Improved build script

2025-08-14 05:45:59 +03:00 · 2013-03-31 15:24:45 +08:00 · 2013-03-31 15:24:45 +08:00 · 088c660d58
commit 088c660d58
parent ca78eba855
6 changed files with 183 additions and 127 deletions
--- a/build/find_apr.m4
+++ b/build/find_apr.m4
@ -11,7 +11,8 @@ APR_CFLAGS=""
 APR_CPPFLAGS=""
 APR_LDFLAGS=""
 APR_LDADD=""
-
+APR_INCLUDEDIR=""
 APR_LINKLD=""
 AC_DEFUN([CHECK_APR],
 [dnl
@ -63,6 +64,10 @@ if test -n "${apr_path}"; then
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDFLAGS: $APR_LDFLAGS); fi
    APR_LDADD="`${APR_CONFIG} --link-libtool`"
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDADD: $APR_LDADD); fi
    APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr INCLUDEDIR: $APR_INCLUDEDIR); fi
    APR_LINKLD="`${APR_CONFIG} --link-ld`"
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LINKLD: $APR_LINKLD); fi
 else
    AC_MSG_RESULT([no])
 fi
@ -73,6 +78,8 @@ AC_SUBST(APR_CFLAGS)
 AC_SUBST(APR_CPPFLAGS)
 AC_SUBST(APR_LDFLAGS)
 AC_SUBST(APR_LDADD)
 AC_SUBST(APR_INCLUDEDIR)
 AC_SUBST(APR_LINKLD)
 if test -z "${APR_VERSION}"; then
    AC_MSG_NOTICE([*** apr library not found.])
--- a/build/find_apu.m4
+++ b/build/find_apu.m4
@ -10,6 +10,8 @@ APU_CONFIG=""
 APU_CFLAGS=""
 APU_LDFLAGS=""
 APU_LDADD=""
 APU_INCLUDEDIR=""
 APU_LINKLD=""
 AC_DEFUN([CHECK_APU],
 [dnl
@ -18,7 +20,7 @@ AC_ARG_WITH(
    apu,
    [AC_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])],
    [test_paths="${with_apu}"],
-    [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"])
+    [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"])
 AC_MSG_CHECKING([for libapu config script])
@ -60,6 +62,10 @@ if test -n "${apu_path}"; then
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
    APU_LDADD="`${APU_CONFIG} --link-libtool`"
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi
    APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu INCLUDEDIR: $APU_INCLUDEDIR); fi
    APU_LINKLD="`${APU_CONFIG} --link-ld`"
    if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LINKLD: $APU_LINKLD); fi
 else
    AC_MSG_RESULT([no])
 fi
@ -69,6 +75,8 @@ AC_SUBST(APU_VERSION)
 AC_SUBST(APU_CFLAGS)
 AC_SUBST(APU_LDFLAGS)
 AC_SUBST(APU_LDADD)
 AC_SUBST(APU_INCLUDEDIR)
 AC_SUBST(APU_LINKLD)
 if test -z "${APU_VERSION}"; then
    AC_MSG_NOTICE([*** apu library not found.])
--- a/nginx/modsecurity/config
+++ b/nginx/modsecurity/config
@ -3,5 +3,5 @@ CORE_MODULES="$CORE_MODULES ngx_pool_context_module"
 HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES"
 NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c"
 NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h"
-CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm "
+CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -L/usr/local/apr/lib -lapr-1  -L/usr/local/apr/lib -laprutil-1 -lpcre -lxml2 -lz -lm -ldl  "
-CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 "
+CORE_INCS="$CORE_INCS $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2  /usr/local/apache2/include /usr/local/apr/include/apr-1 /usr/local/apr/include/apr-1"
--- a/standalone/Makefile.am
+++ b/standalone/Makefile.am
@ -72,6 +72,10 @@ standalone_la_LDFLAGS = -no-undefined -module -avoid-version \
                           @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
 endif
 standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *\([^ ]*\) /\1 /gp'` \ 
 				@APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@
 standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \
             @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@
 install-exec-hook: $(pkglib_LTLIBRARIES)
 	@echo "Creating Nginx config file..."; \
 	rm -f ../nginx/modsecurity/config; \
@ -80,8 +84,8 @@ install-exec-hook: $(pkglib_LTLIBRARIES)
 	echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \
 	echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\
 	echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \
-	echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \
+	echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \
-	echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \
+	echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \
 	echo "Removing unused static libraries..."; \
 	for m in $(pkglib_LTLIBRARIES); do \
 	  base=`echo $$m | sed 's/\..*//'`; \
--- a/standalone/Makefile.in
+++ b/standalone/Makefile.in
@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# Makefile.in generated by automake 1.12.2 from Makefile.am.
 # @configure_input@
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+
 # Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@ -51,7 +50,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = standalone
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/build/depcomp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/build/find_apr.m4 \
 	$(top_srcdir)/build/find_apu.m4 \
@ -149,13 +149,17 @@ AMTAR = @AMTAR@
 APR_CFLAGS = @APR_CFLAGS@
 APR_CONFIG = @APR_CONFIG@
 APR_CPPFLAGS = @APR_CPPFLAGS@
 APR_INCLUDEDIR = @APR_INCLUDEDIR@
 APR_LDADD = @APR_LDADD@
 APR_LDFLAGS = @APR_LDFLAGS@
 APR_LINKLD = @APR_LINKLD@
 APR_VERSION = @APR_VERSION@
 APU_CFLAGS = @APU_CFLAGS@
 APU_CONFIG = @APU_CONFIG@
 APU_INCLUDEDIR = @APU_INCLUDEDIR@
 APU_LDADD = @APU_LDADD@
 APU_LDFLAGS = @APU_LDFLAGS@
 APU_LINKLD = @APU_LINKLD@
 APU_VERSION = @APU_VERSION@
 APXS = @APXS@
 APXS_BINDIR = @APXS_BINDIR@
@ -381,6 +385,12 @@ standalone_la_LIBADD = @APR_LDADD@ @APU_LDADD@ @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA
@SOLARIS_TRUE@                           @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \
@SOLARIS_TRUE@                           @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
 standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *\([^ ]*\) /\1 /gp'` \
 				@APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@
 standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \
             @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@
 all: all-am
 .SUFFIXES:
@ -441,12 +451,14 @@ uninstall-pkglibLTLIBRARIES:
 clean-pkglibLTLIBRARIES:
 	-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
-	@list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \
+	@list='$(pkglib_LTLIBRARIES)'; \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	locs=`for p in $$list; do echo $$p; done | \
-	  test "$$dir" != "$$p" || dir=.; \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	  echo "rm -f \"$${dir}/so_locations\""; \
+	      sort -u`; \
-	  rm -f "$${dir}/so_locations"; \
+	test -z "$$locs" || { \
-	done
+	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
 standalone.la: $(standalone_la_OBJECTS) $(standalone_la_DEPENDENCIES) $(EXTRA_standalone_la_DEPENDENCIES) 
 	$(standalone_la_LINK) -rpath $(pkglibdir) $(standalone_la_OBJECTS) $(standalone_la_LIBADD) $(LIBS)
@ -797,6 +809,20 @@ GTAGS:
 	  && $(am__cd) $(top_srcdir) \
 	  && gtags -i $(GTAGS_ARGS) "$$here"
 cscopelist:  $(HEADERS) $(SOURCES) $(LISP)
 	list='$(SOURCES) $(HEADERS) $(LISP)'; \
 	case "$(srcdir)" in \
 	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
 	  *) sdir=$(subdir)/$(srcdir) ;; \
 	esac; \
 	for i in $$list; do \
 	  if test -f "$$i"; then \
 	    echo "$(subdir)/$$i"; \
 	  else \
 	    echo "$$sdir/$$i"; \
 	  fi; \
 	done >> $(top_builddir)/cscope.files
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@ -942,32 +968,30 @@ uninstall-am: uninstall-pkglibLTLIBRARIES
 .MAKE: install-am install-exec-am install-strip
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pkglibLTLIBRARIES ctags distclean \
+	clean-libtool clean-pkglibLTLIBRARIES cscopelist ctags \
-	distclean-compile distclean-generic distclean-libtool \
+	distclean distclean-compile distclean-generic \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	install install-am install-data install-data-am install-dvi \
+	html-am info info-am install install-am install-data \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-data-am install-dvi install-dvi-am install-exec \
-	install-html install-html-am install-info install-info-am \
+	install-exec-am install-exec-hook install-html install-html-am \
-	install-man install-pdf install-pdf-am \
+	install-info install-info-am install-man install-pdf \
-	install-pkglibLTLIBRARIES install-ps install-ps-am \
+	install-pdf-am install-pkglibLTLIBRARIES install-ps \
-	install-strip installcheck installcheck-am installdirs \
+	install-ps-am install-strip installcheck installcheck-am \
-	maintainer-clean maintainer-clean-generic mostlyclean \
+	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-pkglibLTLIBRARIES
+	uninstall-am uninstall-pkglibLTLIBRARIES
 install-exec-hook: $(pkglib_LTLIBRARIES)
 	@echo "Creating Nginx config file..."; \
 	rm -f ../nginx/modsecurity/config; \
 	echo "ngx_addon_name=ngx_http_modsecurity" >> ../nginx/modsecurity/config; \
-	echo "# HTTP_MODULES=\"\$$HTTP_MODULES ngx_http_modsecurity\"" >> ../nginx/modsecurity/config; \
+	echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \
-	echo "HTTP_HEADERS_FILTER_MODULE=\"ngx_http_modsecurity \$$HTTP_HEADERS_FILTER_MODULE\"" >> ../nginx/modsecurity/config; \
+	echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \
-	echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c\"" >> ../nginx/modsecurity/config;\
+	echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\
-	echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS\"" >> ../nginx/modsecurity/config; \
+	echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \
-	echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \
+	echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \
-	echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \
+	echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \
 	echo "have=REQUEST_EARLY . auto/have" >> ../nginx/modsecurity/config;\
 	echo "Removing unused static libraries..."; \
 	for m in $(pkglib_LTLIBRARIES); do \
 	  base=`echo $$m | sed 's/\..*//'`; \
--- a/standalone/api.c
+++ b/standalone/api.c
@ -223,43 +223,13 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
 }
 apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b)  {
    modsec_rec *msr = (modsec_rec *)f->ctx;
    apr_status_t rc;
-    apr_bucket_brigade *bb_out;
+    apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx;
    bb_out = modsecGetResponseBrigade(f->r);
    if (bb_out) {
    APR_BRIGADE_CONCAT(bb_out, b);
    return APR_SUCCESS;
 }
    // is there a way to tell whether the response body was modified or not?
    //
    if((msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0)
            && msr->txcfg->resbody_access)   {
        if (modsecWriteResponse != NULL) {
            char *data = NULL;
            apr_size_t length;
            rc = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp);
            if (rc != APR_SUCCESS) {
                msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", rc,
                        get_apr_error(msr->mp, rc));
                return -1;
            }
            /* TODO: return ?*/
            modsecWriteResponse(msr->r, data, msr->stream_output_length);
        }
    }
    return APR_SUCCESS;
 }
 void modsecTerminate()  {
    apr_pool_destroy(pool);
    pool = NULL;
@ -551,74 +521,117 @@ int modsecIsResponseBodyAccessEnabled(request_rec *r)
 }
 int modsecProcessResponse(request_rec *r)   {
-    int status = DECLINED;
+    int status;
    modsec_rec *msr;
    apr_bucket *e;
    ap_filter_t *f;
    apr_bucket_brigade *bb_in, *bb_out, *bb;
-    if(r->output_filters != NULL)   {
+    if(r->output_filters == NULL) {
-        modsec_rec *msr = (modsec_rec *)r->output_filters->ctx;
+        return DECLINED;
-        char buf[8192];
+    }
        char *tmp = NULL;
        apr_bucket *e = NULL;
        unsigned int readcnt = 0;
        int is_eos = 0;
        ap_filter_t *f = NULL;
        apr_bucket_brigade *bb_in, *bb = NULL;
    msr = (modsec_rec *)r->output_filters->ctx;
    if (msr == NULL) {
        ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
                "ModSecurity: Internal Error: msr is null in output filter.");
        ap_remove_output_filter(r->output_filters);
            return send_error_bucket(msr, r->output_filters, HTTP_INTERNAL_SERVER_ERROR);
        }
        bb = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
        if (bb == NULL) {
            msr_log(msr, 1, "Process response: Failed to create brigade.");
        return APR_EGENERAL;
    }
    msr->r = r;
-        bb_in = modsecGetResponseBrigade(r);
+    /* create input response brigade */
    bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
-        if (bb_in != NULL) {
+    if (bb_in == NULL) {
-            APR_BRIGADE_CONCAT(bb, bb_in);
+        msr_log(msr, 1, "Process response: Failed to create brigade.");
-            if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
+        return APR_EGENERAL;
-                e = apr_bucket_eos_create(bb->bucket_alloc);
+    }
-                APR_BRIGADE_INSERT_TAIL(bb, e);
+
    /* get input response brigade */
    bb = modsecGetResponseBrigade(r);
    if (bb != NULL) {
        APR_BRIGADE_CONCAT(bb_in, bb);
        if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb_in))) {
            e = apr_bucket_eos_create(bb_in->bucket_alloc);
            APR_BRIGADE_INSERT_TAIL(bb_in, e);
        }
    } else if (modsecReadResponse != NULL) {
        unsigned int readcnt = 0;
        int is_eos = 0;
        char buf[8192];
        while(!is_eos)  {
            modsecReadResponse(r, buf, 8192, &readcnt, &is_eos);
            if(readcnt > 0) {
-                    tmp = (char *)apr_palloc(r->pool, readcnt);
+                char *tmp = (char *)apr_palloc(r->pool, readcnt);
                memcpy(tmp, buf, readcnt);
                e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc);
-                    APR_BRIGADE_INSERT_TAIL(bb, e);
+                APR_BRIGADE_INSERT_TAIL(bb_in, e);
            }
        }
        e = apr_bucket_eos_create(r->connection->bucket_alloc);
-            APR_BRIGADE_INSERT_TAIL(bb, e);
+        APR_BRIGADE_INSERT_TAIL(bb_in, e);
    } else {
        /* cannot read response body process header only */
        e = apr_bucket_eos_create(r->connection->bucket_alloc);
-            APR_BRIGADE_INSERT_TAIL(bb, e);
+        APR_BRIGADE_INSERT_TAIL(bb_in, e);
    }
-        f = ap_add_output_filter("HTTP_OUT", msr, r, r->connection);
+    bb_out = bb ? bb : apr_brigade_create(msr->mp, r->connection->bucket_alloc);
-        status = ap_pass_brigade(r->output_filters, bb);
+
    if (bb_out == NULL) {
        msr_log(msr, 1, "Process response: Failed to create brigade.");
        return APR_EGENERAL;
    }
    /* concat output bucket to bb_out */
    f = ap_add_output_filter("HTTP_OUT", bb_out, r, r->connection);
    status = ap_pass_brigade(r->output_filters, bb_in);
    ap_remove_output_filter(f);
-        if(status > 0
+
-                && msr->intercept_actionset->intercept_status != 0)  {
+    if (status == APR_EGENERAL) {
-            status =  msr->intercept_actionset->intercept_status;
+        /* retrive response status from bb_out */
        for(e = APR_BRIGADE_FIRST(bb_out);
                e != APR_BRIGADE_SENTINEL(bb_out);
                e = APR_BUCKET_NEXT(e)) {
            if (AP_BUCKET_IS_ERROR(e)) {
                return ((ap_bucket_error*) e->data)->status;
            }
        }
        return APR_EGENERAL;
    }
    if (status != DECLINED) {
        return status;
    }
-    return status;
+    /* copy bb_out */
    // is there a way to tell whether the response body was modified or not?
    if (modsecWriteResponse != NULL
            && (msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0)
            && msr->txcfg->resbody_access)   {
        char *data = NULL;
        apr_size_t length;
        status = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp);
        if (status != APR_SUCCESS) {
            msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", status,
                    get_apr_error(msr->mp, status));
            return APR_EGENERAL;
        }
        if ( modsecWriteResponse(msr->r, data, msr->stream_output_length) != APR_SUCCESS) {
            return APR_EGENERAL;
        }
    }
    return DECLINED;
 }
 int modsecFinishRequest(request_rec *r) {