mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-16 07:56:12 +03:00
Fix phases execution
This commit is contained in:
Felipe Zimmerle
parent
8255ce86ca
commit
0087a602f1
@ -43,16 +43,15 @@ Phase::Phase(std::string action)
|
|||||||
} catch (...) {
|
} catch (...) {
|
||||||
this->phase = 0;
|
this->phase = 0;
|
||||||
if (tolower(a) == "request") {
|
if (tolower(a) == "request") {
|
||||||
this->phase = this->phase +
|
this->phase = ModSecurity::Phases::RequestHeadersPhase;
|
||||||
ModSecurity::Phases::RequestHeadersPhase;
|
|
||||||
m_secRulesPhase = 2;
|
m_secRulesPhase = 2;
|
||||||
}
|
}
|
||||||
if (tolower(a) == "response") {
|
if (tolower(a) == "response") {
|
||||||
this->phase = this->phase + ModSecurity::Phases::ResponseBodyPhase;
|
this->phase = ModSecurity::Phases::ResponseBodyPhase;
|
||||||
m_secRulesPhase = 4;
|
m_secRulesPhase = 4;
|
||||||
}
|
}
|
||||||
if (tolower(a) == "logging") {
|
if (tolower(a) == "logging") {
|
||||||
this->phase = this->phase + ModSecurity::Phases::LoggingPhase;
|
this->phase = ModSecurity::Phases::LoggingPhase;
|
||||||
m_secRulesPhase = 5;
|
m_secRulesPhase = 5;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -60,17 +59,17 @@ Phase::Phase(std::string action)
|
|||||||
if (this->phase == 0) {
|
if (this->phase == 0) {
|
||||||
/* Phase 0 is something new, we want to use as ConnectionPhase */
|
/* Phase 0 is something new, we want to use as ConnectionPhase */
|
||||||
this->phase = ModSecurity::Phases::ConnectionPhase;
|
this->phase = ModSecurity::Phases::ConnectionPhase;
|
||||||
m_secRulesPhase = 2;
|
m_secRulesPhase = 1;
|
||||||
} else {
|
} else {
|
||||||
/* Otherwise we want to shift the rule to the correct phase */
|
/* Otherwise we want to shift the rule to the correct phase */
|
||||||
m_secRulesPhase = phase;
|
m_secRulesPhase = phase;
|
||||||
this->phase = phase + ModSecurity::Phases::RequestHeadersPhase - 1;
|
this->phase = phase + 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool Phase::init(std::string *error) {
|
bool Phase::init(std::string *error) {
|
||||||
if (phase >= ModSecurity::Phases::NUMBER_OF_PHASES) {
|
if (phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
|
||||||
error->assign("Unknown phase: " + std::to_string(phase));
|
error->assign("Unknown phase: " + std::to_string(phase));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -50,7 +50,7 @@ int Driver::addSecMarker(std::string marker) {
|
|||||||
|
|
||||||
|
|
||||||
int Driver::addSecAction(Rule *rule) {
|
int Driver::addSecAction(Rule *rule) {
|
||||||
if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) {
|
if (rule->phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
|
||||||
parserError << "Unknown phase: " << std::to_string(rule->phase);
|
parserError << "Unknown phase: " << std::to_string(rule->phase);
|
||||||
parserError << std::endl;
|
parserError << std::endl;
|
||||||
return false;
|
return false;
|
||||||
@ -62,7 +62,7 @@ int Driver::addSecAction(Rule *rule) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int Driver::addSecRule(Rule *rule) {
|
int Driver::addSecRule(Rule *rule) {
|
||||||
if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) {
|
if (rule->phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
|
||||||
parserError << "Unknown phase: " << std::to_string(rule->phase);
|
parserError << "Unknown phase: " << std::to_string(rule->phase);
|
||||||
parserError << std::endl;
|
parserError << std::endl;
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@ -134,7 +134,7 @@
|
|||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecDebugLog \/tmp\/modsec_debug.log",
|
"SecDebugLog \/tmp\/modsec_debug.log",
|
||||||
"SecDebugLogLevel 9",
|
"SecDebugLogLevel 9",
|
||||||
"SecRule ARGS \"@rx (value1)\" \"id:1,phase:2,pass,t:trim\""
|
"SecRule ARGS \"@rx (value1)\" \"id:1,phase:3,pass,t:trim\""
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -180,7 +180,7 @@
|
|||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecDebugLog \/tmp\/modsec_debug.log",
|
"SecDebugLog \/tmp\/modsec_debug.log",
|
||||||
"SecDebugLogLevel 9",
|
"SecDebugLogLevel 9",
|
||||||
"SecRule ARGS \"@rx (value1)\" \"id:'1',phase:2,pass,t:trim\""
|
"SecRule ARGS \"@rx (value1)\" \"id:'1',phase:3,pass,t:trim\""
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
@ -249,7 +249,7 @@
|
|||||||
"enabled": 1,
|
"enabled": 1,
|
||||||
"version_min": 300000,
|
"version_min": 300000,
|
||||||
"version_max": 0,
|
"version_max": 0,
|
||||||
"title": "actions :: phase:1,trim,status:500,deny",
|
"title": "actions :: phase:2,trim,status:500,deny",
|
||||||
"client": {
|
"client": {
|
||||||
"ip": "200.249.12.31",
|
"ip": "200.249.12.31",
|
||||||
"port": 2313
|
"port": 2313
|
||||||
@ -303,7 +303,7 @@
|
|||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecDebugLog \/tmp\/modsec_debug.log",
|
"SecDebugLog \/tmp\/modsec_debug.log",
|
||||||
"SecDebugLogLevel 9",
|
"SecDebugLogLevel 9",
|
||||||
"SecRule ARGS \"@contains test\" \"id:1,phase:1,t:trim,status:500,deny\""
|
"SecRule ARGS \"@contains test\" \"id:1,phase:2,t:trim,status:500,deny\""
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user