From 019edfa1a9bff0e3fca5dd7806b3ab7781e465c9 Mon Sep 17 00:00:00 2001
From: Barry Pollard <barry_pollard@hotmail.com>
Date: Sat, 21 Jan 2017 17:10:54 +0000
Subject: [PATCH] This is a fix for #992 to allow drop to work with mod_http2

---
 apache2/mod_security2.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index c6da6060..2ca93143 100644
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -265,8 +265,18 @@ int perform_interception(modsec_rec *msr) {
             #if !defined(WIN32) && !defined(VERSION_NGINX)
             {
                 extern module core_module;
-                apr_socket_t *csd = ap_get_module_config(msr->r->connection->conn_config,
-                    &core_module);
+                apr_socket_t *csd;
+
+                /* For mod_http2 used by HTTP/2 there is a virtual connection so must go through
+                 * master to get the main connection or the drop request doesn't seem to do anything.
+                 * For HTTP/1.1 master will not be defined so just go through normal connection.
+                 * More details here: https://github.com/icing/mod_h2/issues/127
+                 */
+                if (msr->r->connection->master) {
+                    csd = ap_get_module_config(msr->r->connection->master->conn_config, &core_module);
+                } else {
+                    csd = ap_get_module_config(msr->r->connection->conn_config, &core_module);
+                }
 
                 if (csd) {
                     if (apr_socket_close(csd) == APR_SUCCESS) {