github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16.

Browse Source
This commit is contained in:
brectanus 2007-06-04 20:16:48 +00:00
parent e5c00d156a
commit 11456dd87a
3 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -6,9 +6,9 @@
* Added rule file/line to audit log messages. * Added rule file/line to audit log messages.
* Added new parallel matching operators, @pm and @pmfile. These use * Added new phrase matching operators, @pm and @pmFromFile. These use
an alternate set based matching engine to perform faster keyword an alternate set based matching engine to perform faster phrase
type matches. type matches such as black/white lists, spam keywords, etc.
* Cache transformations per-request/phase so they are not repeated. * Cache transformations per-request/phase so they are not repeated.

20
apache2/re_operators.c
View File

@ -208,9 +208,9 @@ static int msre_op_pm_param_init(msre_rule *rule, char **error_msg) {
return 1; return 1;
} }
/* pmfile */ /* pmFromFile */
static int msre_op_pmfile_param_init(msre_rule *rule, char **error_msg) { static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) {
char errstr[1024]; char errstr[1024];
char buf[HUGE_STRING_LEN + 1]; char buf[HUGE_STRING_LEN + 1];
char *ptr = NULL; char *ptr = NULL;
@ -242,12 +242,12 @@ static int msre_op_pmfile_param_init(msre_rule *rule, char **error_msg) {
/* Open file and read */ /* Open file and read */
rc = apr_file_open(&fd, fn, APR_READ | APR_FILE_NOCLEANUP, 0, rule->ruleset->mp); rc = apr_file_open(&fd, fn, APR_READ | APR_FILE_NOCLEANUP, 0, rule->ruleset->mp);
if (rc != APR_SUCCESS) { if (rc != APR_SUCCESS) {
*error_msg = apr_psprintf(rule->ruleset->mp, "Could not open pmfile \"%s\": %s", fn, apr_strerror(rc, errstr, 1024)); *error_msg = apr_psprintf(rule->ruleset->mp, "Could not open phrase file \"%s\": %s", fn, apr_strerror(rc, errstr, 1024));
return 0; return 0;
} }
#ifdef DEBUG_CONF #ifdef DEBUG_CONF
fprintf(stderr, "Loading pmfile: \"%s\"\n", fn); fprintf(stderr, "Loading phrase file: \"%s\"\n", fn);
#endif #endif
/* Read one pattern per line skipping empty/commented */ /* Read one pattern per line skipping empty/commented */
@ -271,7 +271,7 @@ static int msre_op_pmfile_param_init(msre_rule *rule, char **error_msg) {
if ((*ptr == '\0') || (*ptr == '#')) continue; if ((*ptr == '\0') || (*ptr == '#')) continue;
#ifdef DEBUG_CONF #ifdef DEBUG_CONF
fprintf(stderr, "Adding pmfile pattern: \"%s\"\n", buf); fprintf(stderr, "Adding phrase file pattern: \"%s\"\n", buf);
#endif #endif
acmp_add_pattern(p, buf, NULL, NULL, strlen(buf)); acmp_add_pattern(p, buf, NULL, NULL, strlen(buf));
@ -299,10 +299,10 @@ static int msre_op_pm_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
/* This message will be logged. */ /* This message will be logged. */
if (strlen(match_escaped) > 252) { if (strlen(match_escaped) > 252) {
*error_msg = apr_psprintf(msr->mp, "Matched substring \"%.252s ...\" at %s.", *error_msg = apr_psprintf(msr->mp, "Matched phrase \"%.252s ...\" at %s.",
match_escaped, var->name); match_escaped, var->name);
} else { } else {
*error_msg = apr_psprintf(msr->mp, "Matched substring \"%s\" at %s.", *error_msg = apr_psprintf(msr->mp, "Matched phrase \"%s\" at %s.",
match_escaped, var->name); match_escaped, var->name);
} }
return 1; return 1;
@ -1353,10 +1353,10 @@ void msre_engine_register_default_operators(msre_engine *engine) {
msre_op_pm_execute msre_op_pm_execute
); );
/* pmfile */ /* pmFromFile */
msre_engine_op_register(engine, msre_engine_op_register(engine,
"pmfile", "pmFromFile",
msre_op_pmfile_param_init, msre_op_pmFromFile_param_init,
msre_op_pm_execute msre_op_pm_execute
); );

22
doc/modsecurity2-apache-reference.xml
View File

@ -4290,9 +4290,10 @@ SecRule ARGS:route "!<emphasis role="bold">@endsWith %{REQUEST_ADDR}</emphasis>"
<section> <section>
<title><literal>pm</literal></title> <title><literal>pm</literal></title>
<para><emphasis role="bold">Description:</emphasis> Parallel Match <para><emphasis role="bold">Description:</emphasis> Phrase Match
operator. This operator uses a set based matching engine for faster operator. This operator uses a set based matching engine (Aho-Corasick)
matches of keyword lists.</para> for faster matches of keyword lists. It will match any one of its
arguments anywhere in the target value.</para>
<para>Example:</para> <para>Example:</para>
@ -4304,13 +4305,16 @@ SecRule ARGS:route "!<emphasis role="bold">@endsWith %{REQUEST_ADDR}</emphasis>"
</section> </section>
<section> <section>
<title><literal>pmfile</literal></title> <title><literal>pmFromFile</literal></title>
<para><emphasis role="bold">Description:</emphasis> Parallel Match <para><emphasis role="bold">Description:</emphasis> Phrase Match
operator. This operator uses a set based matching engine for faster operator. This operator uses a set based matching engine (Aho-Corasick)
matches of keyword lists. It is the same as <literal>@pm</literal> for faster matches of keyword lists. This operator is the same as
except that it takes a list of files arguments. The contents of the <literal>@pm</literal> except that it takes a list of files as
files should be one pattern per line.</para> arguments. It will match any one of the phrases listed in the file(s)
anywhere in the target value. The contents of the files should be one
phrase per line. End of line markers will be stripped from the phrases,
however, whitespace will not be trimmed from phrases in the file.</para>
<para>Example:</para> <para>Example:</para>