k8s.mysql.ui.yml REVERT:b7c260561[WIP] Update bwcli REVERT:995ff250fUpdate python deps + add redis for the gen REVERT:a04490b47Replace unnecessary import REVERT:5112ed46eMerge pull request #445 from Hado-K3n/patch-4 REVERT:8558785b1Update k8s.mariadb.ui.yml REVERT:95e64d6c8bw - fix black/grey/whitelist rdns check and country check REVERT:8ea94a2e4Merge pull request #444 from bunkerity/dev REVERT:9f1405d69Remove unnecessary {-raw-} in index.html when loading REVERT:9a2f7e9abMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:93b471444Add marging to antibot files hcaptcha and recaptcha REVERT:93c0cd437Merge pull request #443 from bunkerity/ui REVERT:e7d61a67cupdate antibot and default template REVERT:5d05eaeaeMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:a77d233ecbw - add zlib dependency REVERT:9a69ca135Merge pull request #442 from bunkerity/ui REVERT:823c12823fix SERVER_NAME + fix delete form + enhance REVERT:52806afe7Merge pull request #441 from bunkerity/dev REVERT:2ea726c22Merge branch 'ui' into dev REVERT:dffc770a9fix and enhance REVERT:12f8b8197bw - add missing lua-ffi-zlib dependency, fix syntax error for white/black/greylist, fix error for dnsbl and fix limit request not working in local mode REVERT:4871a2104api - add missing ctx fill REVERT:bcc5e6bb5bw - add missing json decode in api and add missing require in country REVERT:83428d6ccbw - fix resolvers nil error when doing dns checks REVERT:7eefcb8f8antibot - manage direct access to challenge page REVERT:a372ffd52fix invalid session error handling and remove debug log in whitelist REVERT:e55912b34Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:5f9f1e54fload inline multisite values for white/black/grey list core REVERT:3b4882d82Revert "Remove no longer present CVEs fix because these are already fix in the images" REVERT:c2e0e5106limit - use atomic script for redis case REVERT:4bc0771d9Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:edf7e06e0various redis fixes and display ready log REVERT:a93d9a7d9Remove no longer present CVEs fix because these are already fix in the images REVERT:e4465d9a1Fix jobs cache when a database is used REVERT:c9af9457eFix wrong condition when sending files REVERT:17a3d933bMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:a60b6f3adbad behavior - fix 500 error and do not pass objects with another lifetime to timers REVERT:c0e8e93abFix documentation mistakes when soft merging 1.4 into dev REVERT:f1a868c66Fix when the cache from jobs is saved into DB + sleep 5 seconds when waiting for the database for the UI REVERT:d32102376Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:510938fc2antibot - fix bugs related to session REVERT:ed9605c10Update python script that generates settings.md REVERT:3dabd42dfUpdate python deps REVERT:834fbaf01remove antibot back btn + update raw REVERT:95c231515antibot - various fixes, not fully fixed yet REVERT:56028b087update antibot / loading / default page REVERT:502d4fcc0Add back the fact that we don't download the mmdb country if we don't blacklist or whitelist a country REVERT:ccd56d3b6change antibot and misc template style REVERT:c949c0232Update the security tuning's blacklist category according to the settings REVERT:671543e6eAdd more ignored variables for missing setting name warning REVERT:dbd5739abFix wrong setting names under `Custom certificate` category REVERT:5f26ebc69Fix php-cookie-flags example REVERT:bba26b548Reorder core plugins to stop having the warning at startup REVERT:db166c434Add small fixes and lint to the error.html page REVERT:08f3d93abUpdate jobs will now also check and save the cache in the db REVERT:63b1fb947Fix CVE CVE-2023-1255 REVERT:d5b11b8bbMerge pull request #440 from Hado-K3n/patch-3 REVERT:92744c091Merge pull request #439 from Hado-K3n/patch-2 REVERT:d46337f60Merge pull request #438 from Hado-K3n/patch-1 REVERT:9b52a5c3cclusterstore - various bug fixes REVERT:3f9d606e1Update k8s.postgres.ui.yml REVERT:7e2f53c8cUpdate k8s.msql.ui.yml REVERT:1f5d8bfabUpdate k8s.mariadb.ui.yml REVERT:7a7d83a75various fixes for redis/clusterstore - still WIP REVERT:a5e08e1c6refactor of session management REVERT:0fdb108fecore - do not execute init() if BW is in loading state REVERT:00b50c162various fixes for core plugins REVERT:4ba5d6659use ngx.ctx to store common values REVERT:860cc1a92Merge branch 'dev' into ui REVERT:881d3a00dfix git issue on windows REVERT:76a2ff656Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:28ef546a9refactor - start to use ngx.ctx for per-request data REVERT:ed495b99fAdd CODE_OF_CONDUCT.md REVERT:0bd3e273bUpdate compression_level of sent tarfiles to 5 instead of 9 REVERT:348ab7a1eAdd feature that allow the copy of code blocks in markdown + Update copyright REVERT:cf2938bf2Update web-ui docs according to the next major version REVERT:79a46e2cfUpdate the logic behind the check for linux os REVERT:9a325c7a9Add new check for integrations in BunkerNet job REVERT:707256076Add now the scheduler will pass his own env as well to jobs REVERT:9578ace02Remove not used INTEGRATION file in BunkerWeb container REVERT:8c919c676Update links in the home page of the web UI REVERT:ad64ce22eRemove no longer needed packages that were fixing old CVEs REVERT:29cb6fe16fix header phase and fix error template REVERT:d3d18e15aMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:a83254bf2fix wrong log in access REVERT:859343e18Merge pull request #437 from bunkerity/dev REVERT:50829293cMerge branch 'ui' into dev REVERT:8e22b1f21Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:9849ce10cfix wrong error check on phases and add missing ttl for *list cache items REVERT:3b5c083fcSoft merge branch "1.4" into "dev" + changing versions REVERT:4d95e32f1update error page REVERT:1da4b78f0Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:915b51c3bfix error pages for default http server REVERT:535f1a055Merge pull request #436 from bunkerity/staging REVERT:0afe038aaWIP Ui REVERT:3b6c3815efix default-server-http.conf REVERT:b5fa473aeMerge branch 'refactor' into staging REVERT:2fddbd862refactor - disable asn checks for non global IPs, use resty.template with antibot and various fixes REVERT:8d63e3974refactor - fix various errors and add missing dependencies REVERT:23725d483Update prod shields.io link in README.md REVERT:303f380c7Update demo.gif file REVERT:3c375039eOptimization on the download of mmdb files REVERT:a7773dae2Update intro-overview.svg REVERT:5eb884fe9Fix bug when showing cache files for services in the UI REVERT:3fac889ffRemove no longer used modsec rules for the UI REVERT:c3106e70eUpdate README.md and edit the demo GIF + edit the .prettierignore file REVERT:928ed2d6crefactoring and road to nginx 1.24.0 REVERT:34ab94640Update python image in Dockerfiles + Add gevent to requirements for the UI REVERT:aa96c8503update css REVERT:649d29b05change news base url REVERT:217d1aa50enhance style + menu script REVERT:e6ff51e20Refactoring and Linting of py files and json REVERT:666b7a1barefactor - blacklist, errors, greylist, letsencrypt and redis REVERT:496edb83aAdding thel documentation REVERT:ee83cea7fAdd ascii art showing randomly when starting REVERT:6d1914d62Update python deps REVERT:648f15e42Add new core plugin update-check REVERT:2075a5d4crefactor - badbehavior, blacklist, bunkernet, cache, cors, country and dnsbl REVERT:5dd52186bFully adding vagrant in the doc REVERT:3a03f07f1Changing vagrant integration REVERT:64997bae8Adding vagrant integration REVERT:03ec271e2refactor - improve clusterstore interface and automatically retrieve variables for plugins REVERT:29c57915cantibot inherit from plugin REVERT:840c29568continue work on refactoring REVERT:1ec83f256renamed session to sessions REVERT:8c2908157save work REVERT:afc0ac198init work on refactoring REVERT:4cd3fc644Merge pull request #434 from syrk4web/staging REVERT:bfc872be2change flash logic when login REVERT:049e9c1eaUpdate python deps REVERT:bf9b94ebfAvoid Autoconf from running in root REVERT:92e698458magento - fix docker example (again) REVERT:a771bdb18magento - fix docker example REVERT:7c21b3da2deps - update lua-resty-session to v4.0.3 REVERT:d4fae4b57session - add missing settings REVERT:a85044220init work on redis session REVERT:986f506e7add missing API_WHITELIST_IP in mattermost and moodle examples REVERT:41e8f5c93fix wrong init of counter in badbehavior and fix nextcloud/docker example REVERT:8e7205062ci/cd - reduce dynamic subdomains for k8s tests because of annotation size limit of 63 chars REVERT:1bc42204dci/cd - use dynamic random subdomains to bypass LE rate limit REVERT:a1e44f6e4Merge pull request #431 from gin-gitaxias/staging REVERT:7ccd3ef92fix moodle/swarm example and disable reverse-proxy-websocket test REVERT:8b54073a7fix missing backslashes in autoconf custom configs and add missing full reload after custom configs update REVERT:622f2eb2aautoconf - check if service exists before adding config REVERT:5d14813befix typos after basic testing REVERT:9f7060564autoconf - add missing import and fix double lock release REVERT:937cd10eerefactoring and various improvements REVERT:6af3b985afix deadlock in autoconf/swarm and fix missing favicon in default and loading pages REVERT:f6ed21b3bautoconf - fix global custom configs not supported in k8s/swarm mode REVERT:eee03c4aeautoconf - fix variable typo in k8s watch REVERT:ecf4e77b3autoconf - fix deadlock in watch loop REVERT:0b71819d2watch services for autoconf/k8s and support real IP in default http server REVERT:d3d0136bfvarious redis fixes and improvements REVERT:e80965ca9lua - fix wrong variable name in access REVERT:220374db4ci/cd - fix syntax error in jobs REVERT:9b8606d40fix redis hostname for k8s files and only append tasks with a desired state of running for autoconf/swarm REVERT:c843be074reverse proxy - allow all chars for URL settings REVERT:6a65104e7fix return value of clusterstore.connect and disable auth basic for LE challenges REVERT:b429201ecadd missing LUA import for clusterstore and fix prestashop docker example REVERT:a9ce32c26added a more precise scan response and modified .json like asked REVERT:f4442b642ci/cd - fix syntax error in k8s test class REVERT:1c3c0d63bci/cd - fix missing k8s create infra job REVERT:e8c6d04aaci/cd - various fixes for k8s tests REVERT:1caa9a1e7adding reverse-scan REVERT:5d41a5b98Merge pull request #1 from gin-gitaxias/reverse-scan REVERT:77fb8c420Add files via upload REVERT:1bb79b155linux - add geoip deps to rhel rpm REVERT:cf8644602Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging REVERT:ea1394b04ci/cd - add linux/rhel tests, fix docker/behind-reverse-proxy, fix missing stream module for linux/fedora and remove placement constraints for swarm REVERT:87bd26da0Add threatmap to README REVERT:b3eb64745ci/cd - temp disable autoconf tests and add missing packages for linux/centos REVERT:202f21aabfix syntax error in ApiCaller REVERT:55a36f719fix docker/joomla, fix autoconf/nextcloud and fix API calls for swarm tasks REVERT:1c3f094cdci/cd - fix wrong yaml edit for swarm and append LE settings for k8s REVERT:f07c0e66aci/cd - various fixes REVERT:e8ee460effix CVE-2023-0464 and CVE-2023-0465 REVERT:dd2c8cbcdMerge branch 'staging' of github.com:bunkerity/bunkerweb into staging REVERT:2d11a1c72fix nextcloud modsec rule id, fix k8s pvc definition and remove useless logs from linux/start.sh REVERT:4f334a577Add sleep between BunkerNet registering and ping to the API to avoid being rate limited REVERT:283828e8fFix Now support WebDAV methods in the ALLOWED_METHODS setting's regex REVERT:e50c92250various fixes REVERT:b8b50b165Remove check for messages after creating the service - tests-UI REVERT:e88406b5dFix ui tests with the new UI REVERT:922b32b2eMerge pull request #429 from syrk4web/staging REVERT:671db37f7fix autoconf/cors, fix docker/wordpress, fix wrong image name for k8s/scheduler and upgrade tests instances for swarm/k8s REVERT:be71b0781format logs instance to avoid error REVERT:9e1876fealogs fix + checkbox fix REVERT:4d245f9fechange cache/download to jobs/download REVERT:6d16a766ffix service delete + change style REVERT:5e598e90cfix bw-data volume not reused between docker tests, fix wrong bw-data volume path for autoconf tests, add let's encrypt to autoconf tests and fix temp env not generated for linux REVERT:dc8b7dbe7fix form input REVERT:bf22faddcremove php-cookie-flags from tests, use HTTP(S)_PORT for temp nginx on linux and fix wrong volume path for autoconf tests REVERT:6c6845a79enhance some responsive + change api REVERT:461789aedci/cd - fix BW CVEs and fix Linux restart REVERT:318228e59change and fix service logic REVERT:fa7c7ac91ci/cd - add www volumes for autoconf REVERT:f88eced33Handle services settings sent to the UI better REVERT:357dc3e3aMerge pull request #428 from syrk4web/staging REVERT:283306a07Remove CVEs fix, it's no longer needed for now REVERT:276a96c55Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging REVERT:19870f154various fixes for linux and get ui tests exit code from container REVERT:2485a47b2Update python deps REVERT:bd88f9743fix id rename error REVERT:82d8180d8Merge branch 'staging' of https://github.com/syrk4web/bunkerweb into staging REVERT:41f43c46dfix multiple REVERT:0f632803fMerge branch 'staging' of https://github.com/syrk4web/bunkerweb into staging REVERT:53f480a66enhance multiple logic + fix conflict REVERT:1cf4a5665disable healthy checks for docker-poryx and dummy app in ui tests, add --no-reload-linux flag to generator and fix missing self arg in autoconf REVERT:041142a4fadd healthchecks to ui and autoconf docker images REVERT:4f9748cc2earlier init autoconf in DB, healthcheck for scheduler and fix syntax error in linux/start.sh REVERT:54813ecd4Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging REVERT:d97b5e104various fixes REVERT:8031c5060Start handling disabled checkboxes + multiples REVERT:58ab870b2increase cors/k8s/swarms timeout and fix tests/ui container names REVERT:cceda705bupdate flash count on remove REVERT:e91f3dc22Add a log when database is ready in UI + Small refactor of the Configurator REVERT:1e9a55c24Add small tweaks to the UI and scheduler Dockerfiles REVERT:7dc26dafaFix disabled checkboxes no longer always have the value no with the UI REVERT:7dc25b3a5fix redmine/docker example, remove double AUTOCONF_MODE in integrations, remove useless backslash in start.sh/linux, rename container for ui/tests REVERT:55d24a8d1Change mmdb-country job to download the file only if needed REVERT:9e009f7beMerge branch 'staging' of github.com:bunkerity/bunkerweb into staging REVERT:73b640bd3fix cors/docker example, add missing AUTOCONF_MODE=yes to integrations YMLs, proper save_config for Linux and fix image name for UI tests REVERT:87bccaad6Add `AUTOCONF_MODE` setting to scheduler in integrations examples REVERT:d331131c0increase timeout for php-multisite, add API_LISTEN_IP setting, edit default variables.env for Linux and add more logs for tests REVERT:578a1a8c8Add more precise logs in the jobs plugins REVERT:cb808c0adFix bunkernet-ip.list file not being created in case of an error (same as 1.4) REVERT:c8d39ba6bFix scheduler no longer running as root + Fix permission errors with downloaded plugins REVERT:4a67a5f56Merge pull request #426 from syrk4web/staging REVERT:4dea680acenhance style + some fix REVERT:d81088272Change the category if the user needs to log in in the UI REVERT:e003b751dFix when saving plugins with pages REVERT:b829e4edfFix false positive error with plugin page in web UI REVERT:fc3ef3346Add UI logs into console REVERT:ce85bc6b8Fix openssl no longer prints progression in the console REVERT:2e144bf46Merge pull request #424 from syrk4web/staging REVERT:defb2c333Change the way the error page is rendered REVERT:2ae37ce8dFix regex for ANTIBOT_HCAPTCHA_SITEKEY setting REVERT:f335364fcLint antibot.lua REVERT:16842fef1Fix errors with missing % symbol + fix errors because of the symbol REVERT:5f5a5a890Fix css in antibot html files REVERT:ccde5c74ffix real ip jobs REVERT:d3402ff3fchange loading, error and test files REVERT:a02218bc8end examples refactoring REVERT:5845446b9Revert "Fix errors regex, authorize same path for multiple errors" REVERT:be0df4160Fix errors regex, authorize same path for multiple errors REVERT:89812362acontinue examples refactoring REVERT:5d214497bFix don't try to add an instance when saving the configuration with the UI REVERT:808b7b220Update jobs connect to the database only when needed REVERT:aa0eff749Fix regex in redis plugin that was breaking the UI + fix ui.conf missing comma + remove unused variables in templates REVERT:1ac434a5bUpdate python deps REVERT:9c22f1e97Refactor the py files REVERT:cfe5c6063examples refactoring REVERT:e37e6c346Fix mixup of swarm and kubernetes when reading env variables + refactoring REVERT:0356250d9Fix problem with the bunkerweb container and plugins REVERT:548d157feFix check if the Database is on read-only before trying to write REVERT:7c5aa4897Update version string size to support new format REVERT:61b9517a8Fix error when multiple jobs are trying to write in db at the same time REVERT:8c67d08aeLint code REVERT:966f57ceainit work on examples refactoring REVERT:0210ddd88Add realip settings values to the initial BunkerWeb settings REVERT:6f29756ddci/cd - pull only interesting images for UI tests REVERT:2b1dbb1d4fix default cert path again and ignore pull errors for UI tests REVERT:74a11c2edfix wrong cert/key path for default server REVERT:b3769b6e3fix missing then in blacklist.lua, disable site search in redis.init(), remove counter from reverse-proxy/stream config and fix ui tests compose pull REVERT:c7d8b7dc1update resty core and http lua to support latest version of stream lua and various fixes related to ci/cd REVERT:a62ef9f54add missing init-stream-lua.conf and various fixes for ci/cd REVERT:65611020dfix duplicate datastore http/stream, fix missing /var/www/html for linux and various fixes in tests REVERT:b28668d68ci/cd - revert back to old condition for pulling images REVERT:706305917ci/cd - fix wrong autoconf local image name, add missing secrets for tests-ui, fix wrong IMAGE_TAG for tests-k8s and try to fix pcre issue on linux REVERT:2d440d26eci/cd - add missing runs-on for reusable tests-ui REVERT:93945f391ci/cd - add ui tests REVERT:5e31b6c4afix CVE-2022-1304 for autoconf, add missing load_module for ngx_stream_lua_module.so and fix missing -lpcre in configure step REVERT:01fab4162ci/cd - fix CVE-2022-1304 and wrong TEST_DOMAINS REVERT:aa614b75aci/cd - replace Test.py with latest one, fix yaml paths, print logs when k8s stack is not healthy and fix wrong linux docker image name REVERT:88a295517ci/cd - fix log() call REVERT:b95d1bc6dci/cd - add missing log() and fix TYPE for linux tests REVERT:2604d9a56ci/cd - trying a hack to support dynamic runs-on REVERT:ed4d94529ci/cd - trying to fix runs-on problem REVERT:53410e831ci/cd - remove steps REVERT:609210021ci/cd - inherit secrets for tests workflow REVERT:a168f2bceci/cd - fix rhel build and runs-on for tests REVERT:8bf211bc5ci/cd - fix linux package generation (again) REVERT:9250faa52ci/cd - fix linux package generation REVERT:139eaa2ddci/cd - add missing scripts REVERT:7149a34ccci/cd - add empty .trivyignore and rename redhat to rhel REVERT:5c5dbcfc7ci/cd - fix type in push-packagecloud workflow REVERT:e826c619fci/cd - fix wrong quotes in delete-infra workflow REVERT:b24cbf73dci/cd - fix wrong quotes in tests workflow REVERT:99e27c430ci/cd - add missing input in tests workflow REVERT:ee0e608deci/cd - fix negative conditions REVERT:10f9658f5ci/cd - fix wrong jobs name in needs REVERT:27bac0382ci/cd - trying to fix dynamic runs-on REVERT:97627cf83ci/cd - pass runs-on to reusable workflows REVERT:8969b1e72ci/cd - remove version from reusable workflows REVERT:8ca292fb3ci/cd - change reusable workflow paths REVERT:8e73eb87cci/cd - fix syntax errors REVERT:46e3078ddci/cd - crash test incoming REVERT:95c5e2e47ci/cd - move dynamic runs-on from reusable to staging workflow REVERT:131857a9bci/cd - fix wrong indent in staging/delete-infra-* REVERT:fc1cab1afci/cd - remove subfolder and continue work on staging REVERT:25729fda7ci/cd - init work REVERT:bb2d868faRefactor tests REVERT:5e3dadbfeRefactor ui REVERT:7fe168892Refactor scheduler REVERT:36b5c372eRefactor Instance and remove unused method REVERT:596258559Accept incoming changes for misc jobs REVERT:c5a10aaa3merge default-server-cert job REVERT:06acae405rename *CUSTOM_HTTPS* to *CUSTOM_SSL* and continue work on stream support REVERT:6bf59b59aRefactor the plugins jobs REVERT:7a8a75901Fix multiple CVEs (see comment) (finally) REVERT:10ec01e7bFix wrong env var name in realip plugin REVERT:947ecf81fstream - add is_stream variable to check if we are in stream or http mode REVERT:4f4c8ebf0init work on stream support REVERT:79036e975add ngx_devel_kit and lua-resty-env deps, support set_by_lua hook for plugins and init work on whitelisting support with modsecurity REVERT:c2402b118fix duplicate root error when bw is starting, add modesec rule to core ui and init work on k8s/swarm integration files REVERT:dbd052e9aRemove unnecessary import and use parent list of supported custom conf instead REVERT:fb917960bRevert changes on the custom conf regex for the autoconf REVERT:26de0a233Lint files REVERT:0faa34ac7Add a regex to the setting REDIS_HOST REVERT:1d9459202misc - add missing page.conf REVERT:1b113236aMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:29b373148misc - default pages for default server REVERT:6cb714be0Start adding integrations examples REVERT:99b85ec8aFix Apicaller error with swarm REVERT:37114ee2fMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:902fe6ad0bw - init work on redis REVERT:7bf034fc9Fix being able to delete autoconf services from UI (shouldn't be) REVERT:916caf2d6Merge (soft) 1.4 branch into dev branch REVERT:f8e31f287Update mattermost to use a static image REVERT:0f35c05eeIgnore multiple CVEs due to missing deps in python:3.11-alpine REVERT:846e26e41Fix multiple CVEs (again) REVERT:ebc7fbbceFix multiple CVEs (see comment) REVERT:f4081ebd3Handle more errors with Bunkernet job REVERT:3b01b5144Upgrade the way the jobs run_once are executed REVERT:8fa94d6a5Edit DockerController regex to handle more custom confs and fix modsec conf mixing REVERT:c92d4224fUpdate python deps + add cryptography for autoconf and MySQL REVERT:579975899Fix checkbox not being sent when unchecked + double settings tab in UI REVERT:935805721Fix CVE CVE-2023-22490 and CVE-2023-23946 REVERT:c671ccf7aAdd unauthorized_handler to UI REVERT:5ac64758eMerge pull request #417 from syrk4web/dev REVERT:fdd0da35dMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:34d12cd55Fix file manager always use the database now + create log file for UI if not exists REVERT:47ccd9f04Log events back in the UI REVERT:39b0f3f19fix + show one mult group REVERT:7828c0225add checkbox fallback + DL script REVERT:e425eef9aFix weird shinanigans when saving services config REVERT:b75bc0344Adjusting upgrade on file variables.env REVERT:79dabf763Change the way bunkernet check on which instance type it is REVERT:3f462fb3bOptimize logger REVERT:84f3a894fFix cache files not showing on UI REVERT:93933bde7Fix custom conf MODSEC CRS being interpreted as MODSEC only REVERT:c22bccc76Correcting nginx version for debian installation REVERT:8bedc9ce6Correcting doc REVERT:3a60b3463Modifying doc for packagecloud problem REVERT:9efa21709Correcting fedora packagecloud problem REVERT:e3410058fCorrecting Ubuntu/Debian REVERT:60ac00f5ffix inp value REVERT:6b13fbb84change svg REVERT:c89205016Adding Rhel integration REVERT:cb77a7010change logs datepicker REVERT:8b0d8a9d3remove log + fix service tab REVERT:facb597eefix float buttons REVERT:89930f1a3Remove encoding from Database engine args REVERT:6122d59d8Update python deps REVERT:d3a02be59Rhel cannot be supported yet REVERT:a51aa27e4Add some checks and solutions to rare syntax error REVERT:ae8e65057Fedora upgrade working Correcting backup during upgrade Database backuped TroubleShooting some errors with OS Centos working REVERT:77f41a059Backuping old confs working REVERT:8fcba30abUpgrade Debian/Ubuntu working REVERT:2e9a0c79efix select hover style REVERT:64961e395Remove unused imports REVERT:b662d8453Update python deps and remove oracledb REVERT:e9d981a56Fix checkbox being disabled every time REVERT:39418790afix popover content REVERT:3d96fdb34update dashboard REVERT:580f33e56new file el is hidden on nav REVERT:4f6244e74Lint code REVERT:1f2076756Update Python deps REVERT:dcf9e301eFix UI not exiting correctly with gunicorn REVERT:f1a28b01bMerge pull request #408 from syrk4web/dev REVERT:5739144e3Fix bwcli /bans command REVERT:df7bbb960Update VERSION to 1.5.0 REVERT:dd0f56bb0Add password type for settings REVERT:d83d3aa3dFedora working Modifying centos systemd Adding %postun to rpm Modifying postun deb Centos working REVERT:b85e6ee6bUpdating to Fedora 37 REVERT:ca0d88fccUpgrading script: Ubuntu & Debian working REVERT:835f85d5denhance input field style REVERT:c4b5ddb95Add setting to intercept specifics error codes REVERT:86c81a621Merge pull request #407 from syrk4web/dev REVERT:e6cb5b0b0Made the UI independent + update job download plugins REVERT:0ce5f216dhandle password inp REVERT:44ce5381cFix CVEs REVERT:12b4cfa22Merge pull request #406 from syrk4web/dev REVERT:d7ee3ad66fix file manager dropdown REVERT:efbcfd0e2Beginning of automation testing for linux packages REVERT:50b83790aMerge pull request #405 from syrk4web/dev REVERT:bf1d19f33remove prefix multiple input REVERT:4d49f2f4bImproving and correcting problems on packages REVERT:f5d87849aFix errors in the UI when a service have multiple domains REVERT:d6d1dd1ceMerge pull request #403 from syrk4web/dev REVERT:0f5a73430add condition for services REVERT:a5256dd80Fix IPv4/Ipv6 CIDR regex REVERT:591a20cd8Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:c56fccbf2Adjustements to upgrade REVERT:a3a5c1c74Add ui tests requirements to the updated python deps REVERT:b1c99e408Add tests for the UI REVERT:65f2bf09bRemove the idea to store logs inside the database REVERT:7beb400b4Fix stop gathering all the logs every time with the auto update REVERT:ab163ce13Fix services settings saves and plugins deletion REVERT:6932f3dedAdd a new script to update python deps and update python deps REVERT:d14372075Fix tar error when sending /etc/nginx to BW REVERT:9edf789abUpdate python deps REVERT:4b3b9b326Merge pull request #397 from syrk4web/dev REVERT:557db479crefactorise logs script REVERT:13f1dadf5Merge pull request #396 from syrk4web/dev REVERT:adf96cadcremove useless files REVERT:d2a634e7fplugins + global_config fix REVERT:1aaac2dcfAdd regex for settings.json REVERT:871807b80Add small fixes and tweaks REVERT:4c5172edaCorrection of problems REVERT:331d58324Fixing details REVERT:e9c1b0cf8Adjusting some details REVERT:c220e5997Linux UI fix REVERT:13fbbfb67Update job database while locking the threads REVERT:ea4ceae7bFix isPage logic in menu (UI) REVERT:8ee0ec88fRemove test files in UI REVERT:d81c52654Lint ui files and change .prettierignore file REVERT:5cc80d2baMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:a6295248cMerge pull request #394 from syrk4web/dev REVERT:38b59954aLint yml files REVERT:146338de6Refactor every .py file REVERT:fcd8d8746open another tab for doc REVERT:051192791change style REVERT:9c80cdb32add plugin page logic to menu REVERT:7689dac76Filter CVEs fixes in Dockerfiles REVERT:0c8dfaaabUpdate bw and autoconf Dockerfiles for let's encrypt REVERT:c5d3e77c1Fix letsencrypt permission error and optimize the ownership commands in scheduler REVERT:8304116fdSend more variables to the home page front REVERT:4379e21eaShow dirs of every services even if they don't have a custom config REVERT:148d9d2d4Remove user override in the job scheduler when executing jobs REVERT:c6498eda7Add new php-cookie-flags example REVERT:f97e056ffUpdate jobs REVERT:13fe4b6eeEdit core plugins regex + make COOKIE_FLAGS multiple + edit DB model accordingly REVERT:2b2eadf44Merge pull request #392 from syrk4web/dev REVERT:342fe956fchange data creating new service REVERT:bb7ca889cenhance darkmode + fix + factorisation REVERT:cdc3cfc81add toggle multiples + style REVERT:191c88238Merge pull request #388 from syrk4web/dev REVERT:dbe49bb8fUpdate intro image REVERT:7bdc46057Change how the edit works in the config (UI) REVERT:364ef13b5Fix error by calling a method on the wrong variable REVERT:1142ace55Fix rare error with the jobs return code REVERT:477e87a2fnews script + multiples groups REVERT:a04f983a0Merge pull request #385 from syrk4web/dev REVERT:e5574fbdcchange flash messages style REVERT:b1ca47253Small tweaks and handle services variables better REVERT:98bda4d1eRemove unused line in Templator REVERT:0b1be727fOptimized the storage in the Database REVERT:47526dc8aMerge pull request #384 from syrk4web/dev REVERT:00d3073b0get custom method and check disabled state REVERT:02d10f619Fix datepicker.js not being found because of the caps REVERT:da634af4aAccelerate send_files method REVERT:be0ee60cdhandle stop signals with the web-ui REVERT:064f9eef9Remove lines that will never be use in save_config REVERT:ec15a4e88Handle stop signals from Docker in the scheduler REVERT:c49f50da2Move BunkerWeb entrypoint to the correct dir REVERT:48bbb5e39Merge pull request #382 from syrk4web/dev REVERT:b944de9e8change service multiple script REVERT:07ab3deb0Remove unused lines in selfsigned job REVERT:a4e863f09Update authentik and migrate the example to the 1.5 REVERT:eeb810546Migrate authelia example to the 1.5 REVERT:e2b2505d8Fix saving config for multiple settings REVERT:a0c2db7a0Fix how the config is get from the database REVERT:4595295bdfix tab focus style + dark mode style REVERT:0bd6d5655add flash script to login + enhance style REVERT:6f5aab11dfix footer padding REVERT:37380b977fix get multiple settings only REVERT:3f6432f4bMerge pull request #381 from TheophileDiot/dev REVERT:ff84656cdUpdate examples + add static versions REVERT:0e29d9f1fenhance and fix REVERT:c195ffc86Fix autoconf not working properly with the shared volume REVERT:291d64e29Update community example + linting REVERT:4346322f7fix services settings on modal open REVERT:f2daf7368Merge pull request #380 from TheophileDiot/dev REVERT:ba9c16a5dMerge branch 'dev' into dev REVERT:0db1550f2Changed the way jobs' cache files are downloaded REVERT:fa54ebd49Made a few tweaks + change the plugins for the services modals REVERT:0290f509eadd plugin_name (change values) REVERT:77931b623add plugin_name REVERT:6560ca086test REVERT:0d0f1aa95Merge pull request #378 from TheophileDiot/dev REVERT:03e98985eMigrate more examples and lint REVERT:016a8cd6dchanges REVERT:5263be27dChange the way jobs are downloaded + folder created in configs REVERT:7813b51dbMerge pull request #377 from TheophileDiot/dev REVERT:c4bd535acAdd autogen back for docker and the autoconf REVERT:243c4ca78Merge pull request #376 from TheophileDiot/dev REVERT:e9687a5b1Remove unnecessary comments REVERT:8537eea89Merge pull request #375 from TheophileDiot/dev REVERT:3c9574daeLinux: Updating nginx to 1.22 REVERT:9f84e02d8refactoring services modal logic REVERT:b105896b2add rename form REVERT:ff83b342dfix issues REVERT:8e31672acMerge pull request #374 from TheophileDiot/dev REVERT:b3d80d7a6Generate requirements with python3.9 + use new resolver REVERT:6bbbe70eeMerge pull request #373 from TheophileDiot/dev REVERT:e33bad4b9Fix comments + updated passbolt to support the 1.5 REVERT:37f21c5d4Temporarily comment the post fetching REVERT:343d9d09eShow plugin pages even if there are none REVERT:0a4f0eb57Fix error with jobs wrapper REVERT:1d4998356Fix darkmode + Add new variables to pass to the front REVERT:547021e7bFix job fetching for never ran jobs REVERT:0954e82f4Fixes some bugs in the UI related to the plugins REVERT:3c5f6002dfilter script + manage files + fix css + enhance REVERT:e988aacf3Merge pull request #371 from TheophileDiot/dev REVERT:cce181a29Update customcert job REVERT:9ba06b64dUpdate README REVERT:7f2eadaccUpdate python version for the scheduler and requirements REVERT:8d6c3d0b8Fix db get_config REVERT:cc748a048enhance responsive + add loader REVERT:3bafe137drefactorisation REVERT:e9dfb59f3handle settings type multiple (fetch, add, remove) on services REVERT:8e5dda520Changed the way the config is get from db REVERT:368122181start multiple add and delete logic REVERT:fee59a51eseparate multiple from others inputs REVERT:50ba22914upload plugins + jobs template + global enhance REVERT:94b0e6a0dChanges on the flashed messages REVERT:2e0a733cdMerge pull request #370 from TheophileDiot/dev REVERT:103e4a0aeUpdate modsec CRS to v3.3.4 REVERT:f0f9d7dcfMerge pull request #369 from TheophileDiot/dev REVERT:4dabe6daeAdvancements in the examples migration to 1.5 REVERT:115bfbdc1Merge pull request #368 from TheophileDiot/dev REVERT:81ad9e9acUpdate examples and add docker-proxy REVERT:82ab6c7c4Revert "Remove unsafe deps in the requirements and install setuptools manually" REVERT:b578823a1Remove unsafe deps in the requirements and install setuptools manually REVERT:7fb61b5efNo longer dump the jobs to the front REVERT:37ece3de1Merge pull request #367 from TheophileDiot/dev REVERT:719d779e0Start updating the examples to the 1.5 REVERT:2889b2638Merge pull request #366 from TheophileDiot/dev REVERT:3c3bb7f20Fix the way we fetch the config from the database (with suffixes) REVERT:f0d0dac91Add the variables back instead of the "_" so it doesn't create an error REVERT:62ab9944cFix scheduler errors with sqlite in autoconf REVERT:739190051Make the bunkernet not run in a thread to avoid errors REVERT:840ef8cf8Fix typo in selfsigned job REVERT:5a95e6703Edit the way the UI updates the config REVERT:34b5aba1cMerge pull request #364 from TheophileDiot/dev REVERT:b7f60dbdcUpdate deps and requirements REVERT:a0634b573Merge pull request #363 from TheophileDiot/dev REVERT:c0efdf9c0Replace /usr/sbin/nginx with nginx REVERT:db35e575eRename variables so they make more sens REVERT:b22cc44d8Change the way jobs are sent from the database REVERT:4e96e57e0Make certbot compatible with 1.5 REVERT:aaeda5300Change the jobs logic + add support for arm REVERT:657722922enhance templates REVERT:844b06e28Fix how the jobs are sent to the front REVERT:3a0727b5clogin template done REVERT:0f5756cfbenhance logs + prepare jinja variables REVERT:08e7c2104plugins done + add name to settings REVERT:6b5d6e07eRevert changes on the check_settings function REVERT:3ccc12d78add dropdown + responsive REVERT:3ed3fbe99Autotonf now update the instances too REVERT:e56f96d04Update database model + Save instances to database + add the option to add logs into the database REVERT:c87c3637dstart plugins template REVERT:3a5d14952Made few tweaks with the home page + remove useless functions REVERT:55e76b280Fix path for dropzone's scripts REVERT:64d261accChange the way logs are parsed REVERT:f13455d11send timestamp with ms REVERT:7aac0c352fix ms REVERT:fb2e41c11logs params REVERT:2967ed98cfix fetch REVERT:4f9b2120etest REVERT:f1e614faechange ternary operator for fetch REVERT:fa5719db7fetch logs + liveUpdate filter REVERT:2a2f2f1e9Fix scheduler error REVERT:208716722Merge pull request #361 from TheophileDiot/dev REVERT:fa98003f2Thread the jobs run_once REVERT:89e8839bbOptimize the regex for the core lists REVERT:51c5836aechange logs script/template + continue jobs REVERT:f61b4428bMerge pull request #360 from TheophileDiot/1.5 REVERT:a96771881Change the logs date format + start editing the logs endpoint REVERT:d30adf670Changing rhel REVERT:bf19cfe3dMigrating Linux to 1.5. Still some details to adjust to be perfect REVERT:0cd6ed1afWhen downloading new plugins, update the database properly + update job every time now REVERT:8f75af3d6edit the .dockerignore REVERT:4f4beeef9Create the database variable even when passing the variables, just in case REVERT:7347fe9bcupdate jobs only once REVERT:b509ce16eCopy the files after installing the requirements REVERT:64601ebf5Remove useless warnings REVERT:c9238f993Merge custom configs generation to avoid repetition REVERT:192c6755cUpdate db for the jobs that are ran only once REVERT:c14765c6cChange the way jobs are sent and how we update external plugins REVERT:888bedd51Change how jobs are send from the database REVERT:babb1c72cRevert "indentation" REVERT:44c74f9beRevert "indentation" REVERT:984b6c5f0ci/cd - speedup codeql by ignoring some folders not containing python files REVERT:355c947a4start jobs template + enhance menu REVERT:272de0b8bci/cd - fix codeql config path REVERT:d9fc713c4ci/cd - move codeql config to file REVERT:c2503d63dci/cd - add codeql REVERT:b098478bdenhance service + darkmode script REVERT:fa1739439ci/cd - init work on dependabot REVERT:82df3f17fci/cd - init work REVERT:f02adf300indentation REVERT:c1031cb2cindentation REVERT:e8581ecb4enhance news/menu/base + logs scripts REVERT:eb99d00daRevert "enhance news, menu + end logs scripts" REVERT:a7d3d0452enhance news, menu + end logs scripts REVERT:c7556a39aMerge pull request #358 from TheophileDiot/1.5 REVERT:e02e9c9ecEdit how plugins work with the UI REVERT:f1d7add73Merge pull request #357 from TheophileDiot/1.5 REVERT:1252d1651Add the jobs feature and add the link when using sqlite REVERT:2154c7f54Update database default DATABASE_URI REVERT:7957f63b8Merge pull request #356 from TheophileDiot/1.5 REVERT:73668b476Optimize plugin gathering REVERT:b3cfc1f01Remove unnecessary lines and add plugins_errors endpoint REVERT:b57e50db2Send needed settings with the services in ui REVERT:a0e66ab30Change Database default path for the sqlite file REVERT:fdd393826add ui work in progress REVERT:6b9a6a7e3Merge branch '1.5' of https://github.com/TheophileDiot/bunkerweb into 1.5 REVERT:277e37bceRevert "add ui" REVERT:05d4b77bbMerge branch '1.5' of https://github.com/TheophileDiot/bunkerweb into 1.5 REVERT:e7e43e64dAdd dark_mode to ui REVERT:d40a93cb7Revert "add ui" REVERT:d102f027fadd ui REVERT:b70d97671add ui REVERT:7db7aee7cMerge pull request #355 from TheophileDiot/1.5 REVERT:70844ca60Fix database with autoconf REVERT:1a7d8978bMerge pull request #353 from TheophileDiot/1.5 REVERT:93c74154afix fedora python deps bug REVERT:f2eabc0dffix centos python dep bug REVERT:d199f124bremove exits in ingress controller REVERT:3ec15eb4bUpdate the docs from dev REVERT:5a8f81256Merge branch 'dev' (softly) REVERT:d214352b7Merge pull request #352 from TheophileDiot/1.5 REVERT:891757dabAdd support for arm + change scheduler python version REVERT:8dd377562Merge pull request #351 from TheophileDiot/1.5 REVERT:630cf8b88Change the way services are sent to the UI REVERT:b0c09b4deMerge pull request #350 from TheophileDiot/1.5 REVERT:fa655e6f0Remove no longer used install.sh and uninstall.sh REVERT:c8fbcbeaeMerge pull request #349 from TheophileDiot/1.5 REVERT:32101c3dcMove UI deps, Make the DB compatible with PostgreSQL, MySQL and Oracle REVERT:035eed8f6ui - add custom PYTHONPATH in Dockerfile REVERT:2a3e24bd2Merge pull request #348 from TheophileDiot/1.5 REVERT:3984c4b0dSeparate deps and change prettierignore file and pyproject REVERT:47afdc88eMerge pull request #347 from TheophileDiot/1.5 REVERT:01bb6f5e6Stop converting the files content to base64 when sending them to front REVERT:c35874797Return dumps of settings instead of the dict REVERT:a8f27ccb1Merge pull request #346 from TheophileDiot/1.5 REVERT:edce79936Update the structure and the paths REVERT:04578aab3Changing path Linux folder REVERT:5ae714fc7Merge pull request #344 from TheophileDiot/1.5 REVERT:f65a4cdd6SMall tweaks on the UI + edit the ConfigFiles edits REVERT:06aa73fcfMerge pull request #343 from TheophileDiot/1.5 REVERT:0811aad7fEdit scheduler and change DB REVERT:858f6e00fChange python version REVERT:b279d0240Fix BunkerWeb gen on start REVERT:ef7fa5b4fMerge pull request #342 from TheophileDiot/1.5 REVERT:11bcd9824Merge branch '1.5' into 1.5 REVERT:bacef768cAdd integration manually in bunkerweb REVERT:5ec179affThe UI get the custom configs from the database REVERT:0e6a5f3f9Merge pull request #341 from TheophileDiot/1.5 REVERT:eec00ba2bUpdate the Database and make it easier to gen REVERT:479b556fbMerge pull request #340 from TheophileDiot/1.5 REVERT:375776e7dFix UI path_to_dict with the cache files REVERT:df62fd410Merge pull request #339 from TheophileDiot/1.5 REVERT:1f58d0c51Edit dockerfiles REVERT:6c07f9967Merge pull request #338 from TheophileDiot/1.5 REVERT:069b45f37Add some tweaks REVERT:850530cd0Merge pull request #337 from TheophileDiot/1.5 REVERT:01b414552Make the Database support every feature + updates REVERT:a12d013fcMerge pull request #334 from TheophileDiot/1.5 REVERT:5f8353c11Adapt everything so that the UI can work with every integration (some more tests are needed) REVERT:fe8962592Merge pull request #333 from TheophileDiot/1.5 REVERT:66fb266f8Centralize Database and optimize requests REVERT:7a03ed33fUpdate pip in Dockerfiles every time REVERT:b09c05d3bUpdate BunkerWeb deps REVERT:9c02d5f9eMerge pull request #330 from TheophileDiot/1.5 REVERT:7d743e198Update the database and the core plugins accordingly REVERT:ce6f01cf0Merge pull request #329 from TheophileDiot/1.5 REVERT:9140dc324Optimize Database connection and ApiCaller REVERT:81307c82cMerge pull request #328 from TheophileDiot/1.5 REVERT:0edef7c52Use Python 3.11 where we can REVERT:fe774e000temp nginx is dead, long live to the IS_LOADING setting REVERT:0bf402fd7Merge pull request #327 from TheophileDiot/1.5 REVERT:48242b9a3Get all config with generator REVERT:0b73ea856Merge pull request #326 from TheophileDiot/1.5 REVERT:09378458ddb.get_config() get entire config and doesn't filter anymore REVERT:100849023Merge pull request #325 from TheophileDiot/1.5 REVERT:8b54762fcFix db init with autoconf REVERT:cfaeb1013Merge pull request #324 from TheophileDiot/1.5 REVERT:7e53bfe55Fix gen for Docker integration REVERT:54530d535Merge pull request #323 from TheophileDiot/1.5 REVERT:79eea0e99Linting + starting to migrate bunkerweb to the 1.5 REVERT:316b84ad3Merge pull request #318 from TheophileDiot/Feature-specific-order-for-plugins REVERT:ba56c9f55Merge pull request #317 from TheophileDiot/Fix-scheduler-error-reload-nginx-linux REVERT:a8f79e58fMerge pull request #303 from TheophileDiot/Fix-custom-conf-disappearing REVERT:b2a7e053bMerge pull request #314 from TheophileDiot/Feature-blacklist-ignore REVERT:96e656273fix indent REVERT:01cecf14eMerge pull request #313 from TheophileDiot/Feature-max-client-size-edit-modsec REVERT:873ccad9bAdd MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS (#292) REVERT:97bf473e1deps - add update checker for deps (#293) REVERT:5af2fb778Complex example using autoconf (#271) REVERT:bd4c94e83Add specific order for core plugins and check them REVERT:a96a8a8c2Fix incorrect message while reloading nginx + more details on error REVERT:446ff93a4Add ignore blacklist feature REVERT:5fdcc9e58add g/G to the available file measurement units REVERT:d207aa4bfVariable MAX_CLIENT_SIZE change the SecRequestBodyLimit value REVERT:57ad9d7eeFix old custom configs where never deleted REVERT:7860aeab9Merge pull request #312 from TheophileDiot/dev REVERT:cac220023Fix small typo in autoconf integration REVERT:5d9dc88ccMerge pull request #307 from TheophileDiot/Restrict-access-IP-NET REVERT:40863f28aMerge branch 'dev' into Restrict-access-IP-NET REVERT:67d514b53Merge branch 'master' into dev REVERT:51e96416dMerge pull request #304 from TheophileDiot/Fix-Endless-loading-after-update-service REVERT:ace1dfca2Merge pull request #308 from TheophileDiot/Fix-doc REVERT:b9e5badd9Fix last typos REVERT:a9865f850Fix typo in plugins.md REVERT:e3d0120a0Fix minor typos in the doc REVERT:9214bb939Merge pull request #309 from TheophileDiot/Fix-flask-dev REVERT:80c1b225bReplace flask development server with gunicorn REVERT:de0954facFix typos in the docs REVERT:27b4ff330Add the greylisting feature REVERT:06f65ffe2Change the exposed port to 7000 REVERT:b0a887a15Fix errors and warnings when editing a service REVERT:803ff8cb5Fix CUSTOM_CONF_SERVER_HTTP disappearing after 60 minutes (autoconf) REVERT:94ce249d7[#290] Fix typos in docs REVERT:478e98018ci/cd - temp disable k8s test REVERT:8f44e108bci/cd - add docker system prune REVERT:72caf907aci/cd - temp disable swarm tests REVERT:01acb1cf3ci/cd - temp disable nextcloud/swarm REVERT:fc3c7892dci/cd - add missing prepare for prod tests REVERT:2a04a5642ci/cd - update ruby version for CentOS builder REVERT:6afdb298flua - fix pcall for asn/country mmdb lookup REVERT:04019a617tests - fix nextcloud/swarm REVERT:34649bf33docs - add Ansible to README REVERT:469a5343eci/cd - remove old linux packages before building REVERT:4244399ebroad to v1.4.3 🚀 REVERT:66029a316tests - edit prod workflow REVERT:d0c245ba8tests - fix bug when testing if a swarm stack is healthy REVERT:5633d5ff5tests - remove mongo-express/swarm REVERT:61d57b4ebtests - fix mongo-express/swarm REVERT:76f035e21fix wrong DENY_HTTP_STATUS setting in docs, fix autoconf ghost/prestashop tests and some UI warns/errors REVERT:b35dbdffctests - fix ghost/docker REVERT:7e226301dtests - fix prestashop/docker REVERT:8f273a929ci/cd - fix missing comment chars REVERT:45f4e06acroad to v1.4.3 REVERT:7fe58ddd5tests - disable systemd start limit REVERT:561e64a89tests - road to debian REVERT:29933fdebtests - add unzip package to linux container REVERT:7915da6dfdocker - fix CVE-2022-3209 REVERT:d8f6c2756tests - fix configs perms for linux REVERT:cb56e7d04tests - add chown for custom linux configs REVERT:e84734314tests - fix linux/drupal (again) REVERT:4caae414dtests - fix linux/drupal REVERT:8a23b96bftests - disable linux/moodle REVERT:a4fd701d5tests - temp disable linux/proxy-protocol REVERT:39ed524f0tests - add missing variables.env for moodle/linux REVERT:d0e3f3ae2tests - call cleanup-linux.sh REVERT:b0fa57b05tests - replace restart with stop+start for linux tests REVERT:ec1136085tests - print logs when setup_test fails REVERT:3be348ebetests - add haproxy cleanup for linux tests REVERT:884ca0f6dtests - add missing variables.env files for linux REVERT:e4321629ftests - road to linux tests 🚀 REVERT:c277a33e9tests - add missing which command for fedora REVERT:512c60c51tests - add some debug info when linux/setup fail REVERT:e64cc29a8tests - create /run/php folder for rpm linux distros REVERT:42d29743blinux - fix 755 perm on /opt/bunkerweb REVERT:505d5c2aetests - fix behind-reverse-proxy/linux REVERT:70992a0b5tests - fix haproxy logging again REVERT:7e5465c59tests - fix haproxy logging again REVERT:f5606b693tests - fix haproxy directive REVERT:265742cd9tests - haproxy add logs REVERT:0580662cclinux - copy current variables.env to make temp one REVERT:8e15e2a40linux - set /opt/bunkerweb permissions to 755 REVERT:17801caebtemp disable arm REVERT:552588adftemp disable arm REVERT:5849c66e6tests - fix www.conf REVERT:052dc2346tests - increase php logs verbosity for linux tests REVERT:331c7e954tests - add debug log file for PHP REVERT:f71ad0f65php - fix fastcgi_params path REVERT:34c648830trying to fix PHP bug in Linux REVERT:5c99a4b0erefactor linux/start.sh and fix tests/cors www copy REVERT:eb6f0d673tests - fix purging wrong folder for linux tests REVERT:6ea38b1f7bunkernet - fix wrong import in register job REVERT:b5c07dda0tests - add cleanup for linux tests REVERT:17b6b0fdctests - fix PHP www.conf for Linux REVERT:512ed7200tests - add cors/linux REVERT:d8071e4c4tests - install php-fpm REVERT:790fa37aetests - fix behind-reverse-proxy/linux REVERT:6005a8f73tests - fix behind-reverse-proxy/linux again and again REVERT:09f56a1c6tests - fix behind-reverse-proxy/linux again REVERT:0c4d2edf1tests - fix behind-reverse-proxy/linux REVERT:d53c54d4btests - add behind-reverse-proxy/linux REVERT:093d426bcbetter management of registration with BunkerNet and fix syntax error in LinuxTest REVERT:3762c3874tests - copy variables.env for Linux tests REVERT:55525abf1tests - fix mattermost/k8s REVERT:23f8ec957UI - fix container CVEs REVERT:a38ca5138docker - dont generate config if already present REVERT:e92938f00autoconf - fix container CVEs REVERT:c2ad79a79Docker - fix CVE-2022-37434 REVERT:8eefb4bf5examples - fix mattermost/k8s REVERT:6d1ef606fexamples - fix nextcloud/k8s REVERT:95c4ce723enable bad behavior on default server and various k8s fixes REVERT:e295b020etests - increase redmine timeout and add pvc cleanups REVERT:1e499db50examples - fix gogs/k8s REVERT:a64276136disable bad behavior if client is whitelisted and fix redmine/reverse-proxy-multisite examples REVERT:115d517c7tests - add delays REVERT:7c1474cd8examples - fix moodle/k8s port number REVERT:305870cc2examples - edit moodle/k8s port number REVERT:3df0f8505tests - add delay to moodle REVERT:897528b73tests - fix magento/k8s again REVERT:4f4c446f7examples - fix magento/k8s again REVERT:69848dcccexamples - fix magento/k8s REVERT:0516f0a83tests - assign bunkerweb-controller to srv1 REVERT:41524a9e3tests - force pv REVERT:0d44b098ftests - fix prestashop URL REVERT:0e315dc5ftests - edit prestashopHost value REVERT:5741391detests - change k8s service type of prestashop to clusterip REVERT:6adff9cebtests - increase timeout and remove pvc for prestashop/k8s REVERT:97a2caf06tests - fix Kubernetes missing variable assign REVERT:865f4f1b5tests - fix prestashop/kubernetes REVERT:e8305b0b6tests - fix missing prestashop/kubernetes.yml REVERT:840b875f7docs - edit plugins page REVERT:978bbe9caexamples - fix missing configs subfolder in nextcloud/bw-data REVERT:502c9f2feexamples - fix radarr/swarm REVERT:1c4f8bf55tests - automatic volumes prune for swarm tests REVERT:b6e2ad22atests - fix joomla/swarm REVERT:216686fc8tests - add delay parameter REVERT:d648b1fbetests - increase magento timeout REVERT:d3b725294tests - wait until swarm services are running REVERT:a48200bc0examples - fix reverse-proxy-singlesite/swarm REVERT:b429dd804tests - increase timeout for swarm healthy check REVERT:0440c61d0examples - fix gogs/swarm REVERT:ae36b9899docs - quick edit on PHP REVERT:9a83fadd8examples - fix gogs/setup.swarm.sh permissions REVERT:09141f204examples - fix magento/swarm REVERT:edf5421bfexamples - fix permissions for magento/setup-swarm.sh REVERT:c67564c7ctests - increase timeout when doing requests REVERT:b07637009examples - fix mongo-express/swarm REVERT:ec35b0a54examples - fix mattermost/autoconf REVERT:95e3022ebexamples - fix autoconf/reverse-proxy-singlesite REVERT:d63538fd5examples - fix wordpress custom conf variable name for docker/autoconf REVERT:e01b24072tests - ignore error when replacing patterns in files (binary files) REVERT:217924fe4examples - fix reverse-proxy-singlesite regex REVERT:bb6d02e0fexamples - escape dollars in reverse-proxy-singlesite compose files REVERT:5c42fb58dtests - fix reverse-proxy-singlesite REVERT:2f8c5a1e9examples - fix host for reverse-proxy-multisite REVERT:af866e825edit docs/integrations for ansible and fix examples/mongo-express compose file REVERT:e90d4cc7etests - fix json for reverse-proxy-multisite REVERT:70ac3c01btests - fix missing arg no_copy_container REVERT:07a962466tests - inline configs for docker/autoconf REVERT:87c57c67ctests - refactoring on the road, still needs some work REVERT:8fb03a317tests - on the road of refactoring REVERT:dc8570ca8tests - add status type REVERT:151378570tests - refactor mattermost example REVERT:4e7d795eatests - support custom cleanup-kubernetes.sh script and refactor some k8s tests with helm charts REVERT:cc9d228abupdate compose version to 3.3 for swarm examples so config directive is supported REVERT:181957147remove trailing space in DockerController and add missing bunkerweb prefix for autoconf-configs example REVERT:324feb593autoconf - fix missing configs update for DockerController REVERT:22398d567cors - fix typos in autoconf.yml REVERT:5119c8da7gogs - missing setting for autoconf REVERT:0fca93e3etests - sleep 30s between autoconf tests REVERT:17e14f4d5tests - fix wildcard with sudo REVERT:3a46d318etests - remove only content of subfolders REVERT:4eff0c3f9tests - fix behind reverse proxy url REVERT:bf58a17b8gogs - add setup-docker REVERT:08d8bc880tests - remove whole subfolders in bw-data REVERT:b38f7c54etests - add kubernetes-configs and fix missing s in urls REVERT:06f7fb096tests - fix docker-configs (again) REVERT:b7101eb47tests - fix docker-configs REVERT:a08b51bd0tests - fix gogs expected string REVERT:b2bcfb8c7tests - fix hardened expected string REVERT:d3014b42fexamples - refactoring in progress REVERT:7eae49719tests - prevent default rate limit REVERT:be21b3933tests - fix sudo cp again REVERT:7bb881aa3tests - fix rename REVERT:a607bd67ctests - replace python cp with sudo cp REVERT:6d06a32cctests - list example_data as root REVERT:c5526ef2fMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:75b2ae868tests - fix example_data path for docker REVERT:72965e230Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:201e2cf0fCorrection logs Linux REVERT:203397444tests - init cors and fix example_data path for autoconf REVERT:d8c8ceab3tests - fix LinuxTest setup and init work on integrating examples with the new test system REVERT:c02d888b3examples - rename setup scripts for drupal REVERT:9a9f9ebf3examples - fix linux-setup.sh for drupal REVERT:6e381ee02tests - disable copying bw-data files for k8s and swarm tests REVERT:0ee09d47dtests - force removing directories with AutoconfTest REVERT:da2f6cb4ftests - force removing directories with DockerTest REVERT:d1d2e51a3cleanup tests directory and init tests refactoring for drupal REVERT:c14b08faaexamples - edit authelia configuration.yml file for Linux integration REVERT:80fee58e4bunkernet - add default api server in jobs REVERT:37690a7a4configs - enable default server if TEMP_NGINX is set REVERT:b3fdd109alinux - fix wrong variables.env path when running jobs once REVERT:193449512Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:f5ede7897examples - fix authelia variables.env REVERT:767a7ab31Adjustements doc Ansible/Linux REVERT:81b370366wait until Linux test container is initialized and fix variables.env for authelia REVERT:44fbf0315authelia - extract tarball to tmp REVERT:02db54ce0examples - follow redirect when downloading authelia for linux REVERT:14d61854eadd sudo to linux dependencies and curl to linux test images REVERT:6f35561fatests - fix cp and end_fun for LinuxTest REVERT:2505bc015tests - add linux to authelia kinds REVERT:b1df38374tests - temp enable docker REVERT:410212b15tests - run docker cp in a shell REVERT:f2ac7bca7tests - fix typo in LinuxTest REVERT:a0948923etests - copy local files for Linux tests REVERT:458ebe07ftests - dynamically find deb/rpm name REVERT:2205043e7tests - fix LinuxTest.docker_exec() REVERT:d370f1b05tests - add missing chmod import to LinuxTest REVERT:bf6dd93aatests - replace rmdir with rmtree for LinuxTest REVERT:773517311Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:850a8057cignore CVE-2022-30065 until we have a fix REVERT:e6271ccd6Final proofreading FPM REVERT:f0ddb8328docker - fix CVE-2022-30065 for autoconf REVERT:f260bcf23Small adjustements REVERT:fa319ec10tests - fix argv len check REVERT:029406453tests - fix typo in LinuxTest REVERT:f47ab0adctests - integrated LinuxTest REVERT:eca010231FPM Linux/Ansible Doc REVERT:4d61e96e4tests - LinuxTest on the road REVERT:c9c730346tests - fix linux.sh REVERT:58a82ddcdtests - copy Linux packages to local directory REVERT:8062d043ctests - fix Linux dockerfile path REVERT:0a09f8a75fix CVE-2022-29458 REVERT:bb425bc36tests - init work on Linux tests REVERT:aa729daebexamples - remove double $ from kubernetes authelia REVERT:7edd55544fix k8s example for authelia and ignore error code when doing debug_fail for k8s tests REVERT:0fd77a809examples - fix typo in kubernetes authelia REVERT:720f36f47tests - init kubernetes refactoring REVERT:ea98b453dtests - use unique domains for swarm tests REVERT:4bd0129e4tests - also edit root domain REVERT:6e47b2991tests - add sleep in the end of SwarmTest.init() REVERT:abc500a4dtests - fix domains for SwarmTest REVERT:378047794examples - fix authelia swarm compose version REVERT:4a5e50005fix typo in SwarmTest and fix authelia swarm example REVERT:3b73c50c3tests - ignore docker stack ps return code REVERT:ba6fddb56tests - init swarm refactoring REVERT:9ecd2bd98examples - add missing network aliases to authelia autoconf REVERT:7bbf77b7afix authelia autoconf example and debug fail before cleaning tests REVERT:f02fe1ed9tests - remove only subdirectory on new tests and add cleanup when test failed REVERT:0383cadd6tests - fix compose filename for autoconf tests REVERT:aeba0ba72tests - add missing AutoconfTest object REVERT:67608a463tests - add missing decode REVERT:8b3b1291ctests - from replace/rename functions to class method REVERT:1c5c81d2ctests - add missing import REVERT:fa2d52d80tests - remove useless log and return boolean from Test.end REVERT:68bf5ef85tests - remove wrong cleanup call REVERT:424b37bectests - change permissions as root REVERT:2780ee190tests - add debug_fail function REVERT:07b0bb38ddocker - fix CVE-2022-29187 for ui and autoconf REVERT:b47c2696edocker - fix CVE-2022-29187 REVERT:fdb8ca3catests - replace internal _log with logger.log REVERT:eb59a9377tests - init refactoring for autoconf REVERT:2e0542dbbtests - ignore case when performing test REVERT:0a996bf12tests - replace match with search REVERT:48a6ba632tests - fix rm command REVERT:991ddb9ebtests - remove file as root REVERT:1e1d7d7f1tests - replace variable typo in get request REVERT:ebc94f515tests - add missing char when replacing Docker volumes REVERT:e4f6017d6tests - replace example domains with test domains REVERT:dfc5f2e79tests - export runner env REVERT:c07f85a42Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:ab57be657tests - fix missing copytree import and self parameter REVERT:5f79aea4bfpm single/multiple docker&autoconf REVERT:cc760a646tests - fix datetime import again REVERT:db2c35cb3tests - fix datetime import REVERT:28f1b4f73tests - rename variable REVERT:e1183a0d4fix tests.json for authelia and exit when test exception occurs REVERT:16573a397tests - do not run as root REVERT:de8cee491tests - add missing imports REVERT:56afbd457tests - run as root REVERT:590ad46cdtests - fix missing chmod import and Test.init log call REVERT:8d580bc16tests - fix missing Test import REVERT:a91fc7307tests - fix indent and isfile import REVERT:773a37d45Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:b64af8526tests - DockerTest on the road REVERT:0d3e1e2a1Update the plugins docs REVERT:85217b57cFix a typo in the plugin page in the docs REVERT:ba75154d0Add url_for function to custom plugins templates REVERT:c055ec7ecFix duplication in plugins REVERT:2c4efe9d0Add Plugin Pages feature REVERT:795dfc077Add static map files REVERT:8b4b3f3b0ansible docs REVERT:2e4758e94tests - DockerTest improvement REVERT:c155227ectests - init work on refactoring REVERT:dde185141tests - increase timeout for magento REVERT:e62523d1dlua - use pcall with mmdb functions REVERT:658ab7504docs - add ansible diagram REVERT:8d6397a6bMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:f5c86cc4eexamples - add cors example REVERT:8760110fbMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:cc4f0b26aQuickstart Ansible and integration REVERT:7b769361acors - init work on core plugin for CORS REVERT:97e607110linux - rename bunkerweb-ui.env to ui.env REVERT:c3ee7929bdocs - change target of the web UI demo link to blank REVERT:969a1e5d7Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev REVERT:5bf59c85ddocs - replace web UI gif with YT video REVERT:430f665cdMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev REVERT:5be21f9bfAdding www folder REVERT:afdd4de5afix regex checks with *_CUSTOM_CONF_* setting, add doc about DENY_STATUS_CODE REVERT:5586b3733misc - add DENY_HTTP_STATUS setting (403 or 444) REVERT:90e58f261fix ui.env path for Linux integration and add docs for autoconf with rootless docker REVERT:a00607af2docs - add instructions for podman REVERT:e880b7d59docs - add infos about Docker in rootless mode REVERT:fc925ccb1edit docs typo for UI and variable typo in autoconf REVERT:571422131ui - fix CVE-2022-2097 REVERT:287e763e0autoconf - fix CVE-2022-2097 REVERT:89f81140acontainer - fix CVE-2022-2097 (again) REVERT:a5c98f709container - fix CVE-2022-2097 REVERT:429214727tests - fix data folder permissions (again) REVERT:6b1c5a93etests - fix data folder permissions REVERT:fb85d1d2dautoconf - fix typo in variable REVERT:fdcbc8d36custom conf - fix wrong path with multisite configs REVERT:b2bb93bcfexamples - fix docker-configs again REVERT:2b59086f6examples - fix docker-configs REVERT:e09d4901econtainers - fix regex for *^CUSTOM_CONF_* REVERT:3594618e4examples - fix typo in docker-configs (again) REVERT:e44311281examples - fix typo in docker-configs REVERT:738e3b6e1containers - use python hack to get env var values from string REVERT:5ac80a135containers - replace compgen command with a python hack because compgen -e do not display var with dots REVERT:8f258486efix multiple CVE with curl/libcurl and add autoconf/docker CUSTOM_CONF configs examples REVERT:2dc18a794autoconf - support both configs from files and autoconf REVERT:e0a700506autoconf - init support of custom variables using labels REVERT:385b7c413docs - add docs for custom config using labels REVERT:e25babe3dcustom conf - docker REVERT:a5457a164custom conf - init setting support REVERT:0a1e8be71examples - add missing setup.sh for mattermost REVERT:70c60f2a9tests - add mattermost and radarr REVERT:f2dfb0172examples - edit mattermost and add radarr REVERT:1a8eef2c8fix autoconf import for IngressController and init work on mattermost example REVERT:cb106a112autoconf - fix indent in IngressController REVERT:492648eebautoconf - fix 410 exceptions (k8s) REVERT:1425ad0b4docs - update settings list REVERT:f7290b2c7v1.4.2 release REVERT:c0a8a356clinux - include bwcli in /usr/local/bin REVERT:40007b086add slack to official plugins and init work on EXTERNAL_PLUGIN_URLS setting REVERT:6478512e4scheduler - only send /data folder if apis are present REVERT:7aa6852d3autoconf - fix missing scheduler in autoconf mode and missing apis list REVERT:7bba81b16autoconf - fix wrong variable name for environment REVERT:5cb61380dautoconf - add missing call to ConfigCaller constructor REVERT:b2758cea7autoconf - init work on _get_static_services method REVERT:a18d77aeeautoconf - init work on static server configs as env var REVERT:4a699ef6cfix missing local Linux images import in ci/cd, and fix bug related to jobs in Linux integration REVERT:5690a58abfix IFS checking permissions REVERT:e55928a37fix bwcli commands when using Linux integration REVERT:0f2388b1ffix permissions check when file has space in the name REVERT:2b43a9cbfMerge branch 'dev' of https://github.com/bunkerity/bunkerized-nginx into dev REVERT:5ecf39ee0Fix web-ui example with X-Script-Name REVERT:ad091493cexamples - add various certbot-dns examples REVERT:a65606c36examples - add certbot-dns-ovh REVERT:cd0d70b8fcache dev Linux images in ci/cd and disable site config generation for autoconf/swarm/k8s REVERT:e21a35017plugins - support log_default() hook, same as log() but for default server REVERT:c563731e8autoconf - fix overwrite configs file when using Docker autoconf REVERT:3c417d2fflinux - fix fedora NGINX version in Dockerfile, fix missing arg when building DEB/RPM and force NGINX version DEB deps REVERT:970082f92linux - force NGINX version in RPM deps REVERT:4a2504c3breflect ci/cd changes to dev REVERT:fd0c7b1e5ci/cd - add automatic build for Linux images REVERT:1e6d62ce7fix packagecloud yank name REVERT:1a4e21481docs - edit supported architectures for prebuilt Docker images REVERT:bcaca6f03v1.4.1 release REVERT:424214fd5add changelog and add missing s in authentik url REVERT:82b42d5b9Merge pull request #259 from Brawdunoir/master REVERT:db4e2cf26update linux docs, minor fix in ingress example and update default value for bunkernet job REVERT:0ef82619btemp disable automatic tests for authentik and test automatic arm build on dedicated hardware REVERT:f2655e331remove arm build again, fix proxy_*_timeout directives and add authelia example REVERT:d51ae1c1bRemove USE_ before authbasic plugin settings REVERT:cd0438b8csupport REVERSE_PROXY_*_TIMEOUT settings, remove useless push in CI/CD and try to build arm on GH runners REVERT:f9a042526add docs about compiling BW from source on Linux, add docs about packages pinning on Linux and fix regex for REVERSE_PROXY_AUTH_REQUEST and REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL REVERT:15ac64b05let's encrypt - fix bug when AUTOCONF_MODE=yes REVERT:e0f8895e9init support for auth_request and add authentik example REVERT:e85229835don't send local IP to BunkerNet on default server, fix certbot new when MULTISITE=no and fix unknown reason in get_reason REVERT:972a284efdocker - drop support for prebuilt arm images REVERT:5258d8e58docs - edit linux install procedure REVERT:acb4bea97reflect CI/CD changes for master pushes REVERT:42067e864GHA - temp disable armv7 build until we have a fix for cryptography dependency REVERT:217bddabfGHA - different caches for armv7 and armv8 images REVERT:c5fba1367fix GHA typos REVERT:1b21f9eacfix UI tag in GHA jobs REVERT:389e05094fix links in docs and change cache location for GHA jobs REVERT:05a89c303fix registry URL in GHA jobs REVERT:a0ed8a27eadd debug flag to GHA buildx steps REVERT:d0ac5e305update GHA actions version REVERT:b16f8f11aupdate GHA actions version REVERT:a23ed06e6fix typo in GHA jobs REVERT:6b9be078brefactoring of GHA jobs REVERT:8e198ed82linux - fix documentation link in systemd unit files REVERT:c3b527afeactions - fix RPMs path REVERT:972e5471dactions - fix linux deb/rpm generation REVERT:b246c6d7efix wrong branch name in actions and image name for linux tests REVERT:b78fd5542fix freetype CVE REVERT:945241339actions - rename main branch to master REVERT:1af2264fatemp stop push to private repo REVERT:6f28708c1docs - add missing setting REVERT:a9f886804bunkerweb 1.4.0 REVERT:3a078326cMerge pull request #199 from Myzel394/patch-1 REVERT:d43b82b75remote API - only do action if 403 REVERT:3850cacb9prepare for v1.3.2 REVERT:c00c7f46alua - verify certs when doing HTTPS requests REVERT:163af4a49prepare for v1.3.2 REVERT:98e85eb99docs - update security tuning sections : distributed blacklist and request limit REVERT:2e63bb025docs - reflect kubernetes/swarm changes into the doc REVERT:6546a0edbdisable country ban if IP is local, update default values of PERMISSIONS_POLICY and FEATURE_POLICY, upgrade archlinux packages before testing REVERT:ab0038174ui - fix ROOT_FOLDER bug in serve-files.conf REVERT:9f7097de0request limit - fix some LUA code REVERT:24d6337a5limit req - multiple url support REVERT:bfb5319c1limit req - add burst and delay parameters REVERT:4c77a1482use annotations as env var in Ingress definition, fix cidr parsing for reserved ips, fix missing empty when job is external, fix ping check for remote api and init work hour/day support for request limit REVERT:4e45fa387integrations - acme without shared folder when using k8s/swarm REVERT:a9a26b82dfixed typo REVERT:00d91dcaajobs - move certbot hooks to python REVERT:650ad7ea4integrations - fix missing acme folder when using Swarm or Kubernetes REVERT:7045c0c2bjobs - fix encoding error on CentOS REVERT:f0f432487remote API - ban IP from distributed DB REVERT:fdc02be05remote API - basic send of bad IPs REVERT:fb799765ajobs - fix str/bytes hell REVERT:d53f02b5bapi - client side (untested) REVERT:7b9722facjobs - add remote API REVERT:31ed4ff83centos - update ca-certificates in install script REVERT:bc5f3ee88fix CVEs and add init to Debian test image REVERT:a6b21aae8fix typo in settings.json, bump Debian to bullseyes, init support of Arch Linux REVERT:64aa9c253init work remote API REVERT:5d94cc8f4docs - init changes about storageless REVERT:e7ee21cbbantibot - fix path for templates and data REVERT:a0f8cbdacantibot - fix LUA typo in recaptcha mode REVERT:178d7a684Merge pull request #182 from Nakinox/patch-2 REVERT:ca81535bbswarm/k8s - less storage, more API REVERT:062fa3e78integration - continue work on storageless config for k8s and swarm REVERT:95f2d2af9Update docker-compose.yml REVERT:e55dff812api - init work on storageless configuration REVERT:f0f1c79d4v1.3.1 release REVERT:3d2f5e238conf - add REVERSE_PROXY_KEEPALIVE REVERT:b079c99fbMerge branch 'patch-15' of github.com:thelittlefireman/bunkerized-nginx into keepalive REVERT:2e403c6ebconfig - add CUSTOM_HEADER REVERT:f75a05584config - add REVERSE_PROXY_BUFFERING REVERT:148edf681tests - add github token to trivy scanner REVERT:a19d8aa04Merge pull request #180 from vepito/vepito-patch-1 REVERT:480cff86bMerge pull request #179 from thelittlefireman/patch-16 REVERT:35df3423dmissing blank line REVERT:29f4069deswitch the use cases REVERT:72e438459Fix typo related to non-HTTP configuration REVERT:a4a264773jobs - fix docker reload and only do cron jobs when necessary REVERT:892e53369Missmatch in docs with modsec folder REVERT:a05614160deps - use ModSecurity v3.0.4 instead of v3.0.5 to avoid memory leak REVERT:0772a9ba8docs - edit badge version REVERT:33e0ffd5bMerge branch 'master' into dev REVERT:4cb3e089elinux - git SHA1 commit in install.sh REVERT:8808f161cdocs - dev to master links and VERSION upgrade REVERT:1c60ec980tests - fix volume wait with linux tests REVERT:b13ff3456add REDIRECT_TO_REQUEST_URI variable and edit environment variables docs REVERT:58f2926e9docs - various examples fixes REVERT:9de628f3eMissing proxy_set_header for keep alive REVERT:6cc1abc89Allow keep alive connection when ws is off REVERT:a824e1568linux - rename cron REVERT:fd52bb7c8linux - fix cron jobs REVERT:0938b20ebUI - use sudo for Linux integration REVERT:b948e08bdUI - use systemctl on Linux REVERT:fde14d162linux - fix unknown scheme error and do nginx reload as root in UI REVERT:8a4eb3f2aremove .site files (gen), uninstall remove folder at the end (linux) and run jobs when reloading local instances (UI) REVERT:2a0b84074ui - fix bug when Docker is used but Swarm is disabled, add jobs from API /reload and fix docker-compose doc REVERT:aec22d1a8ui - edit docs and fix CSRF REVERT:028fc61b4docs - add dns_resolvers and permissions to Linux REVERT:a903960b4docs - fix missing subfolder in Linux quickstart guide REVERT:a28f06f08linux - run temp nginx to solve let's encrypt challenges REVERT:6c8bc6b34tests - fix Linux systemd bug when writing to /tmp folder REVERT:2b3b4a5c3linux - systemd support REVERT:57e4247ealinux - systemd unit file REVERT:f9d4e9089docs - edit k8s php service port and append suffix to hosts REVERT:4f024ec56docs - add DNS_RESOLVERS for k8s integration REVERT:bc46fc3d4append suffix to ingress hosts REVERT:0be1da18aremove old conf before generation, dynamic DNS for PHP and reverse proxy and swarm fixes in quickstart guide REVERT:3cedc0ae1quickstart guide fixes REVERT:f1d5c07ccautoconf - various kubernetes fixes REVERT:c9a6b6c27autoconf - fixed infinite lock REVERT:b199464a7various bug fixes related to Swarm integration REVERT:4a9d64d9dadd favicon to web UI and fix some tech docs REVERT:31536a3felinux - reload as root REVERT:7b47c7304examples - minor fixes in architecture images REVERT:83e7ce9cdexamples - polishing before next release REVERT:0ad5159a3docs - add changelog for next version REVERT:6240d8e28ui - read variables.env when Linux is used REVERT:2f80f64dddocs - last polish REVERT:e98da9b63docs polishing and fix install.sh gpg --verify REVERT:d9f770696docs - web UI REVERT:75f299978docs - special folders REVERT:ef34b2cecdocs quickstart / multisite REVERT:9b9110214docs - quickstart guide / php REVERT:9e2a8070edocs - quickstart guide / reverse proxy REVERT:733136ac1docs - init quickstart REVERT:fa172ce5adocs - linux integration REVERT:f6a9184aedocs - k8s integration REVERT:d37dc2b62docs - swarm integration REVERT:f7c115edfdocs - add autoconf doc to Docker section REVERT:dfbb09136docs - init integrations/Docker REVERT:8e4a65fecfix global.env generation and add web UI gif to README REVERT:0573ba7b5ui - centering things without breaking sticky navbar and menu REVERT:bcd421de0ui - various bug fixes more or less related to UI REVERT:2ec28c79cdocs - fix README toc REVERT:fec60a4b1ui - minor styling fixes REVERT:dd7d1a2c7ui - fix example, subpath behind reverse proxy and add socket proxy rights for swarm REVERT:0c1883472docs - edit kubernetes overview image and add configuration section on the readme REVERT:4e6eab794docs - fix wrong swarm image REVERT:b23135b66docs - add docker and kubernetes images REVERT:ace9be397docs - add autoconf and swarm images REVERT:8958e5107docs - add overview image REVERT:b2cfc15c2security - add security policy REVERT:94bef079aexamples - add architecture images REVERT:50266c228examples - add the last missing README.md stubs REVERT:22e2fe869examples improvement - added some README.md stubs REVERT:55186bbefexamples improvement - hardened, joomla, kubernetes, load-balancer and moodle REVERT:d8286ced7examples improvement - certbot cloudflare and wildcard, clamav, crowdsec, ghost and gogs REVERT:44de2253dexamples improvement - traefik alternative, autoconf reverse proxy and basic website REVERT:6d73fbdedexamples - update authelia and autoconf-php REVERT:b6809266aautoconf - let's encrypt support for ingress controller REVERT:4e178b474autoconf - basic ingress controller support for kubernetes REVERT:021147f9dautoconf - fix wait and redis REVERT:5a26d06c8autoconf - fix infinite lock and honor DOCKER_HOST env var REVERT:bc01427deignore CVE-2021-36159 and redirect job logs as root when using autoconf REVERT:652614f41autoconf - use DNS for Swarm instances discovery REVERT:24d9cce82autoconf - various bug fixes in Swarm mode REVERT:f866ef632autoconf - minor fixes, prepare Swarm testing REVERT:1a32e7c02autoconf - various bug fixes with DockerController REVERT:7180378d0autoconf - init Config refactoring REVERT:6e66571fbvarious cleaning REVERT:f44e41cedjobs - lock and reload management REVERT:26db144dfautoconf refactoring and fix CVE-2021-36159 REVERT:a68ad53c3autoconf - controller classes REVERT:01bba1d3fautoconf - init refactoring before k8s integration REVERT:059707443k8s - init work on parsing ingress rules, helpers to setup on k8s, basic examples REVERT:bc3c17a2fexamples - init k8s example REVERT:556836b49autoconf - init annotations parser for k8s REVERT:22612f175minor edit on Linux tests and init work on k8s API REVERT:50c279617jobs - improved log and reload management REVERT:ef8969e2ccertbot - add USE_LETS_ENCRYPT_STAGING=yes/no env var for using staging or production servers of let's encrypt REVERT:0dc2a5ec2edit visibility of Job members and integration of a generic checker for nginx REVERT:9a207dfdcfix missing import in generator, expand networks to ips in jobs and init work on a generic checker with shared dict and redis support REVERT:a60fbbb5bhotfix - fix CVE-2021-33560 REVERT:a1b9010d9pull v1.2.8 fixes when applicable REVERT:3178545c2v1.2.8 release REVERT:36b8760d4resolve bugs on the stable version REVERT:8bb6676f5settings - fix PHP_* again REVERT:4234f82c0settings - edit EMAIL_LETS_ENCRYPT regex REVERT:b99fb27dffix missing parameter when calling reload in autoconf and edit REMOTE_PHP_PATH regex REVERT:876fcd181conf - add WORKER_PROCESSES REVERT:26dc79615jobs - fix line edit REVERT:280d18986jobs - avoid reload when not necessary REVERT:5f845680fjobs - edit referrers and user-agents data and init work on autoconf integration REVERT:d12369c90jobs - various bugs fixed and old files removed REVERT:366e39f59jobs - SelfSignedCert, runner and reloader REVERT:71741b2d3jobs - cache management REVERT:2fca4cd01jobs - logging and error management REVERT:fccf14627jobs - python stubs REVERT:b3684efafjobs - init work on refactoring REVERT:82548378acrowdsec - move as external plugin REVERT:b926b0db6examples - use example.com instead of website.com REVERT:6713f56eclinux - fix centos install REVERT:2b923c05ccompile and install LUA 5.1.5 to /opt/bunkerized-nginx/deps and introduced REDIRECT_TO feature REVERT:71cf3cf5cuse local sources when building Docker image, add LOCAL_PHP and LOCAL_PHP_REMOTE to settings.json and fix pip bug related to removed working directory REVERT:8e3dbf1c7fixed some fedora bugs, support LOCAL_PHP and LOCAL_PHP_PATH and sample variables.env REVERT:49ada6a8clinux - init work on fedora support REVERT:947e86f7clinux - uninstall script REVERT:a12561a85remove useless nginx-keys folder and add lua_package_cpath to http conf REVERT:6b19bd026deps - add cjson LUA files to deps folder REVERT:6738b28b9deps - move dependencies to dedicated /opt/bunkerized-nginx/deps folder to avoid messing with the system REVERT:010c0fd6drename gen/requirements.py to requirements.txt, add git/bash to Docker deps and fix typos in README REVERT:ecf30a71fdeps - init work on single install script REVERT:ffc4fc950deps - manual compile/install of libmaxmind and upgrade lua-resty-core REVERT:b9955699bMerge pull request #152 from thelittlefireman/patch-11 REVERT:860fd1aceUpgrade desps REVERT:eb5d13fb8Upgrade lua-nginx module to 0.10.20 REVERT:ca41987cdUpgrade corerules to 3.3.0 & modsecurity to 3.0.5 REVERT:3af1b397fUI - digging bugs from services, still some work to do REVERT:72a09eac6UI - add CSRF protection REVERT:0d3f7d392UI - admin authentication and bootstrap update REVERT:6be082e0aUI - init work on admin account REVERT:4947796c9UI - fix instances bugs REVERT:ba197dfa4UI - bind gunicorn to 127.0.0.1/0.0.0.0:5000 REVERT:4dd1ff847UI - copy from helpers, systemd service and instances page update REVERT:f771ec43fui - init Instances class to support Linux and API for Docker/Swarm REVERT:e241b0c93logs - move everything from /var/log to /var/log/nginx REVERT:d03a1a6e3linux - add jobs.log REVERT:2c9c9fb62linux - run master process as root REVERT:deb28c599autoconf - fix folders REVERT:2ea7331dajobs - disable post-jobs when SWARM_MODE=yes on SIGHUP REVERT:92ee40819whitelist - fix /.well-known/acme-challenge whitelist for let's encrypt REVERT:2ccfb26e8docker - fix CVE-2021-33560 REVERT:70f9f8417templates - add missing new line when necessary REVERT:c4aef1d60authelia - choose portal or auth basic mode REVERT:a385183d8authelia - various fixes REVERT:cec47f3a7body injection feature and add authelia to documentation REVERT:c894c8370authelia - add variables to settings.json REVERT:f73b088f7authelia - initial work REVERT:130c6752dMerge pull request #148 from aFresquetIntech/dev REVERT:f97ea6785Create .env REVERT:850429986Correction REVERT:4a8da40cfreverse-proxy-zammad REVERT:0114c7b09examples - edit basic PHP REVERT:bebe89afblinux - edit path for default errors, ignore comments in variables.env, install/prepare certbot REVERT:b2cceb608linux - fix centos REVERT:37f5e4ed7linux - fixed debian/ubuntu but still some work needed on centos REVERT:98568a57clinux - fix /var/log and typo in daemon directive REVERT:499192287linux - fix daemon directive and rights on /etc/nginx REVERT:bcb8acc36linux - add RX permissions to /opt REVERT:a9279053alinux - add executable right to gen/main.py REVERT:60057a17elinux - fix tests docker cp and pass single -c argument to su REVERT:d0366fcc0linux - started work on bunkerized-nginx command REVERT:b448d91caactions - fix centos test and docker image name when pushing REVERT:e309ce6fddocker - fix permissions on /opt REVERT:37090dc66actions - fix manifest error with buildx and load REVERT:6bb6facd8add load: true when autobuilding images and move from /bin/sh to /bin/bash REVERT:a1fcbd4b8fix actions and configure REVERT:09a2a4f9egithub actions refactoring REVERT:1e02368e8linux/docker - common /opt/bunkerized-nginx folder REVERT:bbb5134a3fix configure arguments and CRS include REVERT:b0f93fb84fix Dockerfile again REVERT:c892f037dfix Dockerfile REVERT:731c0f61dlinux - init work on installer REVERT:93543d396Linux - use the same dependencies script for Docker REVERT:5ec9e6ab4linux - CentOS 7 install REVERT:cc0d0af8dlinux - ubuntu installer REVERT:43d2097d1linux - nginx install on Debian REVERT:f880e5e2alinux - continued work on install helpers for Debian REVERT:9636013f5linux - started work on installer REVERT:15bdb076chotfix - fix docs get_git_branch REVERT:d62c4f466v1.2.7 release REVERT:ad52ef326autoconf - prevent race condition by checking health state REVERT:3bd3b6fd7Merge pull request #145 from thelittlefireman/patch-10 REVERT:e41acc20cUpgrade ModSecurity-nginx to v1.0.2 REVERT:3c721dc2aadd HEALTHCHECK to Dockerfile and append 10.0.0.0/8 to DNSBL whitelist REVERT:491d879fejobs - cleaning the mess when using autoconf without swarm mode REVERT:52534510efix bug when AUTO_LETS_ENCRYPT=yes and certbot can't resolve challenges REVERT:2c7337576jobs - fix syntax error REVERT:9e4961ccbdocs - rename sitemap to bypass rtd rewrite REVERT:01857d8acgen - display the reason when ignoring a variable REVERT:ab9f9e0a4jobs - fix jobs when MULTISITE=yes REVERT:29dc64ca3actions - add Docker cache to speedup auto build on the dev branch REVERT:b5cd4e037docker - build and push images from GitHub actions because of future DockerHub restrictions on autobuild REVERT:16101144cself-signed cert - fix bugs REVERT:95510e6e1settings - add underscore to CUSTOM_HTTPS_CERT/KEY regex REVERT:dd5890e76geoip - fix bug when using GeoIP REVERT:c3a437fa8docs - rename the sitemap to avoid conflicts ? REVERT:518ddd323docs - custom robots.txt REVERT:177a82ee6docs - automated sitemap.yml REVERT:39db7b368v1.2.6 release REVERT:9442e5914jobs - fix jobs in Swarm mode REVERT:fcc6b3b5evarious bug fixes related to Swarm REVERT:678ad70b0docs, various fixes and certbot-cloudflare example REVERT:e8f5db0b2docs - add plugins system REVERT:8295f6aebplugins - clamav example REVERT:388fc1a0eplugins - started basic plugin system REVERT:62217a321add contributing guidelines and license REVERT:53e433b1areadme - replace some badges REVERT:f640157b1Merge pull request #138 from bunkerity/feature-request-template REVERT:d646f3e5bUpdate issue templates REVERT:4b31d005ecrowdsec and generator fixes REVERT:d2135c19cdocs - road to v1.2.6 REVERT:8cda1baf7fix web ui multiple variables and add default error pages REVERT:445032406dnsbl - disable checks when IP is local REVERT:74fb01536web UI - init work on using docker-socket-proxy REVERT:ee178de6aweb ui - mostly finished templating integration (needs some testing) REVERT:7323525b6ui - show only multisite vars for settings REVERT:82e47f147ui - Dockerfile fixes and missing get_config function REVERT:2db967ad1templating - road to web ui REVERT:1d96620aetemplating - init integration into web ui REVERT:99c259bf1templating - prepare integration into ui REVERT:c7b81cfc1various bug fixes related to HTTPS REVERT:dfce0c06dautoconf - fixing various bug when SWARM_MODE=yes REVERT:0f8e56a66templating - fixing bugs with autoconf REVERT:f950abdc2templating - started integration into autoconf REVERT:4a73ae819various bug fixes on templates and nginx update to 1.20.1 REVERT:e2f02ee91templating - prepare integration for autoconf REVERT:a991b262eremove ClamAV because of GPL and started work on read-only filesystem REVERT:a8bc17e83templating - started integration into docker image REVERT:ec19f9308templating - added missing features in site templates REVERT:23aa05300templating - auth basic support REVERT:289ad106ctemplating - multisite support REVERT:bbc5bbc9etemplating - fix some site templates REVERT:633a07686templating - init work on site templates REVERT:996c45df4templating - init work on global templates REVERT:801530baftemplating - road to full jinja2 templates REVERT:c65dda391templating - init work on templating with jinja2 REVERT:ea891969ctemplating - updated settings.json with global settings REVERT:698ae17c4templating - init work on generic settings management REVERT:664563284antibot - basic pow with javascript REVERT:16e5ede13antibot - custom templates REVERT:8260746felogs/lua - add logger tool REVERT:de560490dfix LUA array variables and add LOG_LEVEL to the troubleshooting section REVERT:96db3a450log - add LOG_LEVEL variable REVERT:73543f4b0hardening - add no-new-privileges REVERT:d9bb97be5lua - move global vars from lua to site config (untested) REVERT:863283d09started work on moving variables from .lua to nginx REVERT:600484b16crowdsec - fix bugs and update example REVERT:7c6a13c54examples - improve nextcloud example so it works with webdav clients REVERT:b3bb4ec40remove unnecessary dependencies and update doc about certificate bundle REVERT:69f465720examples - fix typo BAD_BEHAVIOR_STATUS_CODES REVERT:d02985d21check permissions for missing volumes and add comment about permissions on examples REVERT:b0ca85ff7v1.2.5 - performance improvement REVERT:2f115c444Merge pull request #131 from bunkerity/issue-templates REVERT:7f15741eaUpdate issue templates REVERT:288b8eb85docs improvement + road to v1.2.5 REVERT:61c08fb97docs - troubleshooting REVERT:01ef47a66docs - security tuning improvement REVERT:71515a910doc - volumes list REVERT:a33d0658cdocs - road to a beautiful documentation REVERT:0b3ff6a9fbad behavior - move from fail2ban to pure lua REVERT:eb2d0d330performance - rsyslog and fail2ban removing REVERT:5bcbb3863doc - official document started REVERT:ca660b250init work on official doc REVERT:3a34436cdadd AquaeAtrae example for ROOT_SITE_SUBFOLDER REVERT:b1d03cd11performance - move bad user-agents and referrers checks from nginx to LUA with caching REVERT:42c3fb874add sandbox allow-downloads to the default value of CONTENT_SECURITY_POLICY REVERT:f1c043604add missing backslash in the quickstart guide and update autoconf examples with the depends_on directive REVERT:fd61df205performance - move external blacklists checks from nginx to LUA REVERT:009d6fb5achoose connection and nofile numbers, increase error_log level to get modsecurity rules, add MODSECURITY_SEC_AUDIT_ENGINE var REVERT:ba4185a42jobs - fix automatic reload REVERT:70976d0fbfix user-agent not blocking and add documentation on bundle when USE_CUSTOM_HTTPS=yes REVERT:062a39c63integrate AquaeAtrae work - add ROOT_SITE_SUBFOLDER REVERT:83841b290jobs - edit adren work on external blacklists REVERT:10dc58cb6Merge pull request #126 from adren/patch-6 REVERT:668754686Merge pull request #125 from adren/patch-5 REVERT:84b1933f6Merge pull request #124 from adren/patch-4 REVERT:15f6d0a32Merge pull request #123 from adren/patch-3 REVERT:e628361a8Merge pull request #122 from adren/patch-1 REVERT:f8d71e067improved way to generate user-agent file REVERT:02ae3b6bdchange IFS before subshell REVERT:2fb0e7c47deduplicate list of user-agents REVERT:9adcc2f1amore optimized way to generate map referrer file REVERT:7b98db4d1improve the generation of blocking file (abusers) REVERT:ddb2b8591improve generation of block file (Tor exit nodes) REVERT:da1a460a6huge improvement to generate blocking file REVERT:07be62684hotfix - fix API in autoconf swarm mode REVERT:3bb164395hotfix - move API_WHITELIST_IP edit to lua.sh REVERT:bc2568a17v1.2.4 - nginx 1.20.0 support REVERT:5ec74880dupdate README for v1.2.4 REVERT:f84fd7c9afix permissions issues for autoconf and fix volume for ghost example REVERT:6521d7a27fix client cache so it works in combination with reverse proxy and examples update REVERT:813607fbcimprove crowdsec example and disable modsec logging when not necessary REVERT:843644f80log - replace some WARN tags from LUA logs with NOTICE to avoid confusion REVERT:19fa0eb25log - print modsec_audit.log to make debugging easier REVERT:b4df28722log - send logs to remote syslog server REVERT:5ce41edc0api - whitelist IP/network for API REVERT:a3cfb50b4example - fix certbot wildcard REVERT:25494acacexample - wildcard certificate with certbot REVERT:a98dae1fbfix CVE-2021-20205 and examples update REVERT:1a7abab57nginx 1.20.0 support REVERT:42b7a57f0fix autoconf bug when removing config with multiple server name and increase default LIMIT_CONN_MAX for average website with HTTP2 REVERT:02f9fbe5fautoconf - fix certbot bug when multiple server_name for one service REVERT:69fe06677autoconf - fix bug when multiple server_name for one service REVERT:74417abc9fixing bugs - run as GID 101 instead of 0, different permissions checks in swarm mode and disable including server confs in swarm mode REVERT:ba7524a41fixed LUA bug REVERT:b55aafb99finding the LUA bug REVERT:deeb7a76aMerge pull request #117 from thelittlefireman/patch-9 REVERT:ee8aaa4e7fix lua crash 2 REVERT:605d59a45Fix lua mistake REVERT:b85c991b6bug fixes - /usr/local/lib/lua rights and syntax error in site-config REVERT:0d3658adfREVERSE_PROXY_HEADERS - use proxy_set_header instead of more_set_headers REVERT:0b22209c9documentation - userns remap feature REVERT:e44a1f3e1added the uri to limit_req_zone key to limit bruteforce attack on a specific resource instead of the whole service REVERT:aa614f82fprint error when permissions are wrong on common volumes REVERT:c03d410b0refactored whitelisting of user-agents REVERT:e190167bfCIDR support with whitelist/blacklist IP REVERT:31e72dce1fix /usr/local/lib/lua rights and multiple server_name support with autoconf REVERT:b8105fc55feature - whitelist URI REVERT:e73c10fd8crowdsec - fix permissions on /usr/local/lib/lua and on /var/log files REVERT:a122a259cminor fix on AutoConf logs and auto disable etag with reverse proxy REVERT:7c4894d3bautoconf - fix remove event, generate config from nginx vars, more logs REVERT:533c2a103fix sed script when writing site env REVERT:5611d544dremove reference to USE_PHP REVERT:397182f18add link to twitter account REVERT:c5c5fb17bv1.2.3 - swarm support REVERT:017a7780fREADME update, default cron update and new parameters to ui REVERT:34d9db7a8web ui - bug fixes REVERT:361c66ca6fixed bugs with MULTISITE variables and swarm example REVERT:afc667885road to v1.2.3 - fixing bugs REVERT:c40fb3317road to swarm - automatic reload after jobs REVERT:93ad3c0b5road to swarm - let's encrypt fix REVERT:ceed90488road to swarm - still some mess to fix REVERT:b8027d2baMerge pull request #102 from thelittlefireman/proxy_custom_headers REVERT:8d03a14a6Merge pull request #103 from thelittlefireman/fix_truncated_3 REVERT:d16f4517aEnhancement add custom proxy headers #97 REVERT:89ca91b3fFix truncated variables (last commit) REVERT:6a714e2ecroad to swarm - fix race condition on initial configuration REVERT:0d3da0353prepare /www directory, fix log socket path and whitelist acme challenges path REVERT:33163f65binit work on disabling root processes REVERT:a2543384croad to swarm - add openssl to autoconf, fix api_uri in LUA, fix file rights REVERT:3591715f2road to swarm - fixing things REVERT:95f7ca5b2road to swarm support - needs a lot of testing REVERT:816fa47cbintroducing SWARM_MODE env var REVERT:7756c2df3Merge pull request #98 from mromanelli9/fix/readme REVERT:7509ec2f2basic API to be used in swarm mode REVERT:6e93575e1remove ALLOWALL from X_FRAME_OPTIONS options REVERT:ba4c97755remove old anchor REVERT:781e4c8cbautoconf little work on swarm support REVERT:e04c783d1autoconf - init work on swarm mode REVERT:e12b656bdMerge branch 'patch-7' of https://github.com/thelittlefireman/bunkerized-nginx into dev REVERT:cae05447dcustom crontab values REVERT:4b58e2265Merge branch 'patch-5' of https://github.com/thelittlefireman/bunkerized-nginx into dev REVERT:6b56e21a0Merge branch 'whitelist_ua' of https://github.com/thelittlefireman/bunkerized-nginx into dev REVERT:544a09e8dUpdate lua-cs-bouncer REVERT:8386dd4a2custom config outside server block REVERT:f052a2516Merge branch 'pre_server_confs' of https://github.com/thelittlefireman/bunkerized-nginx into dev REVERT:43750f553Merge pull request #73 from thelittlefireman/patch-4 REVERT:9142afdb5Merge pull request #72 from thelittlefireman/patch-3 REVERT:66c4fed79Fix env variable with space are truncated 2 REVERT:f41846e9dFix env variable with space are truncated REVERT:92cc705b9Reduce memory usage : set cron tasks at different hours. REVERT:47fb3a05bUpgrade crowdsecurity/lua-cs-bouncer REVERT:5940f402cimprove default tls security REVERT:d9ca275d5Add before `server {}` config. REVERT:8353bd9c8Allow to add a whitelist by site on user-agent REVERT:d902e2f29Add last missing reverse proxy header REVERT:1a8b8043cAdd LIMIT_CONN var to server.conf REVERT:65120a7e9Add USE_CONN_LIMIT info to Readme.md REVERT:b093a4755Add default values for LIMIT_CONN REVERT:73dbf03c9add USE_LIMIT_CONN zone to global config REVERT:6ee746236Add USE_LIMIT_CONN to site-config REVERT:fa935eb6eedit nginx.conf to add limit_conn REVERT:cf231e13cAdd limit-conn.conf REVERT:d5d699252v1.2.2 - web UI (beta) REVERT:50f95420bREADME update - road to v1.2.2 REVERT:dc382c3e0various fixes - autoconf process order, multisite config and examples REVERT:0026328f2edit default FAIL2BAN_IGNOREIP subnets REVERT:9023ab5aeMerge pull request #67 from thelittlefireman/patch-2 REVERT:124474ad6Edit README.md to add FAIL2BAN_IGNOREIP REVERT:eac9c8f51Prepare FAIL2BAN_IGNOREIP to avoid self blocking REVERT:1ee490de6Prepare FAIL2BAN_IGNOREIP to avoid self blocking REVERT:825e6a747crowdsec v1 integrated REVERT:09a984c86started crowdsec v1 integration REVERT:fd7afa17bfix missing ';' in include REVERT:b9b7fdfccMerge pull request #63 from thelittlefireman/patch-1 REVERT:58e1d66bcUI - minor alert css fix REVERT:7026643f8UI - fix missing MULTISITE env var when managing services REVERT:06f688fe9fixed stop and reload operations REVERT:c65b78b1cUI - instances/services backend update (needs testing) REVERT:f9b9b9546UI - introduced multiple config parameters (like reverse proxy) in frontend REVERT:b5fe6335cUI - instances backend started REVERT:951f3957fUI - default service values REVERT:0f520b891UI - services backend started REVERT:569ad75c4UI - config.json refactoring REVERT:bd7b6af66UI - load config template from json REVERT:459bb8ea1UI services modals and default CSP update (fix new tab links) REVERT:208b5acb3UI - minor services list improvement REVERT:59b2fed41UI - basic services list REVERT:a4871a915Add missing proxy headers REVERT:026783f01Fix missing reverse proxy headers REVERT:811585345Fix missing proxy headers on site-config.sh REVERT:c5f283b00UI - minor front update REVERT:03ce7a648fix modsec double inclusion when MULTISITE=yes REVERT:3f7e2c54bJOBS - fixed some job script and right temp nginx reload REVERT:bb0f46d8aJOBS - fix job_log REVERT:c5b32dfc4fix CVE-2020-1971 again REVERT:9a4f96ad1fix CVE-2020-1971 REVERT:f258426f5JOBS - fallback to old conf in case reload failed REVERT:119e96361JOBS - be more verbose about jobs failure/success REVERT:373988670Merge pull request #54 from thelittlefireman/patch-4 REVERT:2a956f2cdFix #52 REVERT:15a37a868UI - minor UI improvement REVERT:3a3d52790UI - basic read fixes REVERT:e6b5f460cUI - basic read from docker API REVERT:002e3ed2bsecurity tests for autoconf and ui REVERT:7b55acbe8web UI example and CVE-2020-8231 fix again REVERT:559b7835dui - automated build REVERT:4ea01bd93print some logs when blocking bots REVERT:a73891a3bfix CVE-2020-8231 REVERT:26199f52cremove additional / in modsecurity include REVERT:5c3f94a84edit reverse proxy var name in README REVERT:043fcdc13autoconf - automated build REVERT:b86ded3d1autoconf - multi arch Dockerfile REVERT:92569679bdynamic reload of nginx by sending SIGHUP REVERT:15e74e486more work on standalone autoconf REVERT:fd0a6412dinit work on standalone autoconf REVERT:419fdfc86fix auth basic when MULTISITE=yes REVERT:0bc1f652bv1.2.1 - autoconf feature (beta) REVERT:6c7461e29integrate thelittlefireman work REVERT:d01bc5e01Merge branch 'patch-1' of https://github.com/thelittlefireman/bunkerized-nginx into dev REVERT:75c69c810last fixes before next release ? REVERT:e26b8482aAdd missing EMAIL_LETS_ENCRYPT parameter REVERT:f618c73e6road to v1.2.1 REVERT:78c1e5c67examples - same domains for internal tests REVERT:481e10d3ereverse proxy - websocket example REVERT:aae2a7198autoconf - php example REVERT:f3bf04e39dirty fix to disable default server when MULTISITE=yes REVERT:36cbb927cautoconf - various fixes REVERT:95153dbc5moved UA, referrer and country check after whitelist and blacklist check REVERT:26947179amoved UA and referrer check to LUA REVERT:88f27bfebautoconf - reverse proxy example and pass default vars REVERT:3cc1615c4fix user-agent script REVERT:8bacf722aMerge branch 'fix/variable-naming' of https://github.com/mromanelli9/bunkerized-nginx into dev REVERT:2bfc4b41ffirst work on automatic configuration REVERT:587d4a92eincorrect variable naming REVERT:c311d0c82add crawler-detecter bad UA REVERT:0d03f49ebwebsocket support with reverse proxy REVERT:2112c306acustom log format REVERT:8f9dcc5ablast fix ? REVERT:2fe05d3fdfixing scripts again and again REVERT:db04c0345fix referrers again REVERT:ed8bd902bfix referrers script REVERT:3a7aa5d9cblock bad referrers REVERT:9ec9de6camultiple lets encrypt certificates when MULTISITE=yes REVERT:791342cbefix LUA DNS code when answers is nil REVERT:2f23671c3fail2ban fix when MULTISITE=yes REVERT:e350a717ffix default DNS_RESOLVERS REVERT:e818acb0dprestashop example REVERT:b92f74ed9dirty fix for CVE-2020-28928 REVERT:9688e6650check all vulnerabilities with trivy REVERT:700dfc018v1.2.0 release REVERT:42e4298b5readme update - v1.2.0 changes REVERT:813b42cfaphp and nextcloud examples fix REVERT:58fcf0a72added Permissions-Policy header REVERT:587918380custom headers to remove REVERT:203259688automatic trivy scan REVERT:eaf817d57php config and examples fixes REVERT:dd7768c85whitelist/blacklist country at LUA level to avoid SEO issues REVERT:fe1d724c9country whitelist/blacklist REVERT:0635eb368various bug fixes REVERT:fbf81c94bcached blacklists data REVERT:ed451877aexamples update and multiple REVERSE_PROXY_* on single site REVERT:0f18e9c55reverse proxy support via env vars REVERT:8f7cb5318proxy caching support REVERT:60fbbc101move some http directives to server REVERT:0f0593456various fixes REVERT:8cdc155acmultisite examples and certbot renew fix REVERT:1abe1da89brotli support REVERT:f18c054b4gzip support REVERT:4dea1975eclient caching REVERT:c2b05c463fix BLOCK_COUNTRY bug and add support for ModSecurity custom confs when multisite=yes REVERT:2da51d92amultisite - bug fixes REVERT:bd7997497autotest through github actions REVERT:e89e34a84auto test fix REVERT:ff02878ddauto test setup REVERT:44b016be9road to multi server block support REVERT:36c4f3e06v1.1.2 - CrowdSec integration and custom ports REVERT:798f6c726examples - nextcloud fix and tomcat REVERT:761c14a0bcustom HTTP and HTTPS ports REVERT:4a07eca69crowdsec integration REVERT:e1274a608passbolt example REVERT:3ec81cd84Fix broken line in README REVERT:95752ff0cv1.1.1 - TLS 1.2 support REVERT:8623510f8https fix REVERT:95a76b11fpeterkimzz integration and dhparam REVERT:b0e4740a7[New Features] - Added "HTTPS_PROTOCOLS" environment value to enable to customize TLS version. default value is "TLSv1.3". (because TLSv1.2 sometimes needed) - READMD.md REVERT:e84360857README update - v1.1.0 REVERT:2f6866789logrotate copytruncate REVERT:1d63838eeexamples - fix port number REVERT:e4bdd4af5examples - nextcloud fix and moodle REVERT:2c33463afrenamed logrotate script REVERT:9ff210bedwordpress and nextcloud examples REVERT:0b7301886install CRS by tag in compile.sh REVERT:e1356e3eblogrotate.conf update and some cleanup REVERT:34a0da444logging fix again REVERT:022a653ebdisplay fail2ban.log and logging bug fix REVERT:4c11a9125automatic docker tags with VERSION REVERT:88b52478cautomatic Secure flag on cookies REVERT:ce82e22dbremove integrated PHP REVERT:397415211antibot - check IP with sessions and recaptcha REVERT:68d798855tor hidden service example REVERT:16eab0f63README update REVERT:6a22f7711load balancer example REVERT:222426854Merge pull request #13 from FacundoAcevedo/patch-1 REVERT:d63c57985Fix typo in the link in the TOC REVERT:e19a7c693run master nginx process as non-root user REVERT:7a8795883dockerfile fix - compile REVERT:01095bd72gpg fix and secure git clone REVERT:0e6729c62check GPG signature of nginx sources REVERT:040b6a223Merge branch 'patch-1' of https://github.com/fabianmoronzirfas/bunkerized-nginx into dev REVERT:5f62120e4fix(typo): add missing »find« REVERT:e8503b9ccARM build fix REVERT:676571e4ause nginx:stable-alpine as base image REVERT:34254a09eexamples and DNS_RESOLVERS fix REVERT:81cff3648readme update REVERT:e166b1feaawesome gif resized REVERT:f08bba8ccawesome gif REVERT:ccf439228session secret fix REVERT:c1d44387bbasic antibot feature through recaptcha v3 REVERT:135126e3freadme fix REVERT:ac251b0f6Merge branch 'master' of https://github.com/ZILosoft/bunkerized-nginx into dev REVERT:ac242c977Update README.md REVERT:2909b7989basic antibot feature through captcha REVERT:446ee3761basic antibot using javascript REVERT:6e1c43c4cbasic antibot feature through cookie REVERT:652d8ac97fixed typo in manifest REVERT:de1952b5fREADME - toc update and title fix REVERT:16a458db2README improvement REVERT:f27d80e0dvarious fixes and lua logging REVERT:fc3d911ffimproved blacklist/whitelist/dnsbl with lua REVERT:ef7d842ffarm64v8 auto build and master manifest REVERT:0e5704983manifest for automated builds REVERT:aaef37007improved logging with rsyslog REVERT:6e3c2ddccintegrated ajarmoszuk work REVERT:919b418d5Added the ability to self generate SSL certificates REVERT:fb1a0182eAdded the ability to see Real IPs if Nginx is running under another proxy (such as Traefik). REVERT:2e0a8307di386 fix again REVERT:181003efei386 fix REVERT:fca7bb075automatic builds REVERT:764038d40README update REVERT:f4c43a214block proxies and abusers REVERT:3a9afa47bMerge pull request #5 from ajarmoszuk/patch-1 REVERT:2c12df3b9update default req_limit values REVERT:2f967a9f4Update entrypoint.sh REVERT:eba5f6280req limit REVERT:44155b5d6dnsbl ipairs fix REVERT:829c1c697some fixes and README update REVERT:f3721a50dsitewide auth basic REVERT:b56e4e765dnsbl feature REVERT:1654e913alua support REVERT:3e5ca583cremote PHP-FPM support REVERT:bcd17dbeaautomatic geoip update REVERT:14ec9f3e6logrotate and compile fixes REVERT:5b5e6e33aawesome logo REVERT:1aa1dcf50logrotate support REVERT:f30a06d94syslog integration and fail2ban improvement REVERT:cd19841ecreadme - details about modsec include order REVERT:94b29a6cafixed some include orders REVERT:bf605ce59custom root folder and little fixes REVERT:b14b09ad5default CSP update REVERT:4f5e5f013readme improve REVERT:76bd069f2php POST max size and custom HTTPS cert REVERT:1d6ab7275http basic auth fix REVERT:472ec31cdreadme fix REVERT:caa415e12http basic auth REVERT:8561d47becreate a customized image REVERT:4bede275ffix typo REVERT:efcf93710inspectFile fix REVERT:ccaaa8b57readme fix REVERT:b83111ad1realip, minor fixes and README REVERT:a2be2e8aeimproved README : format, modsec, fail2ban and clamav REVERT:48a0036d2updated readme REVERT:bf0bef289clamav support REVERT:193070b14fail2ban support REVERT:716e54e59custom http/server confs and better modsec customization REVERT:43403f69edisable default server REVERT:69ac95b29block country and various fixes REVERT:ecf2de8b7multiple let's encrypt domains REVERT:8427564f4user-agents escape fix REVERT:c56bde4f0fix certbot-renew.sh syntax REVERT:834afa132http to https redirect REVERT:d5f8c7647custom modules and write access REVERT:5bcdb0219f**k markup ? REVERT:3233f3b76fix readme REVERT:62eda8173improved README REVERT:09e6b50e5custom conf REVERT:5d16f6a8ffix README REVERT:1b5f6deb2cookie flags and maxmind update REVERT:ea1dbc617updated readme REVERT:0b703ea55content security policy REVERT:1e642e2f1initial readme REVERT:e90060ce6initial work REVERT:70f849fbbInitial commit git-subtree-dir: src/deps/src/modsecurity git-subtree-split: 205dac0e8c675182f96b5c2fb06be7d1cf7af2b2
This commit is contained in:
Théophile Diot
parent
6e146e2a54
commit
a75b90f525
|
|
@ -1,6 +0,0 @@
|
|||
.git
|
||||
.idea/
|
||||
.vscode/
|
||||
__pycache__
|
||||
env
|
||||
node_modules
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
name: Bug report
|
||||
about: Something is not working as expected
|
||||
title: "[BUG]"
|
||||
labels: bug
|
||||
assignees: ""
|
||||
---
|
||||
|
||||
**Description**
|
||||
Concise description of what you're trying to do, the expected behavior and the current bug.
|
||||
|
||||
**How to reproduce**
|
||||
Give steps on how to reproduce the bug (e.g. : commands, yaml, configs, tests, environment, version, ...).
|
||||
|
||||
**Logs**
|
||||
The logs generated by BunkerWeb. **DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES !**
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
name: Documentation enhancement
|
||||
about: Error in the documentation or something is missing
|
||||
title: "[DOC]"
|
||||
labels: documentation
|
||||
assignees: ""
|
||||
---
|
||||
|
||||
**Description**
|
||||
Concise description of the error or what is missing.
|
||||
|
||||
**Proposal (optional)**
|
||||
Any proposal or ideas to fix the problem.
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
name: Feature request
|
||||
about: Suggest an idea for this project
|
||||
title: "[FEATURE]"
|
||||
labels: enhancement
|
||||
assignees: ""
|
||||
---
|
||||
|
||||
**What's needed and why ?**
|
||||
Describe the feature you would like to see in the project and why it should be implemented.
|
||||
|
||||
**Implementations ideas (optional)**
|
||||
How it should be used and integrated into the project ? List some posts, research papers or codes that we can use as implementation.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
name: "CodeQL config"
|
||||
|
||||
paths:
|
||||
- src/autoconf
|
||||
- src/scheduler
|
||||
- src/ui
|
||||
- src/common
|
||||
paths-ignore:
|
||||
- src/ui/static
|
||||
- src/common/core/modsecurity/files
|
||||
|
|
@ -1,84 +0,0 @@
|
|||
version: 2
|
||||
|
||||
updates:
|
||||
# GHA
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/gha"
|
||||
target-branch: "dev"
|
||||
|
||||
# BW
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/bw"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/bw"
|
||||
target-branch: "dev"
|
||||
|
||||
# Scheduler
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/scheduler"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/scheduler"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/scheduler"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/scheduler"
|
||||
target-branch: "dev"
|
||||
|
||||
# Autoconf
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/autoconf"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/autoconf"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/autoconf"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/autoconf"
|
||||
target-branch: "dev"
|
||||
|
||||
# UI
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/ui"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/ui"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/ui"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/ui"
|
||||
target-branch: "dev"
|
||||
|
|
@ -1,285 +0,0 @@
|
|||
name: Automatic push (BETA)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [beta]
|
||||
|
||||
jobs:
|
||||
|
||||
# Build amd64 + 386 containers images
|
||||
build-containers:
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: [linux/amd64, linux/386]
|
||||
include:
|
||||
- release: beta
|
||||
cache: false
|
||||
push: false
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
- arch: linux/amd64
|
||||
cache_suffix: amd64
|
||||
- arch: linux/386
|
||||
cache_suffix: "386"
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Create ARM environment
|
||||
create-arm:
|
||||
uses: ./.github/workflows/create-arm.yml
|
||||
secrets:
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build arm64 + arm/v7 images
|
||||
build-containers-arm:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: ["linux/arm64,linux/arm/v7"]
|
||||
include:
|
||||
- release: beta
|
||||
cache: false
|
||||
push: false
|
||||
cache_suffix: arm
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
platforms: [linux/amd64, linux/arm64]
|
||||
include:
|
||||
- release: beta
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: false
|
||||
PLATFORMS: ${{ matrix.platforms }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Wait for all builds and extract VERSION
|
||||
wait-builds:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build-containers, build-containers-arm, build-packages]
|
||||
outputs:
|
||||
version: ${{ steps.getversion.outputs.version }}
|
||||
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Get VERSION
|
||||
id: getversion
|
||||
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
|
||||
- name: Get VERSION (for RPM based)
|
||||
id: getversionrpm
|
||||
run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
|
||||
|
||||
# Push Docker images
|
||||
push-images:
|
||||
needs: [create-arm, wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
|
||||
include:
|
||||
- release: beta
|
||||
- image: bunkerweb
|
||||
cache_from: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: bunkerweb-scheduler
|
||||
cache_from: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: bunkerweb-autoconf
|
||||
cache_from: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: bunkerweb-ui
|
||||
cache_from: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/push-docker.yml
|
||||
with:
|
||||
IMAGE: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
|
||||
CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
needs: [wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, el]
|
||||
arch: [amd64, arm64]
|
||||
include:
|
||||
- release: beta
|
||||
repo: bunkerweb
|
||||
- linux: ubuntu
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: jammy
|
||||
package: deb
|
||||
- linux: debian
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: bullseye
|
||||
package: deb
|
||||
- linux: fedora
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 38
|
||||
package: rpm
|
||||
- linux: el
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 8
|
||||
package: rpm
|
||||
- linux: ubuntu
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: debian
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: fedora
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: el
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: ubuntu
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: debian
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: fedora
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
- linux: el
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
uses: ./.github/workflows/push-packagecloud.yml
|
||||
with:
|
||||
SEPARATOR: ${{ matrix.separator }}
|
||||
SUFFIX: ${{ matrix.suffix }}
|
||||
REPO: ${{ matrix.repo }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
|
||||
PACKAGE_ARCH: ${{ matrix.package_arch }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
|
||||
# Create doc PDF
|
||||
doc-pdf:
|
||||
needs: [wait-builds, push-images, push-packages]
|
||||
uses: ./.github/workflows/doc-to-pdf.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
|
||||
# Push on GH
|
||||
push-gh:
|
||||
needs: [wait-builds, doc-pdf]
|
||||
permissions:
|
||||
contents: write
|
||||
discussions: write
|
||||
uses: ./.github/workflows/push-github.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
PRERELEASE: true
|
||||
|
||||
# Push doc
|
||||
push-doc:
|
||||
needs: [wait-builds, push-gh]
|
||||
permissions:
|
||||
contents: write
|
||||
uses: ./.github/workflows/push-doc.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
ALIAS: beta
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
|
||||
# Remove ARM VM
|
||||
rm-arm:
|
||||
if: ${{ always() }}
|
||||
needs: [create-arm, push-images, build-packages]
|
||||
uses: ./.github/workflows/rm-arm.yml
|
||||
secrets:
|
||||
ARM_ID: ${{ needs.create-arm.outputs.id }}
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
|
||||
|
||||
|
|
@ -1,126 +0,0 @@
|
|||
name: Build container (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
ARCH:
|
||||
required: true
|
||||
type: string
|
||||
IMAGE:
|
||||
required: true
|
||||
type: string
|
||||
DOCKERFILE:
|
||||
required: true
|
||||
type: string
|
||||
CACHE:
|
||||
required: false
|
||||
type: boolean
|
||||
default: true
|
||||
PUSH:
|
||||
required: false
|
||||
type: boolean
|
||||
default: true
|
||||
CACHE_SUFFIX:
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
secrets:
|
||||
DOCKER_USERNAME:
|
||||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
PRIVATE_REGISTRY:
|
||||
required: false
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: false
|
||||
ARM_SSH_KEY:
|
||||
required: false
|
||||
ARM_SSH_IP:
|
||||
required: false
|
||||
ARM_SSH_CONFIG:
|
||||
required: false
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Setup SSH for ARM node
|
||||
if: inputs.CACHE_SUFFIX == 'arm'
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ secrets.ARM_SSH_IP }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Setup Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
if: inputs.CACHE_SUFFIX != 'arm'
|
||||
- name: Setup Buildx (ARM)
|
||||
uses: docker/setup-buildx-action@v2
|
||||
if: inputs.CACHE_SUFFIX == 'arm'
|
||||
with:
|
||||
endpoint: ssh://root@arm
|
||||
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
if: inputs.PUSH == true
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
# Build cached image
|
||||
- name: Build image
|
||||
if: inputs.CACHE == true
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.DOCKERFILE }}
|
||||
platforms: ${{ inputs.ARCH }}
|
||||
load: true
|
||||
tags: local/${{ inputs.IMAGE }}
|
||||
cache-from: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
|
||||
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
|
||||
# Build non-cached image
|
||||
- name: Build image
|
||||
if: inputs.CACHE != true
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.DOCKERFILE }}
|
||||
platforms: ${{ inputs.ARCH }}
|
||||
load: ${{ inputs.CACHE_SUFFIX != 'arm' }}
|
||||
tags: local/${{ inputs.IMAGE }}
|
||||
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
|
||||
# Check OS vulnerabilities
|
||||
- name: Check OS vulnerabilities
|
||||
if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
vuln-type: os
|
||||
skip-dirs: /root/.cargo
|
||||
image-ref: local/${{ inputs.IMAGE }}
|
||||
format: table
|
||||
exit-code: 1
|
||||
ignore-unfixed: false
|
||||
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
||||
trivyignores: .trivyignore
|
||||
# Push image
|
||||
- name: Push image
|
||||
if: inputs.PUSH == true
|
||||
run: docker tag local/${{ inputs.IMAGE }} ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:$TAG && docker push ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:$TAG
|
||||
env:
|
||||
TAG: "${{ inputs.RELEASE }}"
|
||||
|
|
@ -1,75 +0,0 @@
|
|||
name: Create ARM node (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
outputs:
|
||||
id:
|
||||
description: "ARM ID"
|
||||
value: ${{ jobs.build.outputs.id }}
|
||||
ip:
|
||||
description: "ARM IP"
|
||||
value: ${{ jobs.build.outputs.ip }}
|
||||
|
||||
secrets:
|
||||
SCW_ACCESS_KEY:
|
||||
required: true
|
||||
SCW_SECRET_KEY:
|
||||
required: true
|
||||
SCW_DEFAULT_PROJECT_ID:
|
||||
required: true
|
||||
SCW_DEFAULT_ORGANIZATION_ID:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: true
|
||||
ARM_SSH_CONFIG:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
json: ${{ steps.scw.outputs.json }}
|
||||
id: ${{ steps.getinfo.outputs.id }}
|
||||
ip: ${{ steps.getinfo.outputs.ip }}
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Create ARM VM
|
||||
id: scw
|
||||
uses: scaleway/action-scw@bbcfd65cd2af73456ce439088e0d42c1657c4c38
|
||||
with:
|
||||
args: instance server create zone=fr-par-2 type=AMP2-C48 root-volume=block:50GB
|
||||
save-config: true
|
||||
version: v2.13.0
|
||||
access-key: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
secret-key: ${{ secrets.SCW_SECRET_KEY }}
|
||||
default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
- name: Get info
|
||||
id: getinfo
|
||||
run: |
|
||||
echo "id=${{ fromJson(steps.scw.outputs.json).id }}" >> "$GITHUB_OUTPUT"
|
||||
echo "ip=${{ fromJson(steps.scw.outputs.json).public_ip.address }}" >> "$GITHUB_OUTPUT"
|
||||
- name: Wait for VM
|
||||
run: scw instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
|
||||
- name: Wait for SSH
|
||||
uses: iFaxity/wait-on-action@628831cec646e6dacca502f34a6c6b46e131e51d
|
||||
with:
|
||||
resource: tcp:${{ fromJson(steps.scw.outputs.json).public_ip.address }}:22
|
||||
timeout: 300000
|
||||
- name: Setup SSH for ARM node
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Install Docker
|
||||
run: ssh root@$SSH_IP "curl -fsSL https://test.docker.com -o test-docker.sh ; sh test-docker.sh"
|
||||
env:
|
||||
SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}
|
||||
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
name: Update cached mmdb files
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 1 5 * *"
|
||||
|
||||
jobs:
|
||||
mmdb-update:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
ref: dev
|
||||
- name: Download mmdb files
|
||||
run: |
|
||||
mkdir -p src/bw/misc/
|
||||
cd src/bw/misc/
|
||||
CURL_RETURN_CODE=0
|
||||
CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o asn.mmdb.gz https://download.db-ip.com/free/dbip-asn-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
|
||||
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
|
||||
echo "Curl connection failed when downloading asn-lite mmdb file with return code - ${CURL_RETURN_CODE}"
|
||||
exit 1
|
||||
else
|
||||
echo "Curl connection success"
|
||||
# Check http code for curl operation/response in CURL_OUTPUT
|
||||
httpCode=$(echo "${CURL_OUTPUT}" | sed -e 's/.*\httpcode=//')
|
||||
if [ ${httpCode} -ne 200 ]; then
|
||||
echo "Curl operation/command failed due to server return code - ${httpCode}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
CURL_RETURN_CODE=0
|
||||
CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o country.mmdb.gz https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
|
||||
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
|
||||
echo "Curl connection failed when downloading country-lite mmdb file with return code - ${CURL_RETURN_CODE}"
|
||||
exit 1
|
||||
else
|
||||
echo "Curl connection success"
|
||||
# Check http code for curl operation/response in CURL_OUTPUT
|
||||
httpCode=$(echo "${CURL_OUTPUT}" | sed -e 's/.*\httpcode=//')
|
||||
if [ ${httpCode} -ne 200 ]; then
|
||||
echo "Curl operation/command failed due to server return code - ${httpCode}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
rm -f asn.mmdb country.mmdb
|
||||
gunzip asn.mmdb.gz country.mmdb.gz
|
||||
- name: Commit and push changes
|
||||
uses: stefanzweifel/git-auto-commit-action@v4
|
||||
with:
|
||||
branch: dev
|
||||
commit_message: "Monthly mmdb update"
|
||||
commit_options: "--no-verify"
|
||||
commit_user_name: "BunkerBot"
|
||||
commit_user_email: "bunkerbot@bunkerity.com"
|
||||
|
|
@ -1,95 +0,0 @@
|
|||
name: Automatic tests (DEV)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [dev]
|
||||
|
||||
jobs:
|
||||
# Containers
|
||||
build-containers:
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
include:
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
ARCH: linux/amd64
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Python code security
|
||||
code-security:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: ["python"]
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
config-file: ./.github/codeql.yml
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
||||
|
||||
# UI tests
|
||||
tests-ui:
|
||||
needs: [code-security, build-containers]
|
||||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Core tests
|
||||
prepare-tests-core:
|
||||
needs: [code-security, build-containers]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- id: set-matrix
|
||||
run: |
|
||||
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
|
||||
echo "::set-output name=tests::$tests"
|
||||
outputs:
|
||||
tests: ${{ steps.set-matrix.outputs.tests }}
|
||||
tests-core:
|
||||
needs: prepare-tests-core
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
|
||||
uses: ./.github/workflows/test-core.yml
|
||||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: dev
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
name: Generate documentation PDF (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Install Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.10'
|
||||
- name: Install doc requirements
|
||||
run: pip install -r docs/requirements.txt
|
||||
- name: Install chromium
|
||||
run: sudo apt install chromium-browser
|
||||
- name: Install node
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: 18
|
||||
- name: Install puppeteer
|
||||
run: npm i --save puppeteer
|
||||
- name: Run mkdocs serve in background
|
||||
run: mkdocs serve & sleep 10
|
||||
- name: Run pdf script
|
||||
run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}'
|
||||
- uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
|
||||
|
|
@ -1,144 +0,0 @@
|
|||
name: Build Linux package (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
LINUX:
|
||||
required: true
|
||||
type: string
|
||||
PACKAGE:
|
||||
required: true
|
||||
type: string
|
||||
PLATFORMS:
|
||||
required: true
|
||||
type: string
|
||||
TEST:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
secrets:
|
||||
DOCKER_USERNAME:
|
||||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
PRIVATE_REGISTRY:
|
||||
required: true
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: false
|
||||
ARM_SSH_IP:
|
||||
required: false
|
||||
ARM_SSH_CONFIG:
|
||||
required: false
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Extract arch
|
||||
run : |
|
||||
echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
|
||||
env:
|
||||
PLATFORMS: ${{ inputs.PLATFORMS }}
|
||||
- name: Extract linux arch
|
||||
if: inputs.PACKAGE == 'rpm'
|
||||
run : |
|
||||
echo "LARCH=${{ env.ARCH }}" | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' >> "$GITHUB_ENV"
|
||||
env:
|
||||
ARCH: ${{ env.ARCH }}
|
||||
- name: Extract linux arch
|
||||
if: inputs.PACKAGE == 'deb'
|
||||
run : |
|
||||
echo "LARCH=${{ env.ARCH }}" >> "$GITHUB_ENV"
|
||||
env:
|
||||
ARCH: ${{ env.ARCH }}
|
||||
- name: Setup SSH for ARM node
|
||||
if: startsWith(env.ARCH, 'arm') == true
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ secrets.ARM_SSH_IP }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Setup Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
if: startsWith(env.ARCH, 'arm') == false
|
||||
- name: Setup Buildx (ARM)
|
||||
uses: docker/setup-buildx-action@v2
|
||||
if: startsWith(env.ARCH, 'arm') == true
|
||||
with:
|
||||
endpoint: ssh://root@arm
|
||||
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
# Build staging package image
|
||||
- name: Build package image
|
||||
if: inputs.RELEASE == 'staging'
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
file: src/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
|
||||
cache-from: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-staging
|
||||
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-staging,mode=min
|
||||
# Build non-staging package image
|
||||
- name: Build package image
|
||||
if: inputs.RELEASE != 'staging'
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
file: src/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
|
||||
# Generate package
|
||||
- name: Generate package
|
||||
if: startsWith(env.ARCH, 'arm') == false
|
||||
run: ./src/linux/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }}
|
||||
env:
|
||||
LARCH: ${{ env.LARCH }}
|
||||
- name: Generate package (ARM)
|
||||
if: startsWith(env.ARCH, 'arm') == true
|
||||
run: |
|
||||
docker save local/bunkerweb-${{ inputs.LINUX }}:latest | ssh -C root@arm docker load
|
||||
scp ./src/linux/package.sh root@arm:/opt
|
||||
ssh root@arm chmod +x /opt/package.sh
|
||||
ssh root@arm /opt/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }} "$(cat src/VERSION | tr -d '\n')"
|
||||
scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
|
||||
env:
|
||||
LARCH: ${{ env.LARCH }}
|
||||
- uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
|
||||
path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
|
||||
# Build test image
|
||||
- name: Build test image
|
||||
if: inputs.TEST == true
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: tests/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
name: Push documentation (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
ALIAS:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
- name: Setup git user
|
||||
run: |
|
||||
git config --global user.name "BunkerBot"
|
||||
git config --global user.email "bunkerbot@bunkerity.com"
|
||||
- uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.10'
|
||||
- name: Install doc requirements
|
||||
run: pip install -r docs/requirements.txt
|
||||
- name: Push doc
|
||||
run: mike deploy --update-aliases --push ${{ inputs.VERSION }} ${{ inputs.ALIAS }}
|
||||
- name: Set default doc
|
||||
if: inputs.ALIAS == 'latest'
|
||||
run: mike set-default --push latest
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
name: Push image (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
IMAGE:
|
||||
required: true
|
||||
type: string
|
||||
CACHE_FROM:
|
||||
required: true
|
||||
type: string
|
||||
DOCKERFILE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
DOCKER_USERNAME:
|
||||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: true
|
||||
ARM_SSH_CONFIG:
|
||||
required: true
|
||||
ARM_SSH_IP:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
push:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Setup SSH for ARM node
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ secrets.ARM_SSH_IP }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Setup Buildx (ARM)
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
endpoint: ssh://root@arm
|
||||
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
|
||||
# Build and push
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.DOCKERFILE }}
|
||||
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
|
||||
push: true
|
||||
tags: ${{ inputs.IMAGE }}
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:${{ inputs.CACHE_FROM }}-amd64
|
||||
type=registry,ref=bunkerity/cache:${{ inputs.CACHE_FROM }}-386
|
||||
type=registry,ref=bunkerity/cache:${{ inputs.CACHE_FROM }}-arm
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
name: Push on GitHub (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
PRERELEASE:
|
||||
required: true
|
||||
type: boolean
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout
|
||||
- uses: actions/checkout@v3
|
||||
# Get PDF doc
|
||||
- name: Get documentation
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
# Create tag
|
||||
- uses: rickstaa/action-create-tag@v1
|
||||
name: Create tag
|
||||
with:
|
||||
tag: "v${{ inputs.VERSION }}"
|
||||
message: "v${{ inputs.VERSION }}"
|
||||
force_push_tag: true
|
||||
# Extract changelog
|
||||
- name: Extract changelog
|
||||
id: getchangelog
|
||||
run: |
|
||||
content=$(awk -v n=2 '/##/{n--}; n > 0' CHANGELOG.md | grep -v '# Changelog' | grep -v '##' | sed '/^$/d')
|
||||
content="${content//'%'/'%25'}"
|
||||
content="${content//$'\n'/'%0A'}"
|
||||
content="${content//$'\r'/'%0D'}"
|
||||
echo "::set-output name=content::$content"
|
||||
# Create release
|
||||
- name: Create release
|
||||
uses: softprops/action-gh-release@v1
|
||||
with:
|
||||
body: |
|
||||
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
|
||||
|
||||
Docker tags :
|
||||
- `bunkerity/bunkerweb:${{ inputs.VERSION }}`
|
||||
- `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
|
||||
- `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
|
||||
- `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
|
||||
|
||||
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
|
||||
|
||||
Changelog :
|
||||
${{ steps.getchangelog.outputs.content }}
|
||||
draft: true
|
||||
prerelease: ${{ inputs.PRERELEASE }}
|
||||
name: v${{ inputs.VERSION }}
|
||||
tag_name: v${{ inputs.VERSION }}
|
||||
discussion_category_name: Announcements
|
||||
files: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
|
||||
|
|
@ -1,75 +0,0 @@
|
|||
name: Push packagecloud (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
SEPARATOR:
|
||||
required: true
|
||||
type: string
|
||||
SUFFIX:
|
||||
required: true
|
||||
type: string
|
||||
REPO:
|
||||
required: true
|
||||
type: string
|
||||
LINUX:
|
||||
required: true
|
||||
type: string
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
PACKAGE:
|
||||
required: true
|
||||
type: string
|
||||
BW_VERSION:
|
||||
required: true
|
||||
type: string
|
||||
ARCH:
|
||||
required: true
|
||||
type: string
|
||||
PACKAGE_ARCH:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
push:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v3
|
||||
- name: Install ruby
|
||||
uses: ruby/setup-ruby@v1
|
||||
with:
|
||||
ruby-version: "3.0"
|
||||
- name: Install packagecloud
|
||||
run: gem install package_cloud
|
||||
# Download packages
|
||||
- uses: actions/download-artifact@v3
|
||||
if: inputs.LINUX != 'el'
|
||||
with:
|
||||
name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
|
||||
path: /tmp/${{ inputs.LINUX }}
|
||||
- uses: actions/download-artifact@v3
|
||||
if: inputs.LINUX == 'el'
|
||||
with:
|
||||
name: package-rhel-${{ inputs.PACKAGE_ARCH }}
|
||||
path: /tmp/${{ inputs.LINUX }}
|
||||
# Remove existing packages
|
||||
- name: Remove existing package
|
||||
run: package_cloud yank bunkerity/${{ inputs.REPO }}/${{ inputs.LINUX }}/${{ inputs.VERSION }} bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
|
||||
continue-on-error: true
|
||||
env:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
# Push package
|
||||
- name: Push package to packagecloud
|
||||
uses: danielmundi/upload-packagecloud@v1
|
||||
with:
|
||||
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
|
||||
PACKAGECLOUD-USERNAME: bunkerity
|
||||
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
|
||||
PACKAGECLOUD-DISTRIB: ${{ inputs.LINUX }}/${{ inputs.VERSION }}
|
||||
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
|
|
@ -1,283 +0,0 @@
|
|||
name: Automatic push (RELEASE)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [master]
|
||||
|
||||
jobs:
|
||||
|
||||
# Build amd64 + 386 containers images
|
||||
build-containers:
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: [linux/amd64, linux/386]
|
||||
include:
|
||||
- release: latest
|
||||
cache: false
|
||||
push: false
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
- arch: linux/amd64
|
||||
cache_suffix: amd64
|
||||
- arch: linux/386
|
||||
cache_suffix: "386"
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Create ARM environment
|
||||
create-arm:
|
||||
uses: ./.github/workflows/create-arm.yml
|
||||
secrets:
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build arm64 + arm/v7 images
|
||||
build-containers-arm:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: ["linux/arm64,linux/arm/v7"]
|
||||
include:
|
||||
- release: latest
|
||||
cache: false
|
||||
push: false
|
||||
cache_suffix: arm
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
platforms: [linux/amd64, linux/arm64]
|
||||
include:
|
||||
- release: latest
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: false
|
||||
PLATFORMS: ${{ matrix.platforms }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Wait for all builds and extract VERSION
|
||||
wait-builds:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build-containers, build-containers-arm, build-packages]
|
||||
outputs:
|
||||
version: ${{ steps.getversion.outputs.version }}
|
||||
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Get VERSION
|
||||
id: getversion
|
||||
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
|
||||
- name: Get VERSION (for RPM based)
|
||||
id: getversionrpm
|
||||
run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
|
||||
|
||||
# Push Docker images
|
||||
push-images:
|
||||
needs: [create-arm, wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
|
||||
include:
|
||||
- release: latest
|
||||
- image: bunkerweb
|
||||
cache_from: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: bunkerweb-scheduler
|
||||
cache_from: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: bunkerweb-autoconf
|
||||
cache_from: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: bunkerweb-ui
|
||||
cache_from: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/push-docker.yml
|
||||
with:
|
||||
IMAGE: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
|
||||
CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
needs: [wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, el]
|
||||
arch: [amd64, arm64]
|
||||
include:
|
||||
- release: latest
|
||||
repo: bunkerweb
|
||||
- linux: ubuntu
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: jammy
|
||||
package: deb
|
||||
- linux: debian
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: bullseye
|
||||
package: deb
|
||||
- linux: fedora
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 38
|
||||
package: rpm
|
||||
- linux: el
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 8
|
||||
package: rpm
|
||||
- linux: ubuntu
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: debian
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: fedora
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: el
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: ubuntu
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: debian
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: fedora
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
- linux: el
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
uses: ./.github/workflows/push-packagecloud.yml
|
||||
with:
|
||||
SEPARATOR: ${{ matrix.separator }}
|
||||
SUFFIX: ${{ matrix.suffix }}
|
||||
REPO: ${{ matrix.repo }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
|
||||
PACKAGE_ARCH: ${{ matrix.package_arch }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
|
||||
# Create doc PDF
|
||||
doc-pdf:
|
||||
needs: [wait-builds, push-images, push-packages]
|
||||
uses: ./.github/workflows/doc-to-pdf.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
|
||||
# Push on GH
|
||||
push-gh:
|
||||
needs: [wait-builds, doc-pdf]
|
||||
permissions:
|
||||
contents: write
|
||||
discussions: write
|
||||
uses: ./.github/workflows/push-github.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
PRERELEASE: false
|
||||
|
||||
# Push doc
|
||||
push-doc:
|
||||
needs: [wait-builds, push-gh]
|
||||
permissions:
|
||||
contents: write
|
||||
uses: ./.github/workflows/push-doc.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
ALIAS: latest
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
|
||||
# Remove ARM VM
|
||||
rm-arm:
|
||||
if: ${{ always() }}
|
||||
needs: [create-arm, push-images, build-packages]
|
||||
uses: ./.github/workflows/rm-arm.yml
|
||||
secrets:
|
||||
ARM_ID: ${{ needs.create-arm.outputs.id }}
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
name: Create ARM node (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
secrets:
|
||||
SCW_ACCESS_KEY:
|
||||
required: true
|
||||
SCW_SECRET_KEY:
|
||||
required: true
|
||||
SCW_DEFAULT_PROJECT_ID:
|
||||
required: true
|
||||
SCW_DEFAULT_ORGANIZATION_ID:
|
||||
required: true
|
||||
ARM_ID:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
rm:
|
||||
if: ${{ always() }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Delete ARM VM
|
||||
uses: scaleway/action-scw@bbcfd65cd2af73456ce439088e0d42c1657c4c38
|
||||
with:
|
||||
args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
|
||||
version: v2.13.0
|
||||
access-key: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
secret-key: ${{ secrets.SCW_SECRET_KEY }}
|
||||
default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
name: Create staging infra (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TYPE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
CICD_SECRETS:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
create:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Generate SSH keypair
|
||||
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
|
||||
if: inputs.TYPE != 'k8s'
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@v2
|
||||
- name: Install kubectl
|
||||
uses: azure/setup-kubectl@v3
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- name: Set up Python 3.11
|
||||
uses: actions/setup-python@v4
|
||||
if: inputs.TYPE != 'k8s'
|
||||
with:
|
||||
python-version: "3.11"
|
||||
cache: "pip"
|
||||
- name: Install ansible
|
||||
run: pip install ansible
|
||||
if: inputs.TYPE != 'k8s'
|
||||
- name: Install ansible libs
|
||||
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general
|
||||
if: inputs.TYPE != 'k8s'
|
||||
# Create infra
|
||||
- run: ./tests/create.sh ${{ inputs.TYPE }}
|
||||
env:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
- run: tar -cvf terraform.tar /tmp/${{ inputs.TYPE }}
|
||||
if: always()
|
||||
- uses: actions/upload-artifact@v3
|
||||
if: always()
|
||||
with:
|
||||
name: tf-${{ inputs.TYPE }}
|
||||
path: terraform.tar
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
name: Delete staging infra (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TYPE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
CICD_SECRETS:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
delete:
|
||||
if: ${{ always() }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@v2
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: tf-${{ inputs.TYPE }}
|
||||
path: /tmp
|
||||
- run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
|
||||
- uses: azure/setup-kubectl@v3
|
||||
if: inputs.TYPE == 'k8s'
|
||||
# Remove infra
|
||||
- run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s
|
||||
if: inputs.TYPE == 'k8s'
|
||||
continue-on-error: true
|
||||
env:
|
||||
KUBECONFIG: /tmp/k8s/kubeconfig
|
||||
- run: ./tests/rm.sh ${{ inputs.TYPE }}
|
||||
env:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
|
|
@ -1,132 +0,0 @@
|
|||
name: Perform staging tests (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TYPE:
|
||||
required: true
|
||||
type: string
|
||||
RUNS_ON:
|
||||
required: true
|
||||
type: string
|
||||
# secrets:
|
||||
# PRIVATE_REGISTRY:
|
||||
# required: true
|
||||
# PRIVATE_REGISTRY_TOKEN:
|
||||
# required: true
|
||||
# TEST_DOMAINS:
|
||||
# required: true
|
||||
# ROOT_DOMAIN:
|
||||
# required: true
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ${{ fromJSON(inputs.RUNS_ON) }}
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to private repository
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging local/bunkerweb-tests:latest
|
||||
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging local/scheduler-tests:latest
|
||||
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
|
||||
- name: Pull Autoconf image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:staging local/autoconf-tests:latest
|
||||
if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE)
|
||||
- name: Push images to local repo
|
||||
run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
|
||||
if: inputs.TYPE == 'swarm'
|
||||
- name: Install test dependencies
|
||||
run: pip3 install -r tests/requirements.txt
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: tf-k8s
|
||||
path: /tmp
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- run: tar xvf /tmp/terraform.tar -C /
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- uses: azure/setup-kubectl@v3
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- uses: azure/setup-helm@v3
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- name: Pull BW linux ubuntu test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:staging local/ubuntu:latest
|
||||
- name: Pull BW linux debian test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:staging local/debian:latest
|
||||
# - name: Pull BW linux centos test image
|
||||
# if: inputs.TYPE == 'linux'
|
||||
# run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:staging local/centos:latest
|
||||
- name: Pull BW linux fedora test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:staging local/fedora:latest
|
||||
- name: Pull BW linux rhel test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:staging local/rhel:latest
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'docker'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_DOCKER }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'autoconf'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_AUTOCONF }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'swarm'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_SWARM }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'k8s'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "kubernetes"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_KUBERNETES }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
KUBECONFIG: "/tmp/k8s/kubeconfig"
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
IMAGE_TAG: "staging"
|
||||
- name: Run Linux ubuntu tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux debian tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
# - name: Run Linux centos tests
|
||||
# if: inputs.TYPE == 'linux'
|
||||
# run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "centos"
|
||||
# env:
|
||||
# TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
# ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux fedora tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux rhel tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "rhel"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
|
|
@ -1,169 +0,0 @@
|
|||
name: Automatic tests (STAGING)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [staging]
|
||||
|
||||
jobs:
|
||||
|
||||
# Build Docker images
|
||||
build-containers:
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
include:
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: staging
|
||||
ARCH: linux/amd64
|
||||
CACHE: true
|
||||
PUSH: true
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
include:
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: staging
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: true
|
||||
PLATFORMS: linux/amd64
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Code security
|
||||
code-security:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: ["python"]
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
config-file: ./.github/codeql.yml
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
||||
|
||||
# Create infrastructures
|
||||
create-infras:
|
||||
needs: [code-security, build-containers, build-packages]
|
||||
strategy:
|
||||
matrix:
|
||||
type: [docker, autoconf, swarm, k8s, linux]
|
||||
uses: ./.github/workflows/staging-create-infra.yml
|
||||
with:
|
||||
TYPE: ${{ matrix.type }}
|
||||
secrets:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
|
||||
# Perform tests
|
||||
staging-tests:
|
||||
needs: [create-infras]
|
||||
strategy:
|
||||
matrix:
|
||||
type: [docker, autoconf, swarm, k8s, linux]
|
||||
include:
|
||||
- type: docker
|
||||
runs_on: "['self-hosted', 'bw-docker']"
|
||||
- type: autoconf
|
||||
runs_on: "['self-hosted', 'bw-autoconf']"
|
||||
- type: swarm
|
||||
runs_on: "['self-hosted', 'bw-swarm']"
|
||||
- type: k8s
|
||||
runs_on: "['ubuntu-latest']"
|
||||
- type: linux
|
||||
runs_on: "['self-hosted', 'bw-linux']"
|
||||
uses: ./.github/workflows/staging-tests.yml
|
||||
with:
|
||||
TYPE: ${{ matrix.type }}
|
||||
RUNS_ON: ${{ matrix.runs_on }}
|
||||
secrets: inherit
|
||||
tests-ui:
|
||||
needs: [create-infras]
|
||||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: staging
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
prepare-tests-core:
|
||||
needs: [create-infras]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- id: set-matrix
|
||||
run: |
|
||||
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
|
||||
echo "::set-output name=tests::$tests"
|
||||
outputs:
|
||||
tests: ${{ steps.set-matrix.outputs.tests }}
|
||||
tests-core:
|
||||
needs: prepare-tests-core
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
|
||||
uses: ./.github/workflows/test-core.yml
|
||||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: staging
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Delete infrastructures
|
||||
delete-infras:
|
||||
if: ${{ always() }}
|
||||
needs: [staging-tests]
|
||||
strategy:
|
||||
matrix:
|
||||
type: [docker, autoconf, swarm, k8s, linux]
|
||||
uses: ./.github/workflows/staging-delete-infra.yml
|
||||
with:
|
||||
TYPE: ${{ matrix.type }}
|
||||
secrets:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
name: Core test (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TEST:
|
||||
required: true
|
||||
type: string
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
PRIVATE_REGISTRY:
|
||||
required: true
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: true
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to private repository
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
# Run test
|
||||
- name: Run test
|
||||
run: |
|
||||
cd ./tests/core/${{ inputs.TEST }}
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb:.*@bunkerweb-tests@" {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb-scheduler:.*@scheduler-tests@" {} \;
|
||||
./test.sh
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
name: Perform tests for UI (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
PRIVATE_REGISTRY:
|
||||
required: true
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: true
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to private repository
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
- name: Pull UI image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:${{ inputs.RELEASE }} ui-tests
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
run: ./tests/ui/tests.sh
|
||||
env:
|
||||
MODE: ${{ inputs.RELEASE }}
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
name: Automatic tests (UI)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ui]
|
||||
|
||||
jobs:
|
||||
|
||||
# Containers
|
||||
build-bw:
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
ARCH: linux/amd64
|
||||
IMAGE: bunkerweb
|
||||
DOCKERFILE: src/bw/Dockerfile
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
build-sc:
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
ARCH: linux/amd64
|
||||
IMAGE: scheduler
|
||||
DOCKERFILE: src/scheduler/Dockerfile
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
build-ui:
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
ARCH: linux/amd64
|
||||
IMAGE: ui
|
||||
DOCKERFILE: src/ui/Dockerfile
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# UI tests
|
||||
tests-ui:
|
||||
needs: [build-bw, build-sc, build-ui]
|
||||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
|
@ -1,8 +1,50 @@
|
|||
site/
|
||||
.idea/
|
||||
.vscode/
|
||||
__pycache__
|
||||
env
|
||||
node_modules
|
||||
/src/ui/*.txt
|
||||
.mypy_cache
|
||||
*.o
|
||||
*.lo
|
||||
*.la
|
||||
**/Makefile
|
||||
**/Makefile.in
|
||||
aclocal.m4
|
||||
ar-lib
|
||||
autom4te.cache/
|
||||
build/libtool.m4
|
||||
build/ltoptions.m4
|
||||
build/ltsugar.m4
|
||||
build/ltversion.m4
|
||||
build/lt~obsolete.m4
|
||||
compile
|
||||
config.guess
|
||||
config.log
|
||||
config.status
|
||||
config.sub
|
||||
configure
|
||||
depcomp
|
||||
.deps
|
||||
.libs
|
||||
.dirstamp
|
||||
src/config.h
|
||||
src/config.h.in
|
||||
src/location.hh
|
||||
src/position.hh
|
||||
src/stack.hh
|
||||
src/stamp-h1
|
||||
/test/rules_optimization
|
||||
/test/regression_tests
|
||||
/test/unit_tests
|
||||
/test-driver
|
||||
/test/massif.out.*
|
||||
/test/benchmark/benchmark
|
||||
/test/benchmark/owasp-v3/
|
||||
/test/test-cases/regression/*.trs
|
||||
/test/test-cases/regression/*.log
|
||||
/test-suite.log
|
||||
ylwrap
|
||||
missing
|
||||
install-sh
|
||||
libtool
|
||||
ltmain.sh
|
||||
examples/simple_example_using_c/test
|
||||
/tools/rules-check/modsec-rules-check
|
||||
examples/multiprocess_c/multi
|
||||
examples/reading_logs_via_rule_message/simple_request
|
||||
examples/reading_logs_with_offset/read
|
||||
examples/using_bodies_in_chunks/simple_request
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
docs/
|
||||
env/
|
||||
*/env/
|
||||
*.min*
|
||||
src/common/core/modsecurity/
|
||||
src/deps/src/
|
||||
mkdocs.yml
|
||||
CHANGELOG.md
|
||||
CONTRIBUTING.md
|
||||
LICENSE.md
|
||||
README.md
|
||||
SECURITY.md
|
||||
src/ui/static
|
||||
examples/*
|
||||
273
CHANGELOG.md
273
CHANGELOG.md
|
|
@ -1,273 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
## v1.5.1 -
|
||||
|
||||
- [BUGFIX] New version checker in logs displays "404 not found"
|
||||
- [BUGFIX] New version checker in UI
|
||||
- [BUGFIX] Only get the right keys from plugin.json files when importing plugins
|
||||
- [BUGFIX] Remove external resources for Google fonts in UI
|
||||
- [BUGFIX] Support multiple plugin uploads in one zip when using the UI
|
||||
- [BUGFIX] Variable being ignored instead of saved in the database when value is empty
|
||||
- [BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
|
||||
- [BUGFIX] Custom certificate bug after the refactoring
|
||||
- [BUGFIX] Fix wrong variables in header phase (fix CORS feature too)
|
||||
- [BUGFIX] Fix UI not working in Ubuntu (python zope module)
|
||||
- [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
|
||||
- [BUGFIX] Custom configurations from env were not being deleted properly
|
||||
- [PERFORMANCE] Reduce CPU and RAM usage of scheduler
|
||||
- [PERFORMANCE] Cache ngx.ctx instead of loading it each time
|
||||
- [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
|
||||
- [FEATURE] Add Turnstile antibot mode
|
||||
- [FEATURE] Add more CORS headers
|
||||
- [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
|
||||
- [FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
|
||||
- [FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
|
||||
- [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
|
||||
- [MISC] Temp remove VMWare provider for Vagrant integration
|
||||
- [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
|
||||
|
||||
|
||||
## v1.5.0 - 2023/05/23
|
||||
|
||||
- Refactoring of almost all the components of the project
|
||||
- Dedicated scheduler service to manage jobs and configuration
|
||||
- Store configuration in a database backend
|
||||
- Improved web UI and make it working with all integrations
|
||||
- Improved internal LUA code
|
||||
- Improved internal cache of BW
|
||||
- Add Redis support when using clustered integrations
|
||||
- Add RHEL integration
|
||||
- Add Vagrant integration
|
||||
- Init support of generic TCP/UDP (stream)
|
||||
- Init support of IPv6
|
||||
- Improved CI/CD : UI tests, core tests and release automation
|
||||
- Reduce Docker images size
|
||||
- Fix and improved core plugins : antibot, cors, dnsbl, ...
|
||||
- Use PCRE regex instead of LUA patterns
|
||||
- Connectivity tests at startup/reload with logging
|
||||
|
||||
## v1.5.0-beta - 2023/05/02
|
||||
|
||||
- Refactoring of almost all the components of the project
|
||||
- Dedicated scheduler service to manage jobs and configuration
|
||||
- Store configuration in a database backend
|
||||
- Improved web UI and make it working with all integrations
|
||||
- Improved internal LUA code
|
||||
- Improved internal cache of BW
|
||||
- Add Redis support when using clustered integrations
|
||||
- Add RHEL integration
|
||||
- Add Vagrant integration
|
||||
- Init support of generic TCP/UDP (stream)
|
||||
- Init support of IPv6
|
||||
- Improved CI/CD : UI tests, core tests and release automation
|
||||
- Reduce Docker images size
|
||||
- Fix and improved core plugins : antibot, cors, dnsbl, ...
|
||||
- Use PCRE regex instead of LUA patterns
|
||||
- Connectivity tests at startup/reload with logging
|
||||
|
||||
## v1.4.8 - 2023/04/05
|
||||
|
||||
- Fix UI bug related to multiple settings
|
||||
- Increase check reload interval in UI to avoid rate limit
|
||||
- Fix Let's Encrypt error when using auth basic
|
||||
- Fix wrong setting name in realip job (again)
|
||||
- Fix blog posts retrieval in the UI
|
||||
- Fix missing logs for UI
|
||||
- Fix error log if BunkerNet ip list is empty
|
||||
- Updated python dependencies
|
||||
- Gunicorn will now show the logs in the console for the UI
|
||||
- BunkerNet job will now create the ip list file at the beginning of the job to avoid errors
|
||||
|
||||
## v1.4.7 - 2023/02/27
|
||||
|
||||
- Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS (again)
|
||||
- Fix wrong setting name in realip job
|
||||
- Fix whitelisting not working with modsecurity
|
||||
|
||||
## v1.4.6 - 2023/02/14
|
||||
|
||||
- Fix error in the UI when a service have multiple domains
|
||||
- Fix bwcli bans command
|
||||
- Fix documentation about Linux Fedora install
|
||||
- Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS
|
||||
- Add INTERCEPTED_ERROR_CODES setting
|
||||
|
||||
## v1.4.5 - 2022/11/26
|
||||
|
||||
- Fix bwcli syntax error
|
||||
- Fix UI not working using Linux integration
|
||||
- Fix missing openssl dep in autoconf
|
||||
- Fix typo in selfsigned job
|
||||
|
||||
## v1.4.4 - 2022/11/10
|
||||
|
||||
- Fix k8s controller not watching the events when there is an exception
|
||||
- Fix python dependencies bug in CentOS and Fedora
|
||||
- Fix incorrect log when reloading nginx using Linux integration
|
||||
- Fix UI dev mode, production mode is now the default
|
||||
- Fix wrong exposed port in the UI container
|
||||
- Fix endless loading in the UI
|
||||
- Fix \*_CUSTOM_CONF_\* dissapear when jobs are executed
|
||||
- Fix various typos in documentation
|
||||
- Fix warning about StartLimitIntervalSec directive when using Linux
|
||||
- Fix incorrect log when issuing certbot renew
|
||||
- Fix certbot renew error when using Linux or Docker integration
|
||||
- Add greylist core feature
|
||||
- Add BLACKLIST_IGNORE_\* settings
|
||||
- Add automatic change of SecRequestBodyLimit modsec directive based on MAX_CLIENT_SIZE setting
|
||||
- Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS settings
|
||||
- Add manual ban and get bans to the API/CLI
|
||||
- Add Brawdunoir community example
|
||||
- Improve core plugins order and add documentation about it
|
||||
- Improve overall documentation
|
||||
- Improve CI/CD
|
||||
|
||||
## v1.4.3 - 2022/08/26
|
||||
|
||||
- Fix various documentation errors/typos and add various enhancements
|
||||
- Fix ui.env not read when using Linux integration
|
||||
- Fix wrong variables.env path when using Linux integration
|
||||
- Fix missing default server when TEMP_NGINX=yes
|
||||
- Fix check if BunkerNet is activated on default server
|
||||
- Fix request crash when mmdb lookup fails
|
||||
- Fix bad behavior trigger when request is whitelisted
|
||||
- Fix bad behavior not triggered when request is on default server
|
||||
- Fix BW overriding config when config is already present
|
||||
- Add Ansible integration in beta
|
||||
- Add \*_CUSTOM_CONF_\* setting to automatically add custom config files from setting value
|
||||
- Add DENY_HTTP_STATUS setting to choose standard 403 error page (default) or 444 to close connection when access is denied
|
||||
- Add CORS (Cross-Origin Resource Sharing) core plugin
|
||||
- Add documentation about Docker in rootless mode and podman
|
||||
- Improve automatic tests setup
|
||||
- Migrate CI/CD infrastructure to another provider
|
||||
|
||||
## v1.4.2 - 2022/06/28
|
||||
|
||||
- Fix "too old resource version" exceptions when using k8s integration
|
||||
- Fix missing bwcli command with Linux integration
|
||||
- Fix various bugs with jobs scheduler when using autoconf/swarm/k8s
|
||||
- Fix bwcli unban command when using Linux integration
|
||||
- Fix permissions check when filename has a space
|
||||
- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
|
||||
- Fix config files overwrite when using Docker autoconf
|
||||
- Add EXTERNAL_PLUGIN_URLS setting to automatically download and install external plugins
|
||||
- Add log_default() plugin hook
|
||||
- Add various certbot-dns examples
|
||||
- Add mattermost example
|
||||
- Add radarr example
|
||||
- Add Discord and Slack to list of official plugins
|
||||
- Force NGINX version dependencies in Linux packages DEB/RPM
|
||||
|
||||
## v1.4.1 - 2022/06/16
|
||||
|
||||
- Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
|
||||
- Fix certbot bug when AUTOCONF_MODE=yes
|
||||
- Fix certbot bug when MULTISITE=no
|
||||
- Add reverse proxy timeouts settings
|
||||
- Add auth_request settings
|
||||
- Add authentik and authelia examples
|
||||
- Prebuilt Docker images for arm64 and armv7
|
||||
- Improve documentation for Linux integration
|
||||
- Various fixes in the documentation
|
||||
|
||||
## v1.4.0 - 2022/06/06
|
||||
|
||||
- Project renamed to BunkerWeb
|
||||
- Internal architecture fully revised with a modular approach
|
||||
- Improved CI/CD with automatic tests for multiple integrations
|
||||
- Plugin improvement
|
||||
- Volume improvement for container-based integrations
|
||||
- Web UI improvement with various new features
|
||||
- Web tool to generate settings from a user-friendly UI
|
||||
- Linux packages
|
||||
- Various bug fixes
|
||||
|
||||
## v1.3.2 - 2021/10/24
|
||||
|
||||
- Use API instead of a shared folder for Swarm and Kubernetes integrations
|
||||
- Beta integration of distributed bad IPs database through a remote API
|
||||
- Improvement of the request limiting feature : hour/day rate and multiple URL support
|
||||
- Various bug fixes related to antibot feature
|
||||
- Init support of Arch Linux
|
||||
- Fix Moodle example
|
||||
- Fix ROOT_FOLDER bug in serve-files.conf when using the UI
|
||||
- Update default values for PERMISSIONS_POLICY and FEATURE_POLICY
|
||||
- Disable COUNTRY ban if IP is local
|
||||
|
||||
## v1.3.1 - 2021/09/02
|
||||
|
||||
- Use ModSecurity v3.0.4 instead of v3.0.5 to fix memory leak
|
||||
- Fix ignored variables to control jobs
|
||||
- Fix bug when LISTEN_HTTP=no and MULTISITE=yes
|
||||
- Add CUSTOM_HEADER variable
|
||||
- Add REVERSE_PROXY_BUFFERING variable
|
||||
- Add REVERSE_PROXY_KEEPALIVE variable
|
||||
- Fix documentation for modsec and modsec-crs special folders
|
||||
|
||||
## v1.3.0 - 2021/08/23
|
||||
|
||||
- Kubernetes integration in beta
|
||||
- Linux integration in beta
|
||||
- autoconf refactoring
|
||||
- jobs refactoring
|
||||
- UI refactoring
|
||||
- UI security : login/password authentication and CRSF protection
|
||||
- various dependencies updates
|
||||
- move CrowdSec as an external plugin
|
||||
- Authelia support
|
||||
- improve various regexes
|
||||
- add INJECT_BODY variable
|
||||
- add WORKER_PROCESSES variable
|
||||
- add USE_LETS_ENCRYPT_STAGING variable
|
||||
- add LOCAL_PHP and LOCAL_PHP_PATH variables
|
||||
- add REDIRECT_TO variable
|
||||
|
||||
## v1.2.8 - 2021/07/22
|
||||
|
||||
- Fix broken links in README
|
||||
- Fix regex for EMAIL_LETS_ENCRYPT
|
||||
- Fix regex for REMOTE_PHP and REMOTE_PHP_PATH
|
||||
- Fix regex for SELF_SIGNED_*
|
||||
- Fix various bugs related to web UI
|
||||
- Fix bug in autoconf (missing instances parameter to reload function)
|
||||
- Remove old .env files when generating a new configuration
|
||||
|
||||
## v1.2.7 - 2021/06/14
|
||||
|
||||
- Add custom robots.txt and sitemap to RTD
|
||||
- Fix missing GeoIP DB bug when using BLACKLIST/WHITELIST_COUNTRY
|
||||
- Add underscore "_" to allowed chars for CUSTOM_HTTPS_CERT/KEY
|
||||
- Fix bug when using automatic self-signed certificate
|
||||
- Build and push images from GitHub actions instead of Docker Hub autobuild
|
||||
- Display the reason when generator is ignoring a variable
|
||||
- Various bug fixes related to certbot and jobs
|
||||
- Split jobs into pre and post jobs
|
||||
- Add HEALTHCHECK to image
|
||||
- Fix race condition when using autoconf without Swarm by checking healthy state
|
||||
- Bump modsecurity-nginx to v1.0.2
|
||||
- Community chat with bridged platforms
|
||||
|
||||
## v1.2.6 - 2021/06/06
|
||||
|
||||
- Move from "ghetto-style" shell scripts to generic jinja2 templating
|
||||
- Init work on a basic plugins system
|
||||
- Move ClamAV to external plugin
|
||||
- Reduce image size by removing unnecessary dependencies
|
||||
- Fix CrowdSec example
|
||||
- Change some global variables to multisite
|
||||
- Add LOG_LEVEL environment variable
|
||||
- Read-only container support
|
||||
- Improved antibot javascript with a basic proof of work
|
||||
- Update nginx to 1.20.1
|
||||
- Support of docker-socket-proxy with web UI
|
||||
- Add certbot-cloudflare example
|
||||
- Disable DNSBL checks when IP is local
|
||||
|
||||
## v1.2.5 - 2021/05/14
|
||||
|
||||
- Performance improvement : move some nginx security checks to LUA and external blacklist parsing enhancement
|
||||
- Init work on official documentation on readthedocs
|
||||
- Fix default value for CONTENT_SECURITY_POLICY to allow file downloads
|
||||
- Add ROOT_SITE_SUBFOLDER environment variable
|
||||
|
||||
## TODO - retrospective changelog
|
||||
|
|
@ -1,128 +0,0 @@
|
|||
# Contributor Covenant Code of Conduct
|
||||
|
||||
## Our Pledge
|
||||
|
||||
We as members, contributors, and leaders pledge to make participation in our
|
||||
community a harassment-free experience for everyone, regardless of age, body
|
||||
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
||||
identity and expression, level of experience, education, socio-economic status,
|
||||
nationality, personal appearance, race, religion, or sexual identity
|
||||
and orientation.
|
||||
|
||||
We pledge to act and interact in ways that contribute to an open, welcoming,
|
||||
diverse, inclusive, and healthy community.
|
||||
|
||||
## Our Standards
|
||||
|
||||
Examples of behavior that contributes to a positive environment for our
|
||||
community include:
|
||||
|
||||
* Demonstrating empathy and kindness toward other people
|
||||
* Being respectful of differing opinions, viewpoints, and experiences
|
||||
* Giving and gracefully accepting constructive feedback
|
||||
* Accepting responsibility and apologizing to those affected by our mistakes,
|
||||
and learning from the experience
|
||||
* Focusing on what is best not just for us as individuals, but for the
|
||||
overall community
|
||||
|
||||
Examples of unacceptable behavior include:
|
||||
|
||||
* The use of sexualized language or imagery, and sexual attention or
|
||||
advances of any kind
|
||||
* Trolling, insulting or derogatory comments, and personal or political attacks
|
||||
* Public or private harassment
|
||||
* Publishing others' private information, such as a physical or email
|
||||
address, without their explicit permission
|
||||
* Other conduct which could reasonably be considered inappropriate in a
|
||||
professional setting
|
||||
|
||||
## Enforcement Responsibilities
|
||||
|
||||
Community leaders are responsible for clarifying and enforcing our standards of
|
||||
acceptable behavior and will take appropriate and fair corrective action in
|
||||
response to any behavior that they deem inappropriate, threatening, offensive,
|
||||
or harmful.
|
||||
|
||||
Community leaders have the right and responsibility to remove, edit, or reject
|
||||
comments, commits, code, wiki edits, issues, and other contributions that are
|
||||
not aligned to this Code of Conduct, and will communicate reasons for moderation
|
||||
decisions when appropriate.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies within all community spaces, and also applies when
|
||||
an individual is officially representing the community in public spaces.
|
||||
Examples of representing our community include using an official e-mail address,
|
||||
posting via an official social media account, or acting as an appointed
|
||||
representative at an online or offline event.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
||||
reported to the community leaders responsible for enforcement at
|
||||
contact@bunkerity.com.
|
||||
All complaints will be reviewed and investigated promptly and fairly.
|
||||
|
||||
All community leaders are obligated to respect the privacy and security of the
|
||||
reporter of any incident.
|
||||
|
||||
## Enforcement Guidelines
|
||||
|
||||
Community leaders will follow these Community Impact Guidelines in determining
|
||||
the consequences for any action they deem in violation of this Code of Conduct:
|
||||
|
||||
### 1. Correction
|
||||
|
||||
**Community Impact**: Use of inappropriate language or other behavior deemed
|
||||
unprofessional or unwelcome in the community.
|
||||
|
||||
**Consequence**: A private, written warning from community leaders, providing
|
||||
clarity around the nature of the violation and an explanation of why the
|
||||
behavior was inappropriate. A public apology may be requested.
|
||||
|
||||
### 2. Warning
|
||||
|
||||
**Community Impact**: A violation through a single incident or series
|
||||
of actions.
|
||||
|
||||
**Consequence**: A warning with consequences for continued behavior. No
|
||||
interaction with the people involved, including unsolicited interaction with
|
||||
those enforcing the Code of Conduct, for a specified period of time. This
|
||||
includes avoiding interactions in community spaces as well as external channels
|
||||
like social media. Violating these terms may lead to a temporary or
|
||||
permanent ban.
|
||||
|
||||
### 3. Temporary Ban
|
||||
|
||||
**Community Impact**: A serious violation of community standards, including
|
||||
sustained inappropriate behavior.
|
||||
|
||||
**Consequence**: A temporary ban from any sort of interaction or public
|
||||
communication with the community for a specified period of time. No public or
|
||||
private interaction with the people involved, including unsolicited interaction
|
||||
with those enforcing the Code of Conduct, is allowed during this period.
|
||||
Violating these terms may lead to a permanent ban.
|
||||
|
||||
### 4. Permanent Ban
|
||||
|
||||
**Community Impact**: Demonstrating a pattern of violation of community
|
||||
standards, including sustained inappropriate behavior, harassment of an
|
||||
individual, or aggression toward or disparagement of classes of individuals.
|
||||
|
||||
**Consequence**: A permanent ban from any sort of public interaction within
|
||||
the community.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
||||
version 2.0, available at
|
||||
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
|
||||
|
||||
Community Impact Guidelines were inspired by [Mozilla's code of conduct
|
||||
enforcement ladder](https://github.com/mozilla/diversity).
|
||||
|
||||
[homepage]: https://www.contributor-covenant.org
|
||||
|
||||
For answers to common questions about this code of conduct, see the FAQ at
|
||||
https://www.contributor-covenant.org/faq. Translations are available at
|
||||
https://www.contributor-covenant.org/translations.
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# Contributing to bunkerweb
|
||||
|
||||
First off all, thanks for being here and showing your support to the project !
|
||||
|
||||
We accept many types of contributions whether they are technical or not. Every community feedback, work or help is, and will always be, appreciated.
|
||||
|
||||
## Talk about the project
|
||||
|
||||
The first thing you can do is to talk about the project. You can share it on social media (by the way, you can can also follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)), make a blog post about it or simply tell your friends/colleagues that's an awesome project..
|
||||
|
||||
## Join the community
|
||||
|
||||
You can join the [Discord server](https://discord.com/invite/fTf46FmtyD), the [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions) and the [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit to talk about the project and help others.
|
||||
|
||||
## Reporting bugs / ask for features
|
||||
|
||||
The preferred way to report bugs and asking for features is using [issues](https://github.com/bunkerity/bunkerweb/issues). Before opening a new one, please check if a related issue is already opened using the "filters" bar. When creating a new issue please select and fill the "Bug report" or "Feature request" template.
|
||||
|
||||
## Code contribution
|
||||
|
||||
The preferred way to contribute code is using [pull requests](https://github.com/bunkerity/bunkerweb/pulls). Before creating a pull request, please check if your code is related to an opened issue. If that's not the case, you should first create an issue so we can discuss about it. This procedure is here to avoid wasting your time in case the PR will be rejected. For minor changes (e.g. : typo, quick fix, ...), opening an issue might be facultative. **Don't forget to edit the documentations when needed !**
|
||||
660
LICENSE.md
660
LICENSE.md
|
|
@ -1,660 +0,0 @@
|
|||
### GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
|
||||
Version 3, 19 November 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc.
|
||||
<https://fsf.org/>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this
|
||||
license document, but changing it is not allowed.
|
||||
|
||||
### Preamble
|
||||
|
||||
The GNU Affero General Public License is a free, copyleft license for
|
||||
software and other kinds of works, specifically designed to ensure
|
||||
cooperation with the community in the case of network server software.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
our General Public Licenses are intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains
|
||||
free software for all its users.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
Developers that use our General Public Licenses protect your rights
|
||||
with two steps: (1) assert copyright on the software, and (2) offer
|
||||
you this License which gives you legal permission to copy, distribute
|
||||
and/or modify the software.
|
||||
|
||||
A secondary benefit of defending all users' freedom is that
|
||||
improvements made in alternate versions of the program, if they
|
||||
receive widespread use, become available for other developers to
|
||||
incorporate. Many developers of free software are heartened and
|
||||
encouraged by the resulting cooperation. However, in the case of
|
||||
software used on network servers, this result may fail to come about.
|
||||
The GNU General Public License permits making a modified version and
|
||||
letting the public access it on a server without ever releasing its
|
||||
source code to the public.
|
||||
|
||||
The GNU Affero General Public License is designed specifically to
|
||||
ensure that, in such cases, the modified source code becomes available
|
||||
to the community. It requires the operator of a network server to
|
||||
provide the source code of the modified version running there to the
|
||||
users of that server. Therefore, public use of a modified version, on
|
||||
a publicly accessible server, gives the public access to the source
|
||||
code of the modified version.
|
||||
|
||||
An older license, called the Affero General Public License and
|
||||
published by Affero, was designed to accomplish similar goals. This is
|
||||
a different license, not a version of the Affero GPL, but Affero has
|
||||
released a new version of the Affero GPL which permits relicensing
|
||||
under this license.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
### TERMS AND CONDITIONS
|
||||
|
||||
#### 0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU Affero General Public
|
||||
License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds
|
||||
of works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of
|
||||
an exact copy. The resulting work is called a "modified version" of
|
||||
the earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user
|
||||
through a computer network, with no transfer of a copy, is not
|
||||
conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices" to
|
||||
the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
#### 1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work for
|
||||
making modifications to it. "Object code" means any non-source form of
|
||||
a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users can
|
||||
regenerate automatically from other parts of the Corresponding Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that same
|
||||
work.
|
||||
|
||||
#### 2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not convey,
|
||||
without conditions so long as your license otherwise remains in force.
|
||||
You may convey covered works to others for the sole purpose of having
|
||||
them make modifications exclusively for you, or provide you with
|
||||
facilities for running those works, provided that you comply with the
|
||||
terms of this License in conveying all material for which you do not
|
||||
control copyright. Those thus making or running the covered works for
|
||||
you must do so exclusively on your behalf, under your direction and
|
||||
control, on terms that prohibit them from making any copies of your
|
||||
copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under the
|
||||
conditions stated below. Sublicensing is not allowed; section 10 makes
|
||||
it unnecessary.
|
||||
|
||||
#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such
|
||||
circumvention is effected by exercising rights under this License with
|
||||
respect to the covered work, and you disclaim any intention to limit
|
||||
operation or modification of the work as a means of enforcing, against
|
||||
the work's users, your or third parties' legal rights to forbid
|
||||
circumvention of technological measures.
|
||||
|
||||
#### 4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
#### 5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these
|
||||
conditions:
|
||||
|
||||
- a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
- b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under
|
||||
section 7. This requirement modifies the requirement in section 4
|
||||
to "keep intact all notices".
|
||||
- c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
- d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
#### 6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms of
|
||||
sections 4 and 5, provided that you also convey the machine-readable
|
||||
Corresponding Source under the terms of this License, in one of these
|
||||
ways:
|
||||
|
||||
- a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
- b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the Corresponding
|
||||
Source from a network server at no charge.
|
||||
- c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
- d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
- e) Convey the object code using peer-to-peer transmission,
|
||||
provided you inform other peers where the object code and
|
||||
Corresponding Source of the work are being offered to the general
|
||||
public at no charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal,
|
||||
family, or household purposes, or (2) anything designed or sold for
|
||||
incorporation into a dwelling. In determining whether a product is a
|
||||
consumer product, doubtful cases shall be resolved in favor of
|
||||
coverage. For a particular product received by a particular user,
|
||||
"normally used" refers to a typical or common use of that class of
|
||||
product, regardless of the status of the particular user or of the way
|
||||
in which the particular user actually uses, or expects or is expected
|
||||
to use, the product. A product is a consumer product regardless of
|
||||
whether the product has substantial commercial, industrial or
|
||||
non-consumer uses, unless such uses represent the only significant
|
||||
mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to
|
||||
install and execute modified versions of a covered work in that User
|
||||
Product from a modified version of its Corresponding Source. The
|
||||
information must suffice to ensure that the continued functioning of
|
||||
the modified object code is in no case prevented or interfered with
|
||||
solely because modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or
|
||||
updates for a work that has been modified or installed by the
|
||||
recipient, or for the User Product in which it has been modified or
|
||||
installed. Access to a network may be denied when the modification
|
||||
itself materially and adversely affects the operation of the network
|
||||
or violates the rules and protocols for communication across the
|
||||
network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
#### 7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders
|
||||
of that material) supplement the terms of this License with terms:
|
||||
|
||||
- a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
- b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
- c) Prohibiting misrepresentation of the origin of that material,
|
||||
or requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
- d) Limiting the use for publicity purposes of names of licensors
|
||||
or authors of the material; or
|
||||
- e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
- f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions
|
||||
of it) with contractual assumptions of liability to the recipient,
|
||||
for any liability that these contractual assumptions directly
|
||||
impose on those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions; the
|
||||
above requirements apply either way.
|
||||
|
||||
#### 8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your license
|
||||
from a particular copyright holder is reinstated (a) provisionally,
|
||||
unless and until the copyright holder explicitly and finally
|
||||
terminates your license, and (b) permanently, if the copyright holder
|
||||
fails to notify you of the violation by some reasonable means prior to
|
||||
60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
#### 9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or run
|
||||
a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
#### 10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
#### 11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims owned
|
||||
or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within the
|
||||
scope of its coverage, prohibits the exercise of, or is conditioned on
|
||||
the non-exercise of one or more of the rights that are specifically
|
||||
granted under this License. You may not convey a covered work if you
|
||||
are a party to an arrangement with a third party that is in the
|
||||
business of distributing software, under which you make payment to the
|
||||
third party based on the extent of your activity of conveying the
|
||||
work, and under which the third party grants, to any of the parties
|
||||
who would receive the covered work from you, a discriminatory patent
|
||||
license (a) in connection with copies of the covered work conveyed by
|
||||
you (or copies made from those copies), or (b) primarily for and in
|
||||
connection with specific products or compilations that contain the
|
||||
covered work, unless you entered into that arrangement, or that patent
|
||||
license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
#### 12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under
|
||||
this License and any other pertinent obligations, then as a
|
||||
consequence you may not convey it at all. For example, if you agree to
|
||||
terms that obligate you to collect a royalty for further conveying
|
||||
from those to whom you convey the Program, the only way you could
|
||||
satisfy both those terms and this License would be to refrain entirely
|
||||
from conveying the Program.
|
||||
|
||||
#### 13. Remote Network Interaction; Use with the GNU General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, if you modify the
|
||||
Program, your modified version must prominently offer all users
|
||||
interacting with it remotely through a computer network (if your
|
||||
version supports such interaction) an opportunity to receive the
|
||||
Corresponding Source of your version by providing access to the
|
||||
Corresponding Source from a network server at no charge, through some
|
||||
standard or customary means of facilitating copying of software. This
|
||||
Corresponding Source shall include the Corresponding Source for any
|
||||
work covered by version 3 of the GNU General Public License that is
|
||||
incorporated pursuant to the following paragraph.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the work with which it is combined will remain governed by version
|
||||
3 of the GNU General Public License.
|
||||
|
||||
#### 14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Affero General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies that a certain numbered version of the GNU Affero General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU Affero General Public License, you may choose any version ever
|
||||
published by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future versions
|
||||
of the GNU Affero General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
#### 15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
|
||||
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
|
||||
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
|
||||
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
|
||||
CORRECTION.
|
||||
|
||||
#### 16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
|
||||
CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
|
||||
ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
|
||||
NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
|
||||
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
|
||||
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
|
||||
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
#### 17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
### How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these
|
||||
terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest to
|
||||
attach them to the start of each source file to most effectively state
|
||||
the exclusion of warranty; and each file should have at least the
|
||||
"copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper
|
||||
mail.
|
||||
|
||||
If your software can interact with users remotely through a computer
|
||||
network, you should also make sure that it provides a way for users to
|
||||
get its source. For example, if your program is a web application, its
|
||||
interface could display a "Source" link that leads users to an archive
|
||||
of the code. There are many ways you could offer source, and different
|
||||
solutions will be better for different programs; see section 13 for
|
||||
the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. For more information on this, and how to apply and follow
|
||||
the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
446
README.md
446
README.md
|
|
@ -1,352 +1,276 @@
|
|||
<p align="center">
|
||||
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/misc/logo.png" />
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?label=stable" />
|
||||
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?include_prereleases&label=latest" />
|
||||
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
|
||||
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/dev.yml?branch=dev&label=CI%2FCD%20dev" />
|
||||
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/staging.yml?branch=staging&label=CI%2FCD%20staging" />
|
||||
<img src="https://img.shields.io/github/issues/bunkerity/bunkerweb">
|
||||
<img src="https://img.shields.io/github/issues-pr/bunkerity/bunkerweb">
|
||||
</p>
|
||||
<img src="https://github.com/SpiderLabs/ModSecurity/raw/v3/master/others/modsec.png" width="50%">
|
||||
|
||||
<p align="center">
|
||||
📓 <a href="https://docs.bunkerweb.io">Documentation</a>
|
||||
|
|
||||
👨💻 <a href="https://demo.bunkerweb.io">Demo</a>
|
||||
|
|
||||
🛡️ <a href="https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples">Examples</a>
|
||||
|
|
||||
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
|
||||
|
|
||||
📝 <a href="https://github.com/bunkerity/bunkerweb/discussions">Forum</a>
|
||||
|
|
||||
⚙️ <a href="https://config.bunkerweb.io">Configurator</a>
|
||||
|
|
||||
🗺️ <a href="https://threatmap.bunkerweb.io">Threatmap</a>
|
||||
</p>
|
||||
|
||||
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
[](https://sonarcloud.io/dashboard?id=USHvY32Uy62L)
|
||||
|
||||
> 🛡️ Make security by default great again !
|
||||
|
||||
# BunkerWeb
|
||||
|
||||
<p align="center">
|
||||
<img alt="overview" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/intro-overview.svg" />
|
||||
</p>
|
||||
Libmodsecurity is one component of the ModSecurity v3 project. The library
|
||||
codebase serves as an interface to ModSecurity Connectors taking in web traffic
|
||||
and applying traditional ModSecurity processing. In general, it provides the
|
||||
capability to load/interpret rules written in the ModSecurity SecRules format
|
||||
and apply them to HTTP content provided by your application via Connectors.
|
||||
|
||||
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
|
||||
If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenance and available:
|
||||
[here](https://github.com/SpiderLabs/ModSecurity/tree/v2/master).
|
||||
|
||||
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.1/integrations/#linux), [Docker](https://docs.bunkerweb.io/1.5.1/integrations/#docker), [Swarm](https://docs.bunkerweb.io/1.5.1/integrations/#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.1/integrations/#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.1/web-ui/) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
|
||||
### What is the difference between this project and the old ModSecurity (v2.x.x)?
|
||||
|
||||
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.1/security-tuning/) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.1/plugins/)).
|
||||
* All Apache dependencies have been removed
|
||||
* Higher performance
|
||||
* New features
|
||||
* New architecture
|
||||
|
||||
## Why BunkerWeb ?
|
||||
Libmodsecurity is a complete rewrite of the ModSecurity platform. When it was first devised the ModSecurity project started as just an Apache module. Over time the project has been extended, due to popular demand, to support other platforms including (but not limited to) Nginx and IIS. In order to provide for the growing demand for additional platform support, it has became necessary to remove the Apache dependencies underlying this project, making it more platform independent.
|
||||
|
||||
- **Easy integration into existing environments** : support for Linux, Docker, Swarm, Kubernetes, Ansible, Vagrant, ...
|
||||
- **Highly customizable** : enable, disable and configure features easily to meet your use case
|
||||
- **Secure by default** : offers out-of-the-box and hassle-free minimal security for your web services
|
||||
- **Awesome web UI** : keep control of everything more efficiently without the need of the CLI
|
||||
- **Plugin system** : extend BunkerWeb to meet your own use-cases
|
||||
- **Free as in "freedom"** : licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html)
|
||||
As a result of this goal we have rearchitected Libmodsecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). One side effect of this is that across all platforms users can expect increased performance. Additionally, we have taken this opportunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to natively support auditlogs in the JSON format, along with a host of other functionality in future versions.
|
||||
|
||||
## Security features
|
||||
|
||||
A non-exhaustive list of security features :
|
||||
### It is no longer just a module.
|
||||
|
||||
- **HTTPS** support with transparent **Let's Encrypt** automation
|
||||
- **State-of-the-art web security** : HTTP security headers, prevent leaks, TLS hardening, ...
|
||||
- Integrated **ModSecurity WAF** with the **OWASP Core Rule Set**
|
||||
- **Automatic ban** of strange behaviors based on HTTP status code
|
||||
- Apply **connections and requests limit** for clients
|
||||
- **Block bots** by asking them to solve a **challenge** (e.g. : cookie, javascript, captcha, hCaptcha or reCAPTCHA)
|
||||
- **Block known bad IPs** with external blacklists and DNSBL
|
||||
- And much more ...
|
||||
The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/SpiderLabs/ModSecurity-nginx).
|
||||
|
||||
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.1/security-tuning/) section of the documentation.
|
||||
Keeping these connectors separated allows each project to have different release cycles, issues and development trees. Additionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using.
|
||||
|
||||
## Demo
|
||||
# Compilation
|
||||
|
||||
<p align="center">
|
||||
<a href="https://www.youtube.com/watch?v=ZhYV-QELzA4" target="_blank"><img alt="BunkerWeb demo" src="https://img.youtube.com/vi/ZhYV-QELzA4/0.jpg" /></a>
|
||||
</p>
|
||||
Before starting the compilation process, make sure that you have all the
|
||||
dependencies in place. Read the subsection “Dependencies” for further
|
||||
information.
|
||||
|
||||
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io). Feel free to visit it and perform some security tests.
|
||||
After the compilation make sure that there are no issues on your
|
||||
build/platform. We strongly recommend the utilization of the unit tests and
|
||||
regression tests. These test utilities are located under the subfolder ‘tests’.
|
||||
|
||||
# Concepts
|
||||
As a dynamic library, don’t forget that libmodsecurity must be installed to a location (folder) where you OS will be looking for dynamic libraries.
|
||||
|
||||
<p align="center">
|
||||
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/concepts.svg" />
|
||||
</p>
|
||||
|
||||
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.1/concepts).
|
||||
|
||||
## Integrations
|
||||
### Unix (Linux, MacOS, FreeBSD, …)
|
||||
|
||||
The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
|
||||
On unix the project uses autotools to help the compilation process.
|
||||
|
||||
The following integrations are officially supported :
|
||||
|
||||
- [Docker](https://docs.bunkerweb.io/1.5.1/integrations/#docker)
|
||||
- [Docker autoconf](https://docs.bunkerweb.io/1.5.1/integrations/#docker-autoconf)
|
||||
- [Swarm](https://docs.bunkerweb.io/1.5.1/integrations/#swarm)
|
||||
- [Kubernetes](https://docs.bunkerweb.io/1.5.1/integrations/#kubernetes)
|
||||
- [Linux](https://docs.bunkerweb.io/1.5.1/integrations/#linux)
|
||||
- [Ansible](https://docs.bunkerweb.io/1.5.1/integrations/#ansible)
|
||||
- [Vagrant](https://docs.bunkerweb.io/1.5.1/integrations/#vagrant)
|
||||
|
||||
## Settings
|
||||
|
||||
Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
|
||||
|
||||
The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
|
||||
|
||||
Here is a dummy example of a BunkerWeb configuration :
|
||||
|
||||
```conf
|
||||
SERVER_NAME=www.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_ANTIBOT=captcha
|
||||
REFERRER_POLICY=no-referrer
|
||||
USE_MODSECURITY=no
|
||||
USE_GZIP=yes
|
||||
USE_BROTLI=no
|
||||
```shell
|
||||
$ ./build.sh
|
||||
$ ./configure
|
||||
$ make
|
||||
$ sudo make install
|
||||
```
|
||||
|
||||
You will find an easy to use settings generator at [config.bunkerweb.io](https://config.bunkerweb.io).
|
||||
Details on distribution specific builds can be found in our Wiki:
|
||||
[Compilation Recipes](https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes)
|
||||
|
||||
## Multisite mode
|
||||
### Windows
|
||||
|
||||
The multisite mode is a crucial concept to understand when using BunkerWeb. Because the goal is to protect web applications, we intrinsically inherit the concept of "virtual host" or "vhost" (more info [here](https://en.wikipedia.org/wiki/Virtual_hosting)) which makes it possible to serve multiple web applications from a single (or a cluster of) instance.
|
||||
Windows build is not ready yet.
|
||||
|
||||
By default, the multisite mode of BunkerWeb is disabled which means that only one web application will be served and all the settings will be applied to it. The typical use case is when you have a single application to protect : you don't have to worry about the multisite and the default behavior should be the right one for you.
|
||||
|
||||
When multisite mode is enabled, BunkerWeb will serve and protect multiple web applications. Each web application is identified by a unique server name and have its own set of settings. The typical use case is when you have multiple applications to protect and you want to use a single (or a cluster depending of the integration) instance of BunkerWeb.
|
||||
## Dependencies
|
||||
|
||||
## Custom configurations
|
||||
This library is written in C++ using the C++11 standards. It also uses Flex
|
||||
and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests.
|
||||
|
||||
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.1/plugins)), you can use custom configurations to solve your specific challenges.
|
||||
All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows:
|
||||
|
||||
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
|
||||
* libinjection is needed for the operator @detectXSS and @detectSQL
|
||||
* curl is needed for the directive SecRemoteRules.
|
||||
|
||||
Another core component of BunkerWeb is the ModSecurity Web Application Firewall : you can also use custom configurations to fix some false positives or add custom rules for example.
|
||||
If those libraries are missing ModSecurity will be compiled without the support for the operator @detectXSS and the configuration directive SecRemoteRules.
|
||||
|
||||
## Database
|
||||
# Library documentation
|
||||
|
||||
State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :
|
||||
The library documentation is written within the code in Doxygen format. To generate this documentation, please use the doxygen utility with the provided configuration file, “doxygen.cfg”, located with the "doc/" subfolder. This will generate HTML formatted documentation including usage examples.
|
||||
|
||||
- Settings defined for all the services
|
||||
- Custom configurations
|
||||
- BunkerWeb instances
|
||||
- Metadata about jobs execution
|
||||
- Cached files
|
||||
# Library utilization
|
||||
|
||||
The following backend database are supported : SQLite, MariaDB, MySQL and PostgreSQL
|
||||
The library provides a C++ and C interface. Some resources are currently only
|
||||
available via the C++ interface, for instance, the capability to create custom logging
|
||||
mechanism (see the regression test to check for how those logging mechanism works).
|
||||
The objective is to have both APIs (C, C++) providing the same functionality,
|
||||
if you find an aspect of the API that is missing via a particular interface, please open an issue.
|
||||
|
||||
## Scheduler
|
||||
Inside the subfolder examples, there are simple examples on how to use the API.
|
||||
Below some are illustrated:
|
||||
|
||||
To make things automagically work together, a dedicated service called the scheduler is in charge of :
|
||||
### Simple example using C++
|
||||
|
||||
- Storing the settings and custom configurations inside the database
|
||||
- Executing various tasks (called jobs)
|
||||
- Generating a configuration which is understood by BunkerWeb
|
||||
- Being the intermediary for other services (like web UI or autoconf)
|
||||
```c++
|
||||
using ModSecurity::ModSecurity;
|
||||
using ModSecurity::Rules;
|
||||
using ModSecurity::Transaction;
|
||||
|
||||
In other words, the scheduler is the brain of BunkerWeb.
|
||||
ModSecurity *modsec;
|
||||
ModSecurity::Rules *rules;
|
||||
|
||||
# Setup
|
||||
modsec = new ModSecurity();
|
||||
|
||||
## Docker
|
||||
rules = new Rules();
|
||||
|
||||
<p align="center">
|
||||
<img alt="Docker" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-docker.svg" />
|
||||
</p>
|
||||
rules->loadFromUri(rules_file);
|
||||
|
||||
We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
|
||||
Transaction *modsecTransaction = new Transaction(modsec, rules);
|
||||
|
||||
Docker integration key concepts are :
|
||||
modsecTransaction->processConnection("127.0.0.1");
|
||||
if (modsecTransaction->intervention()) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
}
|
||||
```
|
||||
|
||||
- **Environment variables** to configure BunkerWeb
|
||||
- **Scheduler** container to store configuration and execute jobs
|
||||
- **Networks** to expose ports for clients and connect to upstream web services
|
||||
### Simple example using C
|
||||
|
||||
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.1/integrations/#docker) of the documentation.
|
||||
```c
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
|
||||
## Docker autoconf
|
||||
|
||||
<p align="center">
|
||||
<img alt="Docker autoconf" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-autoconf.svg" />
|
||||
</p>
|
||||
char main_rule_uri[] = "basic_rules.conf";
|
||||
|
||||
The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
ModSecurity *modsec = NULL;
|
||||
Transaction *transaction = NULL;
|
||||
Rules *rules = NULL;
|
||||
|
||||
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
|
||||
modsec = msc_init();
|
||||
|
||||
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.1/integrations/#docker-autoconf) of the documentation.
|
||||
rules = msc_create_rules_set();
|
||||
msc_rules_add_file(rules, main_rule_uri);
|
||||
|
||||
## Swarm
|
||||
transaction = msc_new_transaction(modsec, rules);
|
||||
|
||||
<p align="center">
|
||||
<img alt="Swarm" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-swarm.svg" />
|
||||
</p>
|
||||
msc_process_connection(transaction, "127.0.0.1");
|
||||
msc_process_uri(transaction, "http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3&test=args&test=test");
|
||||
msc_process_request_headers(transaction);
|
||||
msc_process_request_body(transaction);
|
||||
msc_process_response_headers(transaction);
|
||||
msc_process_response_body(transaction);
|
||||
|
||||
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
|
||||
return 0;
|
||||
}
|
||||
|
||||
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.1/integrations/#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
|
||||
```
|
||||
|
||||
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.1/integrations/#swarm) of the documentation.
|
||||
# Contributing
|
||||
|
||||
## Kubernetes
|
||||
You are more than welcome to contribute to this project and look forward to growing the community around this new version of ModSecurity. Areas of interest include: New
|
||||
functionalities, fixes, bug report, support for beginning users, or anything that you
|
||||
are willing to help with.
|
||||
|
||||
<p align="center">
|
||||
<img alt="Kubernetes" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-kubernetes.svg" />
|
||||
</p>
|
||||
## Providing patches
|
||||
|
||||
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
|
||||
We prefer to have your patch within the GitHub infrastructure to facilitate our
|
||||
review work, and our Q.A. integration. GitHub provides excellent
|
||||
documentation on how to perform “Pull Requests”, more information available
|
||||
here: https://help.github.com/articles/using-pull-requests/
|
||||
|
||||
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.1/integrations/#kubernetes) of the documentation.
|
||||
Please respect the coding style. Pull requests can include various commits, so
|
||||
provide one fix or one piece of functionality per commit. Please do not change anything outside
|
||||
the scope of your target work (e.g. coding style in a function that you have
|
||||
passed by). For further information about the coding style used in this
|
||||
project, please check: https://www.chromium.org/blink/coding-style
|
||||
|
||||
## Linux
|
||||
Provides explanative commit messages. Your first line should give the highlights of your
|
||||
patch, 3rd and on give a more detailed explanation/technical details about your
|
||||
patch. Patch explanation is valuable during the review process.
|
||||
|
||||
<p align="center">
|
||||
<img alt="Linux" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-linux.svg" />
|
||||
</p>
|
||||
### Don’t know where to start?
|
||||
|
||||
List of supported Linux distros :
|
||||
Within our code there are various items marked as TODO or FIXME that may need
|
||||
your attention. Check the list of items by performing a grep:
|
||||
|
||||
- Debian 11 "Bullseye"
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
- Fedora 37
|
||||
- RHEL 8.7
|
||||
```
|
||||
$ cd /path/to/modsecurity-nginx
|
||||
$ egrep -Rin "TODO|FIXME" -R *
|
||||
```
|
||||
|
||||
Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
|
||||
A TODO list is also available as part of the Doxygen documentation.
|
||||
|
||||
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.1/integrations/#linux) of the documentation.
|
||||
### Testing your patch
|
||||
|
||||
## Ansible
|
||||
Along with the manual testing, we strongly recommend you to use the our
|
||||
regression tests and unit tests. If you have implemented an operator, don’t
|
||||
forget to create unit tests for it. If you implement anything else, it is encouraged that you develop complimentary regression tests for it.
|
||||
|
||||
<p align="center">
|
||||
<img alt="Ansible" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-ansible.svg" />
|
||||
</p>
|
||||
The regression test and unit test utilities are native and do not demand any
|
||||
external tool or script, although you need to fetch the test cases from other
|
||||
repositories, as they are shared with other versions of ModSecurity, those
|
||||
others repositories git submodules. To fetch the submodules repository and run
|
||||
the utilities, follow the commands listed below:
|
||||
|
||||
List of supported Linux distros :
|
||||
```shell
|
||||
$ cd /path/to/your/ModSecurity
|
||||
$ git submodule foreach git pull
|
||||
$ cd test
|
||||
$ ./regression-tests
|
||||
$ ./unit-tests
|
||||
```
|
||||
|
||||
- Debian 11 "Bullseye"
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
- Fedora 37
|
||||
- RHEL 8.7
|
||||
### Debugging
|
||||
|
||||
[Ansible](https://www.ansible.com/) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
|
||||
|
||||
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
|
||||
Before start the debugging process, make sure of where your bug is. The problem
|
||||
could be on your connector or in libmodsecurity. In order to identify where the
|
||||
bug is, it is recommended that you develop a regression test that mimics the
|
||||
scenario where the bug is happening. If the bug is reproducible with the
|
||||
regression-test utility, then it will be far simpler to debug and ensure that it never occurs again. On Linux it is
|
||||
recommended that anyone undertaking debugging utilize gdb and/or valgrind as needed.
|
||||
|
||||
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.1/integrations/#ansible) of the documentation.
|
||||
During the configuration/compilation time, you may want to disable the compiler
|
||||
optimization making your “back traces” populated with readable data. Use the
|
||||
CFLAGS to disable the compilation optimization parameters:
|
||||
|
||||
## Vagrant
|
||||
```shell
|
||||
$ export CFLAGS="-g -O0"
|
||||
$ ./build.sh
|
||||
$ ./configure
|
||||
$ make
|
||||
$ sudo make install
|
||||
```
|
||||
|
||||
We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following providers :
|
||||
|
||||
- virtualbox
|
||||
- libvirt
|
||||
## Reporting Issues
|
||||
|
||||
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.1/integrations/#vagrant) of the documentation.
|
||||
If you are facing a configuration issue or something is not working as you
|
||||
expected to be, please use the ModSecurity user’s mailing list. Issues on GitHub
|
||||
are also welcomed, but we prefer to have user ask questions on the mailing list first so that you can reach an entire community. Also don’t forget to look for existing issues before open a new one.
|
||||
|
||||
# Quickstart guide
|
||||
If you are going to open a new issue on GitHub, don’t forget to tell us the
|
||||
version of your libmodsecurity and the version of a specific connector if there
|
||||
is one.
|
||||
|
||||
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.1/quickstart-guide/) that will cover the following common use cases :
|
||||
|
||||
- Protecting a single HTTP application
|
||||
- Protecting multiple HTTP application
|
||||
- Retrieving the real IP of clients when operating behind a load balancer
|
||||
- Adding custom configurations
|
||||
- Protecting generic TCP/UDP applications
|
||||
- In combination with PHP
|
||||
### Security issue
|
||||
|
||||
# Security tuning
|
||||
Please do not make public any security issue. Contact us at:
|
||||
security@modsecurity.org reporting the issue. Once the problem is fixed your
|
||||
credit will be given.
|
||||
|
||||
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.1/settings). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
|
||||
## Feature request
|
||||
|
||||
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.1/security-tuning) of the documentation.
|
||||
We are open to discussing any new feature request with the community via the mailing lists. You can alternativly,
|
||||
feel free to open GitHub issues requesting new features. Before opening a
|
||||
new issue, please check if there is one already opened on the same topic.
|
||||
|
||||
# Settings
|
||||
## Bindings
|
||||
|
||||
To help you tuning BunkerWeb we have made an easy to use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io).
|
||||
The libModSecurity design allows the integration with bindings. There is an effort to avoid breaking API [binary] compatibility to make an easy integration with possible bindings. Currently, there are two notable projects maintained by the community:
|
||||
* Python - https://github.com/actions-security/pymodsecurity
|
||||
* Varnish - https://github.com/xdecock/vmod-modsecurity
|
||||
|
||||
As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server you will need to add the primary (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.
|
||||
## Packaging
|
||||
|
||||
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
|
||||
Having our packages in distros on time is a desire that we have, so let us know
|
||||
if there is anything we can do to facilitate your work as a packager.
|
||||
|
||||
Check the [settings section](https://docs.bunkerweb.io/1.5.1/settings) of the documentation to get the full list.
|
||||
## Sponsor Note
|
||||
|
||||
# Web UI
|
||||
|
||||
<p align="center">
|
||||
<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4" target="_blank"><img alt="BunkerWeb UI demo" src="https://yt-embed.herokuapp.com/embed?v=Ao20SfvQyr4" /></a>
|
||||
</p>
|
||||
|
||||
The "Web UI" is a web application that helps you manage your BunkerWeb instance using a user-friendly interface instead of the command-line one.
|
||||
|
||||
- Start, stop, restart and reload your BunkerWeb instance
|
||||
- Add, edit and delete settings for your web applications
|
||||
- Add, edit and delete custom configurations for NGINX and ModSecurity
|
||||
- Install and uninstall external plugins
|
||||
- Explore the cached files
|
||||
- Monitor jobs execution
|
||||
- View the logs and search pattern
|
||||
|
||||
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.1/web-ui) of the documentation.
|
||||
|
||||
# Plugins
|
||||
|
||||
BunkerWeb comes with a plugin system to make it possible to easily add new features. Once a plugin is installed, you can manage it using additional settings defined by the plugin.
|
||||
|
||||
Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins) repository for more information) :
|
||||
|
||||
| Name | Version | Description | Link |
|
||||
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
|
||||
| **ClamAV** | 1.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
||||
| **Coraza** | 1.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
|
||||
| **CrowdSec** | 1.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
||||
| **Discord** | 1.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
||||
| **Slack** | 1.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
|
||||
| **VirusTotal** | 1.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
||||
| **WebHook** | 1.1 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
|
||||
|
||||
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.1/plugins) of the documentation.
|
||||
|
||||
# Support
|
||||
|
||||
## Professional
|
||||
|
||||
We offer professional services related to BunkerWeb like :
|
||||
|
||||
* Consulting
|
||||
* Support
|
||||
* Custom development
|
||||
* Partnership
|
||||
|
||||
Please contact us at [contact@bunkerity.com](mailto:contact@bunkerity.com) if you are interested.
|
||||
|
||||
## Community
|
||||
|
||||
To get free community support you can use the following medias :
|
||||
|
||||
* The #help channel of BunkerWeb in the [Discord server](https://discord.com/invite/fTf46FmtyD)
|
||||
* The help category of [GitHub dicussions](https://github.com/bunkerity/bunkerweb/discussions)
|
||||
* The [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit
|
||||
* The [Server Fault](https://serverfault.com/) and [Super User](https://superuser.com/) forums
|
||||
|
||||
Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) to ask for help, use it only for bug reports and feature requests.
|
||||
|
||||
# License
|
||||
|
||||
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/tree/1.5.1/LICENSE.md).
|
||||
|
||||
# Contribute
|
||||
|
||||
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/tree/1.5.1/CONTRIBUTING.md) to get started.
|
||||
|
||||
# Security policy
|
||||
|
||||
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/tree/1.5.1/SECURITY.md) for more information.
|
||||
Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
|
||||
|
|
|
|||
18
SECURITY.md
18
SECURITY.md
|
|
@ -1,17 +1,9 @@
|
|||
# Security policy
|
||||
# Security Policy
|
||||
|
||||
Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.
|
||||
## Supported Versions
|
||||
|
||||
## Responsible disclosure
|
||||
The latest versions of both v2.9.x and v3.0.x are supported.
|
||||
|
||||
If you have found a security bug, please send us an email at security \[@\] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Here is a non-exhaustive list of issues we consider as high risk :
|
||||
- Vulnerability in the code
|
||||
- Bypass of a security feature
|
||||
- Vulnerability in a third-party dependency
|
||||
- Risk in the supply chain
|
||||
|
||||
## Bounty
|
||||
|
||||
To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.
|
||||
For information on how to report a security issue, please see https://github.com/SpiderLabs/ModSecurity#security-issue
|
||||
|
|
|
|||
5
TODO
5
TODO
|
|
@ -1,5 +0,0 @@
|
|||
- Ansible
|
||||
- Vagrant
|
||||
- Plugins
|
||||
- Find a way to do rdns in background
|
||||
- fix db warnings (Got an error reading communication packets)
|
||||
|
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
|
|
@ -1,4 +0,0 @@
|
|||
FROM squidfunk/mkdocs-material
|
||||
|
||||
COPY mkdocs.yml /docs
|
||||
COPY docs /docs/docs
|
||||
|
|
@ -1,97 +0,0 @@
|
|||
# About
|
||||
|
||||
## Who maintains BunkerWeb ?
|
||||
|
||||
BunkerWeb is maintained by [Bunkerity](https://www.bunkerity.com), a French 🇫🇷 company specialized in Cybersecurity 🛡️.
|
||||
|
||||
## Do you offer professional services ?
|
||||
|
||||
Yes, we offer professional services related to BunkerWeb such as :
|
||||
|
||||
- Consulting
|
||||
- Support
|
||||
- Custom development
|
||||
- Partnership
|
||||
|
||||
Please contact us at [contact@bunkerity.com](mailto:contact@bunkerity.com) if you are interested.
|
||||
|
||||
## Where to get community support ?
|
||||
|
||||
To get free community support, you can use the following medias :
|
||||
|
||||
- The #help channel of BunkerWeb in the [Discord server](https://discord.com/invite/fTf46FmtyD)
|
||||
- The help category of [GitHub dicussions](https://github.com/bunkerity/bunkerweb/discussions)
|
||||
- The [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit
|
||||
- The [Server Fault](https://serverfault.com/) and [Super User](https://superuser.com/) forums
|
||||
|
||||
Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) to ask for help, use it only for bug reports and feature requests.
|
||||
|
||||
## How can I contribute ?
|
||||
|
||||
Here is a non-exhaustive list of what you can do :
|
||||
|
||||
- Join the [Discord server](https://discord.com/invite/fTf46FmtyD), [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit and [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions) to talk about the project and help others
|
||||
- Follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)
|
||||
- Report bugs and propose new features using [issues](https://github.com/bunkerity/bunkerweb/issues)
|
||||
- Contribute to the code using [pull requests](https://github.com/bunkerity/bunkerweb/pulls)
|
||||
- Write an awesome [plugin](plugins.md)
|
||||
- Talk about BunkerWeb to your friends/colleagues, on social media, on your blog, ...
|
||||
|
||||
## How to report security issue ?
|
||||
|
||||
Please contact us at [security@bunkerity.com](mailto:security@bunkerity.com) using the following PGP key :
|
||||
|
||||
```conf
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGCEMiMBEACtXJBDbF86qjC/Q1cfmJfYcYrbk6eE5czknG294XObC97wAgDf
|
||||
/MbX6bnti4kDRpflGDqQtwOXudcEzledTD4bdDUKvZwqPoYQGa24uCuUxSINTLXr
|
||||
RuoMaKfpvs7trsFXp5iYUqf4Org2aaJE7Tk/9sOvxgdqsT22jEgCZXTRU1qG494U
|
||||
u6XRQN8hKlw6aa6njjX9vUk6Jpl46/kwwO9mpXBZX6iFKYnBlUWs2k8d6D6cO5aZ
|
||||
KLoYyz5v3Gw2hHSqj4qbVQPTIT7qrrcfd8nblYK7Dh3IM+vQq7a7lB0AudIyBNPd
|
||||
rsypi9ZYgwI3lv/rmQnDc32Ua5cLvTvgg/XoaNK9ogc3kei1+hXODEgRA/zvSKqq
|
||||
20i/1Y0OnIGv89LOI6urWpOgDAhQUV5xvANll2lm3Bkmy29UOzNadUc/yImxrM06
|
||||
HwX82ju6PFAqOaxMW6SEE71ylGOSlikAGNcmmc5Ihd1J/VRZA4PBiQ31gQxFRpUC
|
||||
3NTw2QNAD1kjni5PuQD10Q1Ognvb6uJh/MtqsoX6r1t+Oly9MblFSuyqFkqNO3F0
|
||||
QAJqprhJlQ3YOcJdJ1EZR7qs0xJm5h+lw0Z/UINqkwiZUW3PCO8BKxfq6sfdwM8L
|
||||
5hPhyUzy2gIJ0J/4NGYEBH1ojoYODGU8OCSmyjSTY9SoVMeWDfqYP4ZTvQARAQAB
|
||||
tCVidW5rZXJpdHktcGdwIDxjb250YWN0QGJ1bmtlcml0eS5jb20+iQJUBBMBCAA+
|
||||
FiEEw78SjkcVxXCq7hStPYCAbxJgKnwFAmCEMiMCGwMFCQPCIP0FCwkIBwIGFQoJ
|
||||
CAsCBBYCAwECHgECF4AACgkQPYCAbxJgKnzvYhAAnNqGB6ce2eZzwk1EiNlNaXaA
|
||||
hFWLq/s/J1IOAP+0V5jKJxA6zTX01HyIfIIHQy6nrxxEXzYsIUHdJ+HBPCNswCqn
|
||||
2d/aDkkfoEUc1bUD0c2bXfoSCsAeIoK+eOf6iSr4IENVoIUYFQTUKFNu+Y7eDL0I
|
||||
J8Xadg53G+fkK9LE6TeYpBs3hDT4w7vlDfIwWa1NC9HoLzSmZ2fqZ7SnihLGsLmp
|
||||
98VqDrDjhRPzrz5/tVYgvPCQQU5ED/TayCCYvrGpw9gP8qmEOabIUz0ppGwEfQVs
|
||||
Wycilm1/Js/qjdbxUFMipBIzDu7bI3kMLmENhI+16Xtub9dUrvkW2SdDngYhtWj8
|
||||
IzVOe6N/XDuiRGpaYFpEuXbrnDFexe1ygZwnVHt3fukPfa7W8mhMs2kY1ishIA0O
|
||||
WElKO1Q6N0ZWEad0PwM8NCDjaDUNWQC36ZF/MS+ipHWx9joPUjImY2AXDjN+L+Si
|
||||
ABQIe4Fo6Jx6S6Bi8YvPq8idYZvaWFJjBvmaPjxdUMPbIsMRiEjvlrhvqhLuVBpE
|
||||
lGA+M4UJGw5yBl+yiiLDuws/Fppv9HwNqw6Uq1m1XaW859Om1GGBKYfphyn+fHjR
|
||||
7ftOuT7Ss4zioXT4mscOZgkfzDAqgpZiHjYhe7tLUu7iD6UEsZmey/gRV0hCxng3
|
||||
N7yaRrBu0+3sIQV4jYC5Ag0EYIQyIwEQALSurJGOx7At5mRFjvhXd4/JHuBZZOSI
|
||||
M45LSJ+mKYnAGmwsL0AneZMIf6Yc0Vcn32oqlIXN5aB8jIt91pChLre8tl/lFZZP
|
||||
xY3WIEBJhZF0FIUqSQLjg4HD0S70REii7Om1kgtZueid8V6T5F1JDcO2mDoh8oc9
|
||||
h9nRQ1Ld6dblEuwBzbFkI1K6OUk1+ec7+mQc7orHdBVgelmqwG7fGZnPiN3XfklF
|
||||
dnwSkFIX/qkAsKQmmx1VSzaGFoPLajf4wrkzZdA3iEafsHyvdEFlezZCZ7TsoHBh
|
||||
tNg1Psg6MbBVgiMfHyRHSEBJZ7r5Awj2MpFUFMOd1IPcor1I254mx0VYfCvof4Km
|
||||
Ri1F/86kHc23A77pd4HFYZWiZjaWhh12L+wz5fDL5/sSFXVGSCtSWIKx6FjysZ+v
|
||||
szk3lItHoomZhA7M+FjU/cOjq9hae9uwZeU39DQk0/npln2RcHitoqgUIzII5woO
|
||||
S3SlMSc910tHf40D2cBr1iFKC0jQICjkDexB9CtNx/N25SJmLfiimYtk6/NHlPq4
|
||||
HXdq6ZfLZ7xQmuGcyWv4f0pwA2CK3twISpsIxIKe456WYTDtQu9d1s987dvmw6F/
|
||||
qURC6m2WPGroHb8COQTKzbshjpGUmLpyR3FXki4wNXeI1KaQLL7NpZmK6yJlWviO
|
||||
1sCjh4m7VS+zABEBAAGJAjwEGAEIACYWIQTDvxKORxXFcKruFK09gIBvEmAqfAUC
|
||||
YIQyIwIbDAUJA8Ig/QAKCRA9gIBvEmAqfP2WEACqmXEhu4ARl2yT9bay0+W3F1q1
|
||||
MrLQkcVOau2ihXx3PhYsXRUoEFj72VDAar41WIlHsPJfB14WtSlYcX2XdjHLHMpC
|
||||
dL2eGhqIcHzFChR0vGjtvm2wae/rJTChWf8WXiHrRnRcfFFfhpCvkNi43fQeH4yp
|
||||
cel2a35WV+IRbnkCkaly2NG3XO0t83Siok8Ku+OJGPatUMxJmaEVQeeXVPDzVRva
|
||||
rtvyd9Sclkd9QDPBLZyWHC1vsPKGRJpi5uDZjGxhaFRkimw/SYtFHj7AUrMKAIHB
|
||||
GfEcwC3Eq4rF0FeCOPfBd2vwGGrRflx76jK9rj288ta9Oq6u6ev8PCVzt0E7jrSf
|
||||
AX88vfVRcxihNfj/9i5xmY596jpgbvNA2aJX2hAO3Q8pD6AunVXPUyc3RlFHt7jC
|
||||
tL+9Xv7Qwjz7OToWqj+9cM6T+6oZLxYNVPT72Z/KOFW+mzGb87qjcsDMb/hu2fNq
|
||||
tSWyZk2AAgHQyG1y8vCQQzsDnUDM6NIPwYG5XMP+11WAsPk5fP1ksixpUqIWgjhY
|
||||
M22YUsjLeaRtgSmhAGIkbBgecs1EHSZZ6sf2lB8gSom1wW0UCBPSifP0DwYFizS5
|
||||
SOk62kZ0lqEctwgKDe3MNQnPxt9+tU9L1pIkyXgXihcOLiCMl434K0djJXxIbiX0
|
||||
JvbFAfI3qteepvnjBQ==
|
||||
=g1tf
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
```
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
:root {
|
||||
--md-primary-fg-color: #125678;
|
||||
--md-text-font: "Roboto";
|
||||
}
|
||||
|
||||
.md-footer {
|
||||
background-color: #125678;
|
||||
}
|
||||
|
||||
/*
|
||||
@font-face {
|
||||
font-family: Consolas, monaco, monospace;
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: "TitleFont";
|
||||
src: "assets/font-title.woff";
|
||||
}
|
||||
*/
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 1.4 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 38 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 76 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 138 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 48 MiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 91 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 104 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 70 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 170 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 98 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 138 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 111 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.6 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 4.0 KiB |
146
docs/concepts.md
146
docs/concepts.md
|
|
@ -1,146 +0,0 @@
|
|||
# Concepts
|
||||
|
||||
<figure markdown>
|
||||
{ align=center }
|
||||
</figure>
|
||||
|
||||
## Integrations
|
||||
|
||||
The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
|
||||
|
||||
The following integrations are officially supported :
|
||||
|
||||
- [Docker](integrations.md#docker)
|
||||
- [Docker autoconf](integrations.md#docker-autoconf)
|
||||
- [Swarm](integrations.md#swarm)
|
||||
- [Kubernetes](integrations.md#kubernetes)
|
||||
- [Linux](integrations.md#linux)
|
||||
- [Ansible](integrations.md#ansible)
|
||||
- [Vagrant](integrations.md#vagrant)
|
||||
|
||||
If you think that a new integration should be supported, do not hesitate to open a [new issue](https://github.com/bunkerity/bunkerweb/issues) on the GitHub repository.
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
The technical details of all BunkerWeb integrations are available in the [integrations section](integrations.md) of the documentation.
|
||||
|
||||
## Settings
|
||||
|
||||
Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
|
||||
|
||||
The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
|
||||
|
||||
Here is a dummy example of a BunkerWeb configuration :
|
||||
|
||||
```conf
|
||||
SERVER_NAME=www.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_ANTIBOT=captcha
|
||||
REFERRER_POLICY=no-referrer
|
||||
USE_MODSECURITY=no
|
||||
USE_GZIP=yes
|
||||
USE_BROTLI=no
|
||||
```
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
The complete list of available settings with descriptions and possible values is available in the [settings section](settings.md) of the documentation.
|
||||
|
||||
!!! info "Settings generator tool"
|
||||
|
||||
To help you tune BunkerWeb, we offer an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io).
|
||||
|
||||
## Multisite mode
|
||||
|
||||
Understanding the multisite mode is essential when utilizing BunkerWeb. As our primary focus is safeguarding web applications, our solution is intricately linked to the concept of "virtual hosts" or "vhosts" (more info [here](https://en.wikipedia.org/wiki/Virtual_hosting)). These virtual hosts enable the serving of multiple web applications from a single instance or cluster.
|
||||
|
||||
By default, BunkerWeb has the multisite mode disabled. This means that only one web application will be served, and all settings will be applied to it. This setup is ideal when you have a single application to protect, as you don't need to concern yourself with multisite configurations.
|
||||
|
||||
However, when the multisite mode is enabled, BunkerWeb becomes capable of serving and protecting multiple web applications. Each web application is identified by a unique server name and has its own set of settings. This mode proves beneficial when you have multiple applications to secure, and you prefer to utilize a single instance (or a cluster) of BunkerWeb.
|
||||
|
||||
The activation of the multisite mode is controlled by the `MULTISITE` setting, which can be set to `yes` to enable it or `no` to keep it disabled (which is the default value).
|
||||
|
||||
Each setting within BunkerWeb has a specific context that determines where it can be applied. If the context is set to "global," the setting can't be applied per server or site but is instead applied to the entire configuration as a whole. On the other hand, if the context is "multisite," the setting can be applied globally and per server. To define a multisite setting for a specific server, simply add the server name as a prefix to the setting name. For example, `app1.example.com_AUTO_LETS_ENCRYPT` or `app2.example.com_USE_ANTIBOT` are examples of setting names with server name prefixes. When a multisite setting is defined globally without a server prefix, all servers inherit that setting. However, individual servers can still override the setting if the same setting is defined with a server name prefix.
|
||||
|
||||
Understanding the intricacies of multisite mode and its associated settings allows you to tailor BunkerWeb's behavior to suit your specific requirements, ensuring optimal protection for your web applications.
|
||||
|
||||
Here's a dummy example of a multisite BunkerWeb configuration :
|
||||
|
||||
```conf
|
||||
MULTISITE=yes
|
||||
SERVER_NAME=app1.example.com app2.example.com app3.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_GZIP=yes
|
||||
USE_BROTLI=yes
|
||||
app1.example.com_USE_ANTIBOT=javascript
|
||||
app1.example.com_USE_MODSECURITY=no
|
||||
app2.example.com_USE_ANTIBOT=cookie
|
||||
app2.example.com_WHITELIST_COUNTRY=FR
|
||||
app3.example.com_USE_BAD_BEHAVIOR=no
|
||||
```
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples) directory of the repository.
|
||||
|
||||
## Custom configurations
|
||||
|
||||
To address unique challenges and cater to specific use cases, BunkerWeb offers the flexibility of custom configurations. While the provided settings and [external plugins](plugins.md) cover a wide range of scenarios, there may be situations that require additional customization.
|
||||
|
||||
BunkerWeb is built on the renowned NGINX web server, which provides a powerful configuration system. This means you can leverage NGINX's configuration capabilities to meet your specific needs. Custom NGINX configurations can be included in various [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) such as HTTP or server, allowing you to fine-tune the behavior of BunkerWeb according to your requirements. Whether you need to customize global settings or apply configurations to specific server blocks, BunkerWeb empowers you to optimize its behavior to align perfectly with your use case.
|
||||
|
||||
Another integral component of BunkerWeb is the ModSecurity Web Application Firewall. With custom configurations, you have the flexibility to address false positives or add custom rules to further enhance the protection provided by ModSecurity. These custom configurations allow you to fine-tune the behavior of the firewall and ensure that it aligns with the specific requirements of your web applications.
|
||||
|
||||
By leveraging custom configurations, you unlock a world of possibilities to tailor BunkerWeb's behavior and security measures precisely to your needs. Whether it's adjusting NGINX configurations or fine-tuning ModSecurity, BunkerWeb provides the flexibility to meet your unique challenges effectively.
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples) directory of the repository.
|
||||
|
||||
## Database
|
||||
|
||||
BunkerWeb securely stores its current configuration in a backend database, which contains essential data for smooth operation. The following information is stored in the database:
|
||||
|
||||
- **Settings for all services**: The database holds the defined settings for all the services provided by BunkerWeb. This ensures that your configurations and preferences are preserved and readily accessible.
|
||||
|
||||
- **Custom configurations**: Any custom configurations you create are also stored in the backend database. This includes personalized settings and modifications tailored to your specific requirements.
|
||||
|
||||
- **BunkerWeb instances**: Information about BunkerWeb instances, including their setup and relevant details, is stored in the database. This allows for easy management and monitoring of multiple instances if applicable.
|
||||
|
||||
- **Metadata about job execution**: The database stores metadata related to the execution of various jobs within BunkerWeb. This includes information about scheduled tasks, maintenance processes, and other automated activities.
|
||||
|
||||
- **Cached files**: BunkerWeb utilizes caching mechanisms for improved performance. The database holds cached files, ensuring efficient retrieval and delivery of frequently accessed resources.
|
||||
|
||||
Under the hood, whenever you edit a setting or add a new configuration, BunkerWeb automatically stores the changes in the database, ensuring data persistence and consistency. BunkerWeb supports multiple backend database options, including SQLite, MariaDB, MySQL, and PostgreSQL.
|
||||
|
||||
Configuring the database is straightforward using the `DATABASE_URI` setting, which follows the specified formats for each supported database:
|
||||
|
||||
- **SQLite**: `sqlite:///var/lib/bunkerweb/db.sqlite3`
|
||||
- **MariaDB**: `mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db`
|
||||
- **MySQL**: `mysql+pymysql://bunkerweb:changeme@bw-db:3306/db`
|
||||
- **PostgreSQL**: `postgresql://bunkerweb:changeme@bw-db:5432/db`
|
||||
|
||||
By specifying the appropriate database URI in the configuration, you can seamlessly integrate BunkerWeb with your preferred database backend, ensuring efficient and reliable storage of your configuration data.
|
||||
|
||||
<figure markdown>
|
||||
{ align=center, width="800" }
|
||||
<figcaption>Database Schema</figcaption>
|
||||
</figure>
|
||||
|
||||
## Scheduler
|
||||
|
||||
For seamless coordination and automation, BunkerWeb employs a specialized service known as the scheduler. The scheduler plays a vital role in ensuring smooth operation by performing the following tasks:
|
||||
|
||||
- **Storing settings and custom configurations**: The scheduler is responsible for storing all the settings and custom configurations within the backend database. This centralizes the configuration data, making it easily accessible and manageable.
|
||||
|
||||
- **Executing various tasks (jobs)**: The scheduler handles the execution of various tasks, referred to as jobs. These jobs encompass a range of activities, such as periodic maintenance, scheduled updates, or any other automated tasks required by BunkerWeb.
|
||||
|
||||
- **Generating BunkerWeb configuration**: The scheduler generates a configuration that is readily understood by BunkerWeb. This configuration is derived from the stored settings and custom configurations, ensuring that the entire system operates cohesively.
|
||||
|
||||
- **Acting as an intermediary for other services**: The scheduler acts as an intermediary, facilitating communication and coordination between different components of BunkerWeb. It interfaces with services such as the web UI or autoconf, ensuring a seamless flow of information and data exchange.
|
||||
|
||||
In essence, the scheduler serves as the brain of BunkerWeb, orchestrating various operations and ensuring the smooth functioning of the system.
|
||||
|
||||
Depending on the integration approach, the execution environment of the scheduler may differ. In container-based integrations, the scheduler is executed within its dedicated container, providing isolation and flexibility. On the other hand, for Linux-based integrations, the scheduler is self-contained within the bunkerweb service, simplifying the deployment and management process.
|
||||
|
||||
By employing the scheduler, BunkerWeb streamlines the automation and coordination of essential tasks, enabling efficient and reliable operation of the entire system.
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -1 +0,0 @@
|
|||
<mxfile host="app.diagrams.net" modified="2022-10-13T12:11:36.746Z" agent="5.0 (Windows)" etag="qIM9S_K3KBWfpHSqmD4a" version="20.4.0"><diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">7Z1df6I4FIc/jZfdHxDevFSkrVuHzqjdrntHlVF20HQR2zqffkMhAglqtEJoYW4Gjrz/z3OScxJoCxjLtxvffl58gzPHa0nC7K0Fei1JkkRdR/+Flm1sAWo7ssx9dxbZxMQwcn87sVGIrRt35qwzGwYQeoH7nDVO4WrlTIOMzfZ9+Jrd7Cf0smd9tucOZRhNbY+2PrqzYBFZdUlL7LeOO1/gM4v4/pY23ji+k/XCnsHXlAmYLWD4EAbR0vLNcLzw6eHn8tjfPnqDX+rNnz/W/9kP3bux9ddVdLDrU3bZ3YLvrIKzD73a2Lf9lfFyfbUdXc2DjvjPuH8lg+jYL7a3iR9YfLPBFj9BZ4YeaLwK/WAB53Ble2Zi7fpws5o54XkEtJZsM4DwGRlFZPzXCYJt7B32JoDItAiWXvxrdM7wRIRoR+443m4NN/7UOXCbsYKB7c+d4NDjkHa6IiIcuHQCf4t29B3PDtyX7NXZsWfOd9slTx8txAKcIIaQo4XqoevtztwXtDgPFzuGYY5G+Ad0ntRvOZt3zZu+he1PPrkluT8pvechTkOJXxdu4Iye7ffH/IpiRZ6AL44fOG9nSEg/cRyA2nJ0nDj8KNHaa0KyiPFcpCjWhYIkwnh8cV5kRl6kPeqVw4tMafF42x+bg/5obKI19GyvKXH8BVw+bdbHPfqn63kG9KD/vh8QRUXVtNAOV0HKfv3+r0ACVFXIEHCF/T3NgJLDgAgKg4B+8F8Rgl135SgFgCcF+MBHmo3B0Oz0JiEVzI0B3Zh0LCsh68w2hZ3APaTtI7MoAvV29QhU60EgYCVQ4Uog3YnuDjrG3YUaoopgIO56WhXiQK8HBworBxpXDhRKjZuhOfliGAClehhoLF0A4/7BGg8nTWt/WF9Fr5y+oB5Zp9RmDHOAa9qJL/Mwbbuol5RfjhLXs0bdQe2BE9v8gatHhgtYM1zANcMFTBnuOcB1H6w7c2iZ49pBR/ZiqgBdXi+mfOjQY/W3f6dXJuHB/lDwau8tPni0to3XCoeVNRkG+gdhjXf9Dl104YnLCHLWZSRFyR4jurJ4N8IZdtfxAf/IG6uikB52xiYz/4P+t/64hn1cMpWvAv108niQfsd7gq9p8N8N6IfwcblT23sHdNYJh5CRderZ67U7zeqRjRXngu+8ucFuN7Sc2gutJTuFK2UFC5wRHq8YtPM9JeUIeX6AbR+NKaqWdUSF9K/oTqmYQh9JI1xaJscA90Qn5CD2NrXZc7jB+sAla8SAjKhmxt3RQnTIi8Y+WWmaQrKFYxnP55oogrzqJD0yY4373fuwB2rcmsYdc9tlmWavfk2X1q5cy4W7RRedt2Fava8zawMpQotU6rwNWW3iJxkWWeKnkK9zSfM7mPL+UQqVo1gZt53BwLRu9qYIZHzcuYDIECOzsRB1BAxVPxA7i8JPJgpqzNOm1MLwk7niJ1QMP4kVP670SSz0fR/en9SuDc0fD+ZofH6H5SsAydocFscj04Bhz7TYRwsbYdMq8lP2xBkRBZZRUoF2komzh8soeLkKZRSZtYyyr6NUThll97JF7IaA7EezVlEkorYByKTpQkUUmaw/KmXUUPLGbT9VhTHBYdJK6o2cKozMOcSeOUnloLErKOKyIBl5WdEgR6llsRg0qAJHGWgoeSWMBo2ip63yRUMjau9y+0w0dLL0LheDRlvggUZeEaJBo+iZrJxbDeFSrYZSTqshCjx6VEpeiaBho+gxW85skEO2pEuzsqGSzQYJ2aXYEAEPNk58s7rqbAh82WCdGsyZDfVIT4iZDTKjJ/tmn5uNE6fXNmwcYoN5Fi/ndIPwtLOn+mhkJl7UTB8+fapPPw+uUmx8jlScDPfntxtkAbegdqMt8kCDbT7VYHD/2Axb5XrznmErgN2N27CV0tTmecyPVPa8KlBSb5kojijnDlupwpGuxYWiHjlbGWglRD3MXAXQIEZ0RVY00t0BziO6CvPUYa4juoB412ZXkDwVDUAMJ8lKMWjIZMJaBhpasXnkCq6cg1yc0eFFh792w7ssZ/4CTx/WyfB+bqFQJI+EneviGR8gP7ZVxrsdGkvGV0pf5oPuWPHuxnE3Yq5AENGZtXJ9MY+hEyHrnvIZlDQEWS9ZBz785eBMIw5v6aQkNtmeO1+FroZkd5C9i+NjJ/5h6c5m7wE0L+HJ+mKroByGHHSmp1SqOa5U2EsgGp3A1E4SUSAjPl9NdLrnXD9NJL1amtDTKSbmqG6iKGK1RJEaUChN8mbpl6sKPYJcP1U08jslgLcqdM5ZP1XIRoU/K3QOVT9VBKFqqtCfqa1fY08WjfmrQr/8VTtWdLJcib+ozE0UOqWvISrkpzfxRCFeqrTpDLJ+qlBj/XidmypNDhmqIFdNliaLROmJVjVV6CyyhrAoxBdp+MtCp5GNLLtvqfGThc4jaygLFcS4y9IkknktfnGyoNXkDxtGw5bJ34cE5v8=</diagram></mxfile>
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -1 +0,0 @@
|
|||
<mxfile host="app.diagrams.net" modified="2022-04-18T18:09:08.815Z" agent="5.0 (Windows)" etag="uCmxwbMvDXNNCQliGYIF" version="17.4.5"><diagram id="To2Da4PRRWEcok_Ws3eM" name="Page-1">7Vxtd6I4FP41fqyHFwP40aLOetrRbtvZmf2IEJEtEhdia/fXb4IBIYnjS8XiDJ6eCjchyM3zPCT3Blq6vVh/iZ3l/CvyYNjSFG/d0vstTVMV3SJf1PK+sQDT2Bj8OPBYpa3hKfgPZkcy6yrwYFKqiBEKcbAsG10URdDFJZsTx+itXG2GwvJZl44PBcOT64Si9Xvg4TmzqoqyLfgDBv6cndoCrGDhZJWZIZk7HnormPRBS7djhPBma7G2YUidl/llc9xwR2n+w2IY4UMOGGkTy5v/dzddjpcunPQj95+7G9YZr064Yhfc0oyQtHc7JRs+3bAn4+fHyT2p9XDfGw+ycnKivAq7QPyeeS1Gq8iD9MQqKX6bBxg+LR2Xlr4RnBDbHC9CVjwLwtBGIYrJfoQiUuk2wTF6gZmxpemqBgzTopVRhIfOIggpnmwUJSh0EmZ/Qqs4PcccYwIPDeg98o84hP6jFZK2j5AfQmcZJG0XLdICN0mrDmebVskm367sd7zCGAcEJr0w8CNShtEyd0SxT1g30epwXTCxPvoC0QLimJxWYaUdk+Hlndt/28IvZ8e8gDzVYEaHQd7P296igmwwYBwBEnU/SMaTPkGGQj3UAKRagKigDJBcYPYCpFMVQDrHAERrAHJZBakBQMAxABk3AKkWIGa3dgAxJQDhOpyMn5Z0cxbCdY+O7IgzYOSxzb5LnJkEbrnftyBROBQQRw+HBvkIUGD4uDQK5L0dOlMYPqAkwAGiVpf0OowL1e+5ClOEMTmffuuwdvIjyHf8/oO6og2y3b+ZZ9Kd/rq09872dgIOO7EP8f5xA/RKQ2wRlgXYAQnqMlsMQwcHr+WBuQyJ7AwPKCC/OEe9BkAJ9cJ4KUl7lR1VHEjzDell+phcOxu/CO2kvMiv+nSqWAJVRmN78nU0/kKsz4+94XBkC+QhyoDL1JCDXtRJAUc8UBeB59HTSDWYI+AOpbs0186goUAFbbVbwkFXVFFV7bYNTYS0DirS0e6HdZR1eyOiO0TUGwa0S34ujbWRvLJSqcA4TfK6yp6GKta8bDDSjA9+pfFBp1ZkASY3PtBPHB8A0GmrWrmtC48RVFnIpuHLlfMF1IovVvdM42lL3zEdvRRZtE8giweg5XV+G7IkpA9x5q1piNwX6sB1gH8wZ9HtlD1tDbDdLX/oTkafLe1KpGOHncK7JHPoToBc5f1MN8r81Exu0nEoPzvmnoaq5qcu8HM0fh48jnv3zYz3cjNe3VDaSvFjlFGR7X/m9FeVZSIaKW+knJPoKxtqGRY3QrK67RPFXIj9i01VLediMqiR88vLOcFUSc7VGqq5LCu0SQ1Sv21Tg0Wb4jnYuaHbN0nspkcZ/67QBjy0A6j7ifN3uD51fO72gtPzVrLT3n4b3w0evw9uC+lK2c8SzByyT05kFgH482xmaZJOP9cJWY2LQubyWgKpRIYrS1uqYjLm4mhUZg675WW23ZhN0ao8DR7/GtmDmgO0AsDo6qcDRpagqYGkHQOiKxe+M+AKaHUTIk1MkOTddNP79jyxJ+NhXXrgCm89fI9/vpJoshB/oyRXpiRWp3ZKIouG1xhDv9mQhgdMDYRIDM8K/t4Tc8uiSIdG3HZ0wa8acTs107grWlGK4DGnlRe2pDUOWeiyN5DGwgg1CaQBs9PmlgHqp6YtJW11ANdWxaE0bfdswgteM/W7W01hHEEMCYiV3sMoX3odS+6zheMEFjcxuOoXEQLTkuj5hQNvujibeISOR3n8Sq6WeMWmTUR+DKmLFCeiZS6KZoG/IF12fuCEcIYb2GSw4WL4epaQLWJGpqLneEJsqdg3nRvjTw9ptjdA7y8+nEufEDtuCHDkstPfbARwRM7NPC3nZu7LuclWvnJ39Qusrvi8xRQc5bSTM3D841mSps43bJCyVZzh9d8jAmwCSYptxYcRjB0Mc01fkT0K0WZAsF/ZBRmXsOLUNRZ6RzbZq25wIEXPx6d7jdafrPWZnh+n9WpdtB5chdbzAs1T6WClt/Y0VLHOi4uhGp2vh84bplY/YZc9pM0L+wvE7pz1RwEOnpPM835KezIp9yQn6ZplgoEmi6HO0g8pWVJWpJcIbskfvS+SH2grbUOnXy3Qp7NQWqCmZo2zdqXWtAm+ZndHw2Z6NCmXNKJyNs3i6pI/cnnsRrhY+/T1OO2XPBTTDlx6H7hdxqN0o08AeJ1YBlxEGkgi0qZsMmpVhOPd77RhCQw3h9s2mZDJiZBfGGVRjsMyCw1DKmNIEPm/4njvDBS0uOc8gXIYBa2q4kHisig7HWB8lQQHG8ZUxhh38QmEOe51JvUikqYCjkhiZNWSEIl/vPNsRPr48/xNbvWnoNkVD903RT53bvWQ6fVhydZPmzZziy0Bnww9OLFqcVlV/jZV8bT5DC8baEh3GOnUhnQffAibn3ydSjo+VgX4XGHVpBNTiH04CyIanIpXYbp2YUY6njgWTikXYfwauNTcxKqqnd+bahkZnQu/50gOF0kOK4OLu0qo7jRBzUsnrzSlnb3u+TJYIbvb9ydvlGj7Fmp98D8=</diagram></mxfile>
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -1,67 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
## Overview
|
||||
|
||||
<figure markdown>
|
||||
{ align=center, width="800" }
|
||||
<figcaption>Make your web services secure by default !</figcaption>
|
||||
</figure>
|
||||
|
||||
Introducing BunkerWeb, the **cutting-edge** and **open-source Web Application Firewall** (WAF) that will revolutionize your web security experience.
|
||||
|
||||
With BunkerWeb, your web services are safeguarded by default, providing you with peace of mind and enhanced protection. Powered by [NGINX](https://nginx.org/), this comprehensive web server combines advanced features seamlessly, ensuring your online assets remain secure.
|
||||
|
||||
BunkerWeb effortlessly integrates into your existing environments, whether it's [Linux](integrations.md#linux), [Docker](integrations.md#docker), [Swarm](integrations.md#swarm), [Kubernetes](integrations.md#kubernetes), or more. Its versatility allows for easy configuration to suit your specific requirements. Don't worry if you prefer a user-friendly interface—BunkerWeb offers an exceptional [web UI](web-ui.md) alongside the command-line interface (CLI), ensuring accessibility for all users.
|
||||
|
||||
Experience the transformation in cybersecurity, where complexities and obstacles are a thing of the past. With BunkerWeb, fortifying your digital assets has never been more delightful and hassle-free.
|
||||
|
||||
Furthermore, BunkerWeb boasts a comprehensive set of primary [security features](security-tuning.md) at its core. However, what sets it apart is its remarkable flexibility through an intuitive [plugin system](plugins.md). This ingenious design empowers you to effortlessly enhance BunkerWeb with additional security measures, ensuring a tailored and robust defense for your web applications.
|
||||
|
||||
By seamlessly integrating new plugins into BunkerWeb, you can customize and expand its capabilities to address specific security requirements unique to your environment. Whether you need to strengthen authentication protocols, bolster threat detection, or implement specialized security measures, BunkerWeb's [plugin system](plugins.md) grants you the freedom to fortify your web infrastructure with ease.
|
||||
|
||||
With BunkerWeb's dynamic [plugin system](plugins.md), security becomes an enjoyable journey of exploration and empowerment. Discover the endless possibilities and create a fortified web environment that perfectly aligns with your needs.
|
||||
|
||||
|
||||
## Why BunkerWeb ?
|
||||
|
||||
- **Easy integration into existing environments** : Seamlessly integrate BunkerWeb into various environments such as Linux, Docker, Swarm, Kubernetes, Ansible, Vagrant, and more. Enjoy a smooth transition and hassle-free implementation.
|
||||
|
||||
- **Highly customizable** : Tailor BunkerWeb to your specific requirements with ease. Enable, disable, and configure features effortlessly, allowing you to customize the security settings according to your unique use case.
|
||||
|
||||
- **Secure by default** : BunkerWeb provides out-of-the-box, hassle-free minimal security for your web services. Experience peace of mind and enhanced protection right from the start.
|
||||
|
||||
- **Awesome web UI** : Take control of BunkerWeb more efficiently with the exceptional web user interface (UI). Navigate settings and configurations effortlessly through a user-friendly graphical interface, eliminating the need for the command-line interface (CLI).
|
||||
|
||||
- **Plugin system** : Extend the capabilities of BunkerWeb to meet your own use cases. Seamlessly integrate additional security measures and customize the functionality of BunkerWeb according to your specific requirements.
|
||||
|
||||
- **Free as in "freedom"** : BunkerWeb is licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html), embracing the principles of freedom and openness. Enjoy the freedom to use, modify, and distribute the software, backed by a supportive community.
|
||||
|
||||
## Security features
|
||||
|
||||
Explore the impressive array of security features offered by BunkerWeb. While not exhaustive, here are some notable highlights:
|
||||
|
||||
- **HTTPS** support with transparent **Let's Encrypt** automation : Easily secure your web services with automated Let's Encrypt integration, ensuring encrypted communication between clients and your server.
|
||||
|
||||
- **State-of-the-art web security** : Benefit from cutting-edge web security measures, including comprehensive HTTP security headers, prevention of data leaks, and TLS hardening techniques.
|
||||
|
||||
- Integrated **ModSecurity WAF** with the **OWASP Core Rule Set** : Enjoy enhanced protection against web application attacks with the integration of ModSecurity, fortified by the renowned OWASP Core Rule Set.
|
||||
|
||||
- **Automatic ban** of strange behaviors based on HTTP status code : BunkerWeb intelligently identifies and blocks suspicious activities by automatically banning behaviors that trigger abnormal HTTP status codes.
|
||||
|
||||
- Apply **connections and requests limit** for clients : Set limits on the number of connections and requests from clients, preventing resource exhaustion and ensuring fair usage of server resources.
|
||||
|
||||
- **Block bots** with **challenge-based verification** : Keep malicious bots at bay by challenging them to solve puzzles such as cookies, JavaScript tests, captcha, hCaptcha, reCAPTCHA or Turnstile, effectively blocking unauthorized access.
|
||||
|
||||
- **Block known bad IPs** with external blacklists and DNSBL : Utilize external blacklists and DNS-based blackhole lists (DNSBL) to proactively block known malicious IP addresses, bolstering your defense against potential threats.
|
||||
|
||||
- **And much more...** : BunkerWeb is packed with a plethora of additional security features that go beyond this list, providing you with comprehensive protection and peace of mind.
|
||||
|
||||
To delve deeper into the core security features, we invite you to explore the [security tuning](security-tuning.md) section of the documentation. Discover how BunkerWeb empowers you to fine-tune and optimize security measures according to your specific needs.
|
||||
|
||||
## Demo
|
||||
|
||||
<p align="center">
|
||||
<iframe style="display: block;" width="560" height="315" src="https://www.youtube-nocookie.com/embed/ZhYV-QELzA4" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
</p>
|
||||
|
||||
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io). Feel free to visit it and perform some security tests.
|
||||
1244
docs/integrations.md
1244
docs/integrations.md
File diff suppressed because it is too large
Load Diff
|
|
@ -1,85 +0,0 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
from io import StringIO
|
||||
from json import loads
|
||||
from glob import glob
|
||||
from pytablewriter import MarkdownTableWriter
|
||||
|
||||
|
||||
def print_md_table(settings) -> MarkdownTableWriter:
|
||||
writer = MarkdownTableWriter(
|
||||
headers=["Setting", "Default", "Context", "Multiple", "Description"],
|
||||
value_matrix=[
|
||||
[
|
||||
f"`{setting}`",
|
||||
"" if data["default"] == "" else f"`{data['default']}`",
|
||||
data["context"],
|
||||
"no" if not "multiple" in data else "yes",
|
||||
data["help"],
|
||||
]
|
||||
for setting, data in settings.items()
|
||||
],
|
||||
)
|
||||
return writer
|
||||
|
||||
|
||||
def stream_support(support) -> str:
|
||||
md = "STREAM support "
|
||||
if support == "no":
|
||||
md += ":x:"
|
||||
elif support == "yes":
|
||||
md += ":white_check_mark:"
|
||||
else:
|
||||
md += ":warning:"
|
||||
return md
|
||||
|
||||
|
||||
doc = StringIO()
|
||||
|
||||
print("# Settings\n", file=doc)
|
||||
print(
|
||||
'!!! info "Settings generator tool"\n\n To help you tune BunkerWeb, we have made an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io).\n',
|
||||
file=doc,
|
||||
)
|
||||
print(
|
||||
"This section contains the full list of settings supported by BunkerWeb. If you are not yet familiar with BunkerWeb, you should first read the [concepts](concepts.md) section of the documentation. Please follow the instructions for your own [integration](integrations.md) on how to apply the settings.\n",
|
||||
file=doc,
|
||||
)
|
||||
print(
|
||||
"As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server, you will need to add the primary (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.\n",
|
||||
file=doc,
|
||||
)
|
||||
print(
|
||||
'When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.\n',
|
||||
file=doc,
|
||||
)
|
||||
|
||||
# Print global settings
|
||||
print("## Global settings\n", file=doc)
|
||||
print(f"\n{stream_support('partial')}\n", file=doc)
|
||||
with open("src/common/settings.json", "r") as f:
|
||||
print(print_md_table(loads(f.read())), file=doc)
|
||||
print(file=doc)
|
||||
|
||||
# Print core settings
|
||||
print("## Core settings\n", file=doc)
|
||||
core_settings = {}
|
||||
for core in glob("src/common/core/*/plugin.json"):
|
||||
with open(core, "r") as f:
|
||||
core_plugin = loads(f.read())
|
||||
if len(core_plugin["settings"]) > 0:
|
||||
core_settings[core_plugin["name"]] = core_plugin
|
||||
|
||||
for name, data in dict(sorted(core_settings.items())).items():
|
||||
print(f"### {data['name']}\n", file=doc)
|
||||
print(f"{stream_support(data['stream'])}\n", file=doc)
|
||||
print(f"{data['description']}\n", file=doc)
|
||||
print(print_md_table(data["settings"]), file=doc)
|
||||
|
||||
doc.seek(0)
|
||||
content = doc.read()
|
||||
doc = StringIO(content.replace("\\|", "|"))
|
||||
doc.seek(0)
|
||||
|
||||
with open("docs/settings.md", "w") as f:
|
||||
f.write(doc.read())
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
# Migrating from 1.4.X
|
||||
|
||||
!!! warning "Read this if you were a 1.4.X user"
|
||||
|
||||
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) folder of the repository.
|
||||
|
||||
## Scheduler
|
||||
|
||||
Back to the 1.4.X releases, jobs (like Let's Encrypt certificate generation/renewal or blacklists download) **were executed in the same container as BunkerWeb**. For the purpose of [separation of concerns](https://en.wikipedia.org/wiki/Separation_of_concerns), we decided to create a **separate service** which is now responsible for managing jobs.
|
||||
|
||||
Called **Scheduler**, this service also generates the final configuration used by BunkerWeb and acts as an intermediary between autoconf and BunkerWeb. In other words, the scheduler is the **brain of the BunkerWeb 1.5.X stack**.
|
||||
|
||||
You will find more information about the scheduler [here](concepts.md#scheduler).
|
||||
|
||||
## Database
|
||||
|
||||
BunkerWeb configuration is **no more stored in a plain file** (located at `/etc/nginx/variables.env` if you didn't know it). That's it, we now support a **fully-featured database as a backend** to store settings, cache, custom configs, ... 🥳
|
||||
|
||||
Using a real database offers many advantages :
|
||||
|
||||
- Backup of the current configuration
|
||||
- Usage with multiple services (scheduler, web UI, ...)
|
||||
- Upgrade to a new BunkerWeb version
|
||||
|
||||
Please note that we actually support, **SQLite**, **MySQL**, **MariaDB** and **PostgreSQL** as backends.
|
||||
|
||||
You will find more information about the database [here](concepts.md#database).
|
||||
|
||||
## Redis
|
||||
|
||||
When BunkerWeb 1.4.X was used in cluster mode (Swarm or Kubernetes integrations), **data were not shared among the nodes**. For example, if an attacker was banned via the "bad behavior" feature on a specific node, **he could still connect to the other nodes**.
|
||||
|
||||
Security is not the only reason to have a shared data store for clustered integrations, **caching** is also another one. We can now **store results** of time-consuming operations like (reverse) dns lookups so they are **available for other nodes**.
|
||||
|
||||
We actually support **Redis** as a backend for the shared data store.
|
||||
|
||||
See the list of [redis settings](settings.md#redis) and the corresponding documentation of your integration for more information.
|
||||
|
||||
## Default values and new settings
|
||||
|
||||
The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
const puppeteer = require('puppeteer');
|
||||
var args = process.argv.slice(2);
|
||||
var url = args[0];
|
||||
var pdfPath = args[1];
|
||||
var title = args[2];
|
||||
|
||||
console.log('Saving', url, 'to', pdfPath);
|
||||
|
||||
// date – formatted print date
|
||||
// title – document title
|
||||
// url – document location
|
||||
// pageNumber – current page number
|
||||
// totalPages – total pages in the document
|
||||
headerHtml = `
|
||||
<div style="font-size: 10px; text-align: center; width: 100%;">
|
||||
<span>${title}</span>
|
||||
</div>`;
|
||||
|
||||
footerHtml = `<div style="font-size: 10px; text-align: center; width: 100%;"><span class="pageNumber"></span> / <span class="totalPages"></span></div>`;
|
||||
|
||||
|
||||
(async() => {
|
||||
const browser = await puppeteer.launch({
|
||||
headless: true,
|
||||
executablePath: process.env.CHROME_BIN || null,
|
||||
args: ['--no-sandbox', '--headless', '--disable-gpu', '--disable-dev-shm-usage']
|
||||
});
|
||||
|
||||
const page = await browser.newPage();
|
||||
await page.goto(url, { waitUntil: 'networkidle2' });
|
||||
await page.pdf({
|
||||
path: pdfPath, // path to save pdf file
|
||||
format: 'A4', // page format
|
||||
displayHeaderFooter: true, // display header and footer (in this example, required!)
|
||||
printBackground: true, // print background
|
||||
landscape: false, // use horizontal page layout
|
||||
headerTemplate: headerHtml, // indicate html template for header
|
||||
footerTemplate: footerHtml,
|
||||
scale: 1, //Scale amount must be between 0.1 and 2
|
||||
margin: { // increase margins (in this example, required!)
|
||||
top: 80,
|
||||
bottom: 80,
|
||||
left: 30,
|
||||
right: 30
|
||||
}
|
||||
});
|
||||
|
||||
await browser.close();
|
||||
})();
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% block outdated %}
|
||||
You're not viewing the documentation of the latest version.
|
||||
<a href="{{ '../' ~ base_url }}">
|
||||
<strong>Click here to view latest.</strong>
|
||||
</a>
|
||||
{% endblock %}
|
||||
|
||||
{% block announce %}
|
||||
📢 Looking for tailored support, consulting or development for BunkerWeb ?
|
||||
Contact us at <a href="mailto:contact@bunkerity.com" style="color: #3f6ec6; text-decoration: underline">contact@bunkerity.com</a> for enterprise offers !
|
||||
{% endblock %}
|
||||
|
||||
{% block libs %}
|
||||
<script
|
||||
async
|
||||
defer
|
||||
data-domain="docs.bunkerweb.io"
|
||||
src="https://data.bunkerity.com/js/script.js"
|
||||
></script>
|
||||
{% endblock %}
|
||||
557
docs/plugins.md
557
docs/plugins.md
|
|
@ -1,557 +0,0 @@
|
|||
# Plugins
|
||||
|
||||
BunkerWeb comes with a plugin system making it possible to easily add new features. Once a plugin is installed, you can manage it using additional settings defined by the plugin.
|
||||
|
||||
## Official plugins
|
||||
|
||||
Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins) repository for more information) :
|
||||
|
||||
| Name | Version | Description | Link |
|
||||
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
|
||||
| **ClamAV** | 1.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
||||
| **Coraza** | 1.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
|
||||
| **CrowdSec** | 1.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
||||
| **Discord** | 1.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
||||
| **Slack** | 1.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
|
||||
| **VirusTotal** | 1.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
||||
| **WebHook** | 1.1 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
|
||||
|
||||
## How to use a plugin
|
||||
|
||||
### Automatic
|
||||
|
||||
If you want to quickly install external plugins, you can use the `EXTERNAL_PLUGIN_URLS` setting. It takes a list of URLs, separated with space, pointing to compressed (zip format) archive containing one or more plugin(s).
|
||||
|
||||
You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.1.zip`
|
||||
|
||||
### Manual
|
||||
|
||||
The first step is to install the plugin by putting the plugin files inside the corresponding `plugins` data folder, the procedure depends on your integration :
|
||||
|
||||
=== "Docker"
|
||||
|
||||
When using the [Docker integration](integrations.md#docker), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
The first thing to do is to create the plugins folder :
|
||||
|
||||
```shell
|
||||
mkdir -p ./bw-data/plugins
|
||||
```
|
||||
|
||||
Then, you can drop the plugins of your choice into that folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
|
||||
```
|
||||
|
||||
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
|
||||
|
||||
```shell
|
||||
chown -R 101:101 ./bw-data
|
||||
```
|
||||
|
||||
Then you can mount the volume when starting your Docker stack :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
services:
|
||||
...
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
```
|
||||
|
||||
=== "Docker autoconf"
|
||||
|
||||
When using the [Docker autoconf integration](integrations.md#docker-autoconf), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
|
||||
The first thing to do is to create the plugins folder :
|
||||
|
||||
```shell
|
||||
mkdir -p ./bw-data/plugins
|
||||
```
|
||||
|
||||
Then, you can drop the plugins of your choice into that folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
|
||||
```
|
||||
|
||||
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
|
||||
|
||||
```shell
|
||||
chown -R 101:101 ./bw-data
|
||||
```
|
||||
|
||||
Then you can mount the volume when starting your Docker stack :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
services:
|
||||
...
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
```
|
||||
|
||||
=== "Swarm"
|
||||
|
||||
When using the [Swarm integration](integrations.md#swarm), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
!!! info "Swarm volume"
|
||||
Configuring a Swarm volume that will persist when the scheduler service is running on different nodes is not covered is in this documentation. We will assume that you have a shared folder mounted on `/shared` accross all nodes.
|
||||
|
||||
The first thing to do is to create the plugins folder :
|
||||
|
||||
```shell
|
||||
mkdir -p /shared/bw-plugins
|
||||
```
|
||||
|
||||
Then, you can drop the plugins of your choice into that folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /shared/bw-plugins
|
||||
```
|
||||
|
||||
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
|
||||
|
||||
```shell
|
||||
chown -R 101:101 /shared/bw-plugins
|
||||
```
|
||||
|
||||
Then you can mount the volume when starting your Swarm stack :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
services:
|
||||
...
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.1
|
||||
volumes:
|
||||
- /shared/bw-plugins:/data/plugins
|
||||
...
|
||||
```
|
||||
|
||||
=== "Kubernetes"
|
||||
|
||||
When using the [Kubernetes integration](integrations.md#kubernetes), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
The fist thing to do is to declare a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that will contain our plugins data :
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb-plugins
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
```
|
||||
|
||||
You can now add the volume mount and an init containers to automatically provision the volume :
|
||||
|
||||
```yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.1
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
volumeMounts:
|
||||
- mountPath: "/data/plugins"
|
||||
name: vol-plugins
|
||||
initContainers:
|
||||
- name: bunkerweb-scheduler-init
|
||||
image: alpine/git
|
||||
command: ["/bin/sh", "-c"]
|
||||
args: ["git clone https://github.com/bunkerity/bunkerweb-plugins /data/plugins && chown -R 101:101 /data/plugins"]
|
||||
volumeMounts:
|
||||
- mountPath: "/data/plugins"
|
||||
name: vol-plugins
|
||||
volumes:
|
||||
- name: vol-plugins
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb-plugins
|
||||
```
|
||||
|
||||
=== "Linux"
|
||||
|
||||
When using the [Linux integration](integrations.md#linux), plugins must be written to the `/etc/bunkerweb/plugins` folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /etc/bunkerweb/plugins && \
|
||||
chown -R nginx:nginx /etc/bunkerweb/plugins
|
||||
```
|
||||
|
||||
=== "Ansible"
|
||||
|
||||
When using the [Ansible integration](integrations.md#ansible), you can use the `plugins` variable to set a local folder containing your plugins that will be copied to your BunkerWeb instances.
|
||||
|
||||
Let's assume that you have plugins inside the `bunkerweb-plugins` folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins
|
||||
```
|
||||
|
||||
In your Ansible inventory, you can use the `plugins` variable to set the path of plugins folder :
|
||||
|
||||
```ini
|
||||
[mybunkers]
|
||||
192.168.0.42 ... custom_plugins="{{ playbook_dir }}/bunkerweb-plugins"
|
||||
```
|
||||
|
||||
Or alternatively, in your playbook file :
|
||||
|
||||
```yaml
|
||||
- hosts: all
|
||||
become: true
|
||||
vars:
|
||||
- custom_plugins: "{{ playbook_dir }}/bunkerweb-plugins"
|
||||
roles:
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
||||
```shell
|
||||
ansible-playbook -i inventory.yml playbook.yml
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Vagrant integration](integrations.md#vagrant), plugins must be written to the `/etc/bunkerweb/plugins` folder (you will need to do a `vagrant ssh` first) :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /etc/bunkerweb/plugins
|
||||
```
|
||||
|
||||
## Writing a plugin
|
||||
|
||||
!!! tip "Existing plugins"
|
||||
|
||||
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
|
||||
|
||||
The first step is to create a folder that will contain the plugin :
|
||||
|
||||
```shell
|
||||
mkdir myplugin && \
|
||||
cd myplugin
|
||||
```
|
||||
|
||||
### Metadata
|
||||
|
||||
A file named **plugin.json** and written at the root of the plugin folder must contain metadata about the plugin. Here is an example :
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "myplugin",
|
||||
"name": "My Plugin",
|
||||
"description": "Just an example plugin.",
|
||||
"version": "1.0",
|
||||
"stream": "partial",
|
||||
"settings": {
|
||||
"DUMMY_SETTING": {
|
||||
"context": "multisite",
|
||||
"default": "1234",
|
||||
"help": "Here is the help of the setting.",
|
||||
"id": "dummy-id",
|
||||
"label": "Dummy setting",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
}
|
||||
},
|
||||
"jobs": [
|
||||
{
|
||||
"name": "my-job",
|
||||
"file": "my-job.py",
|
||||
"every": "hour"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Here are the details of the fields :
|
||||
|
||||
| Field | Mandatory | Type | Description |
|
||||
| :-----------: | :-------: | :----: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `id` | yes | string | Internal ID for the plugin : must be unique among other plugins (including "core" ones) and contain only lowercase chars. |
|
||||
| `name` | yes | string | Name of your plugin. |
|
||||
| `description` | yes | string | Description of your plugin. |
|
||||
| `version` | yes | string | Version of your plugin. |
|
||||
| `stream` | yes | string | Information about stream support : `no`, `yes` or `partial`.
|
||||
| `settings` | yes | dict | List of the settings of your plugin. |
|
||||
| `jobs` | no | list | List of the jobs of your plugin. |
|
||||
|
||||
Each setting has the following fields (the key is the ID of the settings used in a configuration) :
|
||||
|
||||
| Field | Mandatory | Type | Description |
|
||||
| :--------: | :-------: | :----: | :----------------------------------------------------------- |
|
||||
| `context` | yes | string | Context of the setting : `multisite` or `global`. |
|
||||
| `default` | yes | string | The default value of the setting. |
|
||||
| `help` | yes | string | Help text about the plugin (shown in web UI). |
|
||||
| `id` | yes | string | Internal ID used by the web UI for HTML elements. |
|
||||
| `label` | yes | string | Label shown by the web UI. |
|
||||
| `regex` | yes | string | The regex used to validate the value provided by the user. |
|
||||
| `type` | yes | string | The type of the field : `text`, `check`, `select` or `password`. |
|
||||
| `multiple` | no | string | Unique ID to group multiple settings with numbers as suffix. |
|
||||
| `select` | no | list | List of possible string values when `type` is `select`. |
|
||||
|
||||
Each job has the following fields :
|
||||
|
||||
| Field | Mandatory | Type | Description |
|
||||
| :-----: | :-------: | :----: | :-------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `name` | yes | string | Name of the job. |
|
||||
| `file` | yes | string | Name of the file inside the jobs folder. |
|
||||
| `every` | yes | string | Job scheduling frequency : `minute`, `hour`, `day`, `week` or `once` (no frequency, only once before (re)generating the configuration). |
|
||||
|
||||
### Configurations
|
||||
|
||||
You can add custom NGINX configurations by adding a folder named **confs** with content similar to the [custom configurations](quickstart-guide.md#custom-configurations). Each subfolder inside the **confs** will contain [jinja2](https://jinja.palletsprojects.com) templates that will be generated and loaded at the corresponding context (`http`, `server-http`, `default-server-http`, `stream` and `server-stream`).
|
||||
|
||||
Here is an example for a configuration template file inside the **confs/server-http** folder named **example.conf** :
|
||||
|
||||
```conf
|
||||
location /setting {
|
||||
default_type 'text/plain';
|
||||
content_by_lua_block {
|
||||
ngx.say('{{ DUMMY_SETTING }}')
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
`{{ DUMMY_SETTING }}` will be replaced by the value of the `DUMMY_SETTING` chosen by the user of the plugin.
|
||||
|
||||
### LUA
|
||||
|
||||
#### Main script
|
||||
|
||||
Under the hood, BunkerWeb is using the [NGINX LUA module](https://github.com/openresty/lua-nginx-module) to execute code within NGINX. Plugins that need to execute code must provide a lua file at the root directory of the plugin folder using the `id` value of **plugin.json** as its name. Here is an example named **myplugin.lua** :
|
||||
|
||||
```lua
|
||||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
|
||||
|
||||
local myplugin = class("myplugin", plugin)
|
||||
|
||||
|
||||
function myplugin:initialize()
|
||||
plugin.initialize(self, "myplugin")
|
||||
self.dummy = "dummy"
|
||||
end
|
||||
|
||||
function myplugin:init()
|
||||
self.logger:log(ngx.NOTICE, "init called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:set()
|
||||
self.logger:log(ngx.NOTICE, "set called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:access()
|
||||
self.logger:log(ngx.NOTICE, "access called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:log()
|
||||
self.logger:log(ngx.NOTICE, "log called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:log_default()
|
||||
self.logger:log(ngx.NOTICE, "log_default called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:preread()
|
||||
self.logger:log(ngx.NOTICE, "preread called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:log_stream()
|
||||
self.logger:log(ngx.NOTICE, "log_stream called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
return myplugin
|
||||
```
|
||||
|
||||
The declared functions are automatically called during specific contexts. Here are the details of each function :
|
||||
|
||||
| Function | Context | Description | Return value |
|
||||
| :------: | :--------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `init` | [init_by_lua](https://github.com/openresty/lua-nginx-module#init_by_lua) | Called when NGINX just started or received a reload order. the typical use case is to prepare any data that will be used by your plugin. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>|
|
||||
| `set` | [set_by_lua](https://github.com/openresty/lua-nginx-module#set_by_lua) | Called before each request received by the server.The typical use case is for computing before access phase. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>|
|
||||
| `access` | [access_by_lua](https://github.com/openresty/lua-nginx-module#access_by_lua) | Called on each request received by the server. The typical use case is to do the security checks here and deny the request if needed. | `ret`, `msg`,`status`,`redirect`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li><li>`status` (number) : interrupt current process and return [HTTP status](https://github.com/openresty/lua-nginx-module#http-status-constants)</li><li>`redirect` (URL) : if set will redirect to given URL</li></ul> |
|
||||
| `log` | [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua) | Called when a request has finished (and before it gets logged to the access logs). The typical use case is to make stats or compute counters for example. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
|
||||
| `log_default` | [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua) | Same as `log` but only called on the default server. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
|
||||
| `preread` | [preread_by_lua](https://github.com/openresty/stream-lua-nginx-module#preread_by_lua_block) | Similar to the `access` function but for stream mode. | `ret`, `msg`,`status`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li><li>`status` (number) : interrupt current process and return [status](https://github.com/openresty/lua-nginx-module#http-status-constants)</li></ul> |
|
||||
| `log_stream` | [log_by_lua](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Similar to the `log` function but for stream mode. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
|
||||
|
||||
#### Libraries
|
||||
|
||||
All directives from [NGINX LUA module](https://github.com/openresty/lua-nginx-module) and are available and [NGINX stream LUA module](https://github.com/openresty/stream-lua-nginx-module). On top of that, you can use the LUA libraries included within BunkerWeb : see [this script](https://github.com/bunkerity/bunkerweb/blobsrc/deps/clone.sh) for the complete list.
|
||||
|
||||
If you need additional libraries, you can put them in the root folder of the plugin and access them by prefixing them with your plugin ID. Here is an example file named **mylibrary.lua** :
|
||||
|
||||
```lua
|
||||
local _M = {}
|
||||
|
||||
_M.dummy = function ()
|
||||
return "dummy"
|
||||
end
|
||||
|
||||
return _M
|
||||
```
|
||||
|
||||
And here is how you can use it from the **myplugin.lua** file :
|
||||
|
||||
```lua
|
||||
local mylibrary = require "myplugin.mylibrary"
|
||||
|
||||
...
|
||||
|
||||
mylibrary.dummy()
|
||||
|
||||
...
|
||||
```
|
||||
|
||||
#### Helpers
|
||||
|
||||
Some helpers modules provide common helpful helpers :
|
||||
|
||||
- `self.variables` : allows to access and store plugins' attributes
|
||||
- `self.logger` : print logs
|
||||
- `bunkerweb.utils` : various useful functions
|
||||
- `bunkerweb.datastore` : access the global shared data on one instance (key/value store)
|
||||
- `bunkerweb.clusterstore` : access a Redis data store shared beetween BunkerWeb instances (key/value store)
|
||||
|
||||
To access the functions, you first need to **require** the modules :
|
||||
|
||||
```lua
|
||||
local utils = require "bunkerweb.utils"
|
||||
local datastore = require "bunkerweb.datastore"
|
||||
local clustestore = require "bunkerweb.clustertore"
|
||||
```
|
||||
|
||||
Retrieve a setting value :
|
||||
|
||||
```lua
|
||||
local myvar = self.variables["DUMMY_SETTING"]
|
||||
if not myvar then
|
||||
self.logger:log(ngx.ERR, "can't retrieve setting DUMMY_SETTING")
|
||||
else
|
||||
self.logger:log(ngx.NOTICE, "DUMMY_SETTING = " .. value)
|
||||
end
|
||||
```
|
||||
|
||||
Store something in the local cache :
|
||||
|
||||
```lua
|
||||
local ok, err = self.datastore:set("plugin_myplugin_something", "somevalue")
|
||||
if not ok then
|
||||
self.logger:log(ngx.ERR, "can't save plugin_myplugin_something into datastore : " .. err)
|
||||
else
|
||||
self.logger:log(ngx.NOTICE, "successfully saved plugin_myplugin_something into datastore")
|
||||
end
|
||||
```
|
||||
|
||||
Check if an IP address is global :
|
||||
|
||||
```lua
|
||||
local ret, err = utils.ip_is_global(ngx.ctx.bw.remote_addr)
|
||||
if ret == nil then
|
||||
self.logger:log(ngx.ERR, "error while checking if IP " .. ngx.ctx.bw.remote_addr .. " is global or not : " .. err)
|
||||
elseif not ret then
|
||||
self.logger:log(ngx.NOTICE, "IP " .. ngx.ctx.bw.remote_addr .. " is not global")
|
||||
else
|
||||
self.logger:log(ngx.NOTICE, "IP " .. ngx.ctx.bw.remote_addr .. " is global")
|
||||
end
|
||||
```
|
||||
|
||||
!!! tip "More examples"
|
||||
|
||||
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/src/bw/lua/bunkerweb) of the repository.
|
||||
|
||||
### Jobs
|
||||
|
||||
BunkerWeb uses an internal job scheduler for periodic tasks like renewing certificates with certbot, downloading blacklists, downloading MMDB files, ... You can add tasks of your choice by putting them inside a subfolder named **jobs** and listing them in the **plugin.json** metadata file. Don't forget to add the execution permissions for everyone to avoid any problems when a user is cloning and installing your plugin.
|
||||
|
||||
### Plugin page
|
||||
|
||||
Plugin pages are used to display information about your plugin and interact with the user inside the plugins section of the [web UI](web-ui.md).
|
||||
|
||||
Everything related to the web UI is located inside a subfolder named **ui** at the root directory of your plugin. A template file named **template.html** and located inside the **ui** subfolder contains the client code and logic to display your page. Another file named **actions.py** and also located inside the **ui** subfolder contains code that will be executed when the user is interacting with your page (filling a form for example).
|
||||
|
||||
!!! info "Jinja 2 template"
|
||||
The **template.html** file is a Jinja2 template, please refer to the [Jinja2 documentation](https://jinja.palletsprojects.com) if needed.
|
||||
|
||||
A plugin page can have a form that is used to submit data to the plugin. To get the values of the form, you need to put a **actions.py** file in the **ui** folder. Inside the file, **you must define a function that has the same name as the plugin**. This function will be called when the form is submitted. You can then use the **request** object (from the [Flask library](https://flask.palletsprojects.com)) to get the values of the form. The form's action must finish with **/plugins/<*plugin_id*>**. The helper function `url_for` will generate for you the prefix of the URL : `{{ url_for('plugins') }}/plugin_id`.
|
||||
|
||||
If you want to display variables generated from your **actions.py** in your template file, you can return a dictionary with variables name as keys and variables value as values. Here is dummy example where we return a single variable :
|
||||
|
||||
```python
|
||||
def myplugin() :
|
||||
return {"foo": "bar"}
|
||||
```
|
||||
|
||||
And we display it in the **template.html** file :
|
||||
```html
|
||||
{% if foo %}
|
||||
Content of foo is : {{ foo }}.
|
||||
{% endif %}
|
||||
```
|
||||
|
||||
Please note that every form submission is protected via a CSRF token, you will need to include the following snippet into your forms :
|
||||
```html
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
|
||||
```
|
||||
|
||||
Retrieving user submitted data is pretty simple, thanks to the request module provided by Flask :
|
||||
|
||||
```python
|
||||
from flask import request
|
||||
|
||||
def myplugin() :
|
||||
my_form_value = request.form["my_form_input"]
|
||||
```
|
||||
|
||||
!!! info "Python libraries"
|
||||
You can use Python libraries that are already available like :
|
||||
`Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blobsrc/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue