From 05b8934eaf57a032f9d41e7bc2ecaf789b48ae00 Mon Sep 17 00:00:00 2001 From: brectanus Date: Wed, 17 Oct 2007 23:21:33 +0000 Subject: [PATCH] Update version/date in docs. --- CHANGES | 5 +++++ apache2/apache2_io.c | 5 +++++ apache2/mod_security2.c | 29 ++++++++++++++------------- apache2/modsecurity.h | 2 +- doc/modsecurity2-apache-reference.xml | 4 ++-- 5 files changed, 28 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index ef868af1..837c8a70 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +17 Oct 2007 - 2.1.4-rc2 +----------------------- + + * Do not process subrequests in phase 2-4, but do hand off the request data. + 15 Oct 2007 - 2.1.4-rc1 ----------------------- diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index e6e9855d..45cf8e15 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -40,6 +40,11 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, msr->r = f->r; + if (msr->phase < PHASE_REQUEST_BODY) { + msr_log(msr, 1, "Internal error: REQUEST_BODY phase incomplete for input filter in phase %d", msr->phase); + return APR_EGENERAL; + } + if ((msr->if_status == IF_STATUS_COMPLETE)||(msr->if_status == IF_STATUS_NONE)) { if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Input filter: Input forwarding already complete, skipping (f %x, r %x).", f, f->r); diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index 05185e24..e3cdb809 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -860,17 +860,27 @@ static int hook_log_transaction(request_rec *r) { static void hook_insert_filter(request_rec *r) { modsec_rec *msr = NULL; - /* This function needs to run only once per transaction + /* Find the transaction context first. */ + msr = retrieve_tx_context(r); + if (msr == NULL) return; + + /* Add the input filter, but only if we need it to run. */ + if (msr->if_status == IF_STATUS_WANTS_TO_RUN) { + if (msr->txcfg->debuglog_level >= 4) { + msr_log(msr, 4, "Hook insert_filter: Adding input forwarding filter %s(r %x).", (((r->main != NULL)||(r->prev != NULL)) ? "for subrequest " : ""), r); + } + + ap_add_input_filter("MODSECURITY_IN", msr, r, r->connection); + } + + + /* The output filters only need to be added only once per transaction * (i.e. subrequests and redirects are excluded). */ if ((r->main != NULL)||(r->prev != NULL)) { return; } - /* Find the transaction context first. */ - msr = retrieve_tx_context(r); - if (msr == NULL) return; - /* Only proceed to add the filter if the engine is enabled. */ if (msr->txcfg->is_enabled == 0) { if (msr->txcfg->debuglog_level >= 4) { @@ -880,15 +890,6 @@ static void hook_insert_filter(request_rec *r) { return; } - /* Add the input filter, but only if we need it to run. */ - if (msr->if_status == IF_STATUS_WANTS_TO_RUN) { - if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Hook insert_filter: Adding input forwarding filter (r %x).", r); - } - - ap_add_input_filter("MODSECURITY_IN", msr, r, r->connection); - } - /* We always add the output filter because that's where we need to * initiate our 3rd and 4th processing phases from. The filter is * smart enough not to buffer the data if it is not supposed to. diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index af33f772..f3b1ba3a 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -48,7 +48,7 @@ typedef struct msc_string msc_string; #include "http_protocol.h" #define MODULE_NAME "ModSecurity" -#define MODULE_RELEASE "2.1.4-rc1" +#define MODULE_RELEASE "2.1.4-rc2" #define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)") #define PHASE_REQUEST_HEADERS 1 diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index b66f21dc..d43099b4 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -3,7 +3,7 @@ ModSecurity Reference Manual - Version 2.1.4-rc1 / (October 15, 2007) + Version 2.1.4-rc2 / (October 17, 2007) 2004-2007 @@ -4429,4 +4429,4 @@ SecRule XML "@validateSchema /path/to/apache2/conf/xml.xsd - \ No newline at end of file +