2016-08-05 |
Roland Häder | Also block request methods such as CONNECT as they... |
tree | commitdiff |
2016-07-28 |
Roland Häder | Also __CALLBACKPARAM needs blocking |
tree | commitdiff |
2016-07-28 |
Roland Häder | Checking against GET parameters is for the user-agent... |
tree | commitdiff |
2016-07-28 |
Roland Häder | Only for testing purposes the string is being sanitized... |
tree | commitdiff |
2016-07-28 |
Roland Häder | Renaming season has started: |
tree | commitdiff |
2016-07-28 |
Roland Häder | Sanitize request strings (also serialized POST data... |
tree | commitdiff |
2016-07-28 |
Roland Häder | Continued: |
tree | commitdiff |
2016-07-28 |
Roland Häder | Continued improving: |
tree | commitdiff |
2016-07-27 |
Roland Häder | Updated a lot: |
tree | commitdiff |
2016-07-26 |
Roland Häder | Index on count column to improve SUM queries |
tree | commitdiff |
2016-07-26 |
Roland Häder | This column should be after remote_addr to have both... |
tree | commitdiff |
2016-07-25 |
Roland Häder | Added MySQL internal-use-only function |
tree | commitdiff |
2016-07-25 |
Roland Häder | Also log request method |
tree | commitdiff |
2016-07-20 |
Roland Häder | One to much ... |
tree | commitdiff |
2016-07-20 |
Roland Häder | More PHP function calls (I don't like such RPCs) blocked |
tree | commitdiff |
2015-09-12 |
Roland Haeder | Rewrote to MySQLi |
tree | commitdiff |
2014-11-03 |
Roland Häder | Fixed |
tree | commitdiff |
2014-11-01 |
Roland Haeder | Added proc/self/environ |
tree | commitdiff |
2014-11-01 |
Roland Haeder | Added 'safe_mode' (php.ini setting). |
tree | commitdiff |
2014-11-01 |
Roland Haeder | Don't continue if the cookie has been set + ticket... |
tree | commitdiff |
2013-10-18 |
Roland Haeder | Added some php.ini settings to block |
tree | commitdiff |
2013-08-12 |
Roland Haeder | Opps, did forget the fetch :( |
tree | commitdiff |
2013-08-12 |
Roland Haeder | No more ORDER BY required, cool. |
tree | commitdiff |
2013-08-12 |
Roland Haeder | Added index + optimized query |
tree | commitdiff |
2013-08-11 |
Roland Haeder | Reverted removal, maybe now working? |
tree | commitdiff |
2013-08-11 |
Roland Haeder | Opps :( |
tree | commitdiff |
2013-08-11 |
Roland Haeder | :( Not good enough |
tree | commitdiff |
2013-08-11 |
Roland Haeder | Added logging/detection of proxy IP address |
tree | commitdiff |
2013-08-11 |
Roland Haeder | server_name and script_name can now be NULL and set... |
tree | commitdiff |
2013-08-09 |
Roland Haeder | %20 was to much here |
tree | commitdiff |
2013-07-26 |
Roland Haeder | Just '/group' was to restrictive (e.g. breaks StatusNet) |
tree | commitdiff |
2013-07-20 |
Roland Haeder | Fix for parser error :( |
tree | commitdiff |
2013-07-20 |
Roland Haeder | Resorted almost all pattern checks + used more single... |
tree | commitdiff |
2013-07-20 |
Roland Haeder | Wrappers like data://, tcp:// et cetera now blacklisted |
tree | commitdiff |
2013-07-20 |
Roland Haeder | Use constants instead of keywords |
tree | commitdiff |
2013-07-18 |
Roland Haeder | Fixes (opps) for bad check, blocked all |
tree | commitdiff |
2013-07-18 |
Roland Haeder | Experimental commit: |
tree | commitdiff |
2013-06-04 |
Roland Haeder | Excluded secure_session=1 from mantis |
tree | commitdiff |
2013-04-18 |
Roland Haeder | Now use str_ireplace() |
tree | commitdiff |
2013-03-30 |
Roland Haeder | Better use this? |
tree | commitdiff |
2013-03-11 |
Roland Haeder | Extended is correct |
tree | commitdiff |
2013-02-26 |
Roland Haeder | Remove even more |
tree | commitdiff |
2013-02-26 |
Roland Haeder | unsetCtrackerData() introduced |
tree | commitdiff |
2012-12-20 |
Roland Haeder | Docu updated, detection array resorted a little |
tree | commitdiff |
2012-10-24 |
Roland Haeder | Blocked also %27 (') |
tree | commitdiff |
2012-10-24 |
Roland Haeder | Detection of attempt of SQL injections added |
tree | commitdiff |
2012-09-29 |
Roland Haeder | Taken care of possible missing elements |
tree | commitdiff |
2011-09-27 |
Roland Haeder | 'cmd=' broke to many legtime requests, cmd.exe should... |
tree | commitdiff |
2011-09-14 |
Roland Haeder | .pl harms also legitime requests |
tree | commitdiff |
2011-08-27 |
Roland Haeder | Now all forms of '0x' are detected |
tree | commitdiff |
2011-08-27 |
Roland Haeder | DOCUMENT_ROOT and _SERVER added (avoid these things... |
tree | commitdiff |
2011-07-29 |
Roland Haeder | Block also these |
tree | commitdiff |
2011-07-29 |
Roland Haeder | init also this |
tree | commitdiff |
2011-07-29 |
Roland Haeder | Fix for missing 'ctracker_post_track' |
tree | commitdiff |
2011-06-24 |
Roland Haeder | Detection of hexa-decimal encoded (0xXXXXX) strings... |
tree | commitdiff |
2011-04-10 |
Roland Haeder | Duplicate entries removed, typo fixed |
tree | commitdiff |
2011-03-06 |
Roland Haeder | Copyright updated |
tree | commitdiff |
2011-03-06 |
Roland Haeder | Some obsolete comment removed |
tree | commitdiff |
2011-02-09 |
Roland Haeder | Fixed error reporting for debug mode |
tree | commitdiff |
2010-10-05 |
Roland Haeder | Configuration entry 'ctracker_debug' renamed to 'ctrack... |
tree | commitdiff |
2010-09-23 |
Roland Haeder | Some code blocks moved, detection of '..//' added,... |
tree | commitdiff |
2010-08-20 |
Roland Haeder | 'Based on' added, /proc/ will now be detected, do not... |
tree | commitdiff |
2010-07-18 |
Roland Haeder | Fixes for missing config if no database link is provided |
tree | commitdiff |
2010-07-08 |
Roland Haeder | Updated to allow database-less operation |
tree | commitdiff |
2010-06-20 |
Roland Haeder | Renamed |
tree | commitdiff |
2010-05-16 |
Roland Haeder | Log of first attempt fixed |
tree | commitdiff |
2010-05-16 |
Roland Haeder | Fix |
tree | commitdiff |
2010-05-15 |
Roland Haeder | This should also not be used in URLs |
tree | commitdiff |
2010-05-11 |
Roland Haeder | Missing form elements handled |
tree | commitdiff |
2010-05-11 |
Roland Häder | Fix #4 from root... |
tree | commitdiff |
2010-05-11 |
Roland Haeder | Fix #3 |
tree | commitdiff |
2010-05-11 |
Roland Haeder | Fix #2 |
tree | commitdiff |
2010-05-11 |
Roland Haeder | Fixes... :( |
tree | commitdiff |
2010-05-11 |
Roland Haeder | Complete rewrite: |
tree | commitdiff |
2010-05-04 |
Roland Haeder | Added more flexible options |
tree | commitdiff |
2010-01-07 |
Roland Haeder | Renamed to bypass naming conflicts |
tree | commitdiff |
2010-01-05 |
Roland Haeder | Now detects proxy usage |
tree | commitdiff |
2009-12-31 |
Roland Haeder | Mails updated |
tree | commitdiff |
2009-12-31 |
Roland Haeder | A lot spaces removed, array with server_name extended... |
tree | commitdiff |
2009-12-31 |
Roland Haeder | Unmodified GET data (query string) added |
tree | commitdiff |
2009-12-31 |
Roland Haeder | Fix for warning |
tree | commitdiff |
2009-12-31 |
Roland Haeder | Some nice improvements: |
tree | commitdiff |
2009-12-31 |
Roland Haeder | First implemenation |
tree | commitdiff |
|