github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-10 02:04:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge in changes from trunk.

Browse Source 
Prepare for 2.1.2-rc1.
This commit is contained in:
brectanus
2007-05-31 19:03:52 +00:00
parent cc983ac070
commit 12f055140a
6 changed files with 60 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGES
View File

@@ -1,5 +1,11 @@
25 Apr 2007 - 2.1.1-breach1 31 May 2007 - 2.1.2-rc1
--------------------------- -----------------------
* Fixed problem with subrequests not being intercepted (only logged).
* Fixed decoding full-width unicode in t:urlDecodeUni.
* Only calculate debugging vars when we are debugging.
* Added SecAuditLog2 directive to allow redundent concurrent audit log * Added SecAuditLog2 directive to allow redundent concurrent audit log
index files. This will allow sending audit data to two consoles, etc. index files. This will allow sending audit data to two consoles, etc.

58
apache2/mod_security2.c
View File

@@ -54,6 +54,7 @@ int perform_interception(modsec_rec *msr) {
msre_actionset *actionset = NULL; msre_actionset *actionset = NULL;
const char *message = NULL; const char *message = NULL;
const char *phase_text = ""; const char *phase_text = "";
const char *subreq_text = (msr->r->main == NULL) ? "" : "Subrequest. ";
int status = DECLINED; int status = DECLINED;
int log_level = 1; int log_level = 1;
@@ -92,14 +93,14 @@ int perform_interception(modsec_rec *msr) {
case ACTION_DENY : case ACTION_DENY :
if (actionset->intercept_status != 0) { if (actionset->intercept_status != 0) {
status = actionset->intercept_status; status = actionset->intercept_status;
message = apr_psprintf(msr->mp, "Access denied with code %i%s.", status, message = apr_psprintf(msr->mp, "%sAccess denied with code %i%s.",
phase_text); subreq_text, status, phase_text);
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Internal Error: Invalid status code requested %i).", phase_text, "(Internal Error: Invalid status code requested %i).",
actionset->intercept_status); subreq_text, phase_text, actionset->intercept_status);
} }
break; break;
@@ -108,23 +109,25 @@ int perform_interception(modsec_rec *msr) {
if (ap_find_linked_module("mod_proxy.c") == NULL) { if (ap_find_linked_module("mod_proxy.c") == NULL) {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Configuration Error: Proxy action to %s requested but mod_proxy not found).", "(Configuration Error: Proxy action to %s requested but mod_proxy not found).",
phase_text, log_escape_nq(msr->mp, actionset->intercept_uri)); subreq_text, phase_text,
log_escape_nq(msr->mp, actionset->intercept_uri));
} else { } else {
msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri); msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri);
msr->r->proxyreq = PROXYREQ_REVERSE; msr->r->proxyreq = PROXYREQ_REVERSE;
msr->r->handler = "proxy-server"; msr->r->handler = "proxy-server";
status = OK; status = OK;
message = apr_psprintf(msr->mp, "Access denied using proxy to %s%s.", message = apr_psprintf(msr->mp, "%sAccess denied using proxy to %s%s.",
phase_text, log_escape_nq(msr->mp, actionset->intercept_uri)); subreq_text, phase_text,
log_escape_nq(msr->mp, actionset->intercept_uri));
} }
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Configuration Error: Proxy action requested but it does not work in output phases).", "(Configuration Error: Proxy action requested but it does not work in output phases).",
phase_text); subreq_text, phase_text);
} }
break; break;
@@ -141,29 +144,30 @@ int perform_interception(modsec_rec *msr) {
if (csd) { if (csd) {
if (apr_socket_close(csd) == APR_SUCCESS) { if (apr_socket_close(csd) == APR_SUCCESS) {
status = HTTP_FORBIDDEN; status = HTTP_FORBIDDEN;
message = apr_psprintf(msr->mp, "Access denied with connection close%s.", message = apr_psprintf(msr->mp, "%sAccess denied with connection close%s.",
phase_text); subreq_text, phase_text);
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop requested but failed to close the " "(Error: Connection drop requested but failed to close the "
" socket).", phase_text); " socket).",
subreq_text, phase_text);
} }
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop requested but socket not found.", "(Error: Connection drop requested but socket not found.",
phase_text); subreq_text, phase_text);
} }
} }
#else #else
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop not implemented on this platform).", "(Error: Connection drop not implemented on this platform).",
phase_text); subreq_text, phase_text);
#endif #endif
break; break;
@@ -176,22 +180,24 @@ int perform_interception(modsec_rec *msr) {
} else { } else {
status = HTTP_MOVED_TEMPORARILY; status = HTTP_MOVED_TEMPORARILY;
} }
message = apr_psprintf(msr->mp, "Access denied with redirection to %s using " message = apr_psprintf(msr->mp, "%sAccess denied with redirection to %s using "
"status %i%s.", log_escape_nq(msr->mp, actionset->intercept_uri), status, "status %i%s.",
subreq_text,
log_escape_nq(msr->mp, actionset->intercept_uri), status,
phase_text); phase_text);
break; break;
case ACTION_ALLOW : case ACTION_ALLOW :
status = DECLINED; status = DECLINED;
message = apr_psprintf(msr->mp, "Access allowed%s.", phase_text); message = apr_psprintf(msr->mp, "%sAccess allowed%s.", subreq_text, phase_text);
break; break;
default : default :
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Internal Error: invalid interception action %i).", "(Internal Error: invalid interception action %i).",
phase_text, actionset->intercept_action); subreq_text, phase_text, actionset->intercept_action);
break; break;
} }
@@ -558,6 +564,10 @@ static int hook_request_late(request_rec *r) {
/* Has this phase been completed already? */ /* Has this phase been completed already? */
if (msr->phase_request_body_complete) { if (msr->phase_request_body_complete) {
if (msr->was_intercepted) {
msr_log(msr, 4, "Phase REQUEST_BODY request already intercepted. Intercepting additional request.");
return perform_interception(msr);
}
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Phase REQUEST_BODY already complete, skipping."); msr_log(msr, 4, "Phase REQUEST_BODY already complete, skipping.");
} }

2
apache2/modsecurity.h
View File

@@ -50,7 +50,7 @@ typedef struct msc_string msc_string;
#include "http_protocol.h" #include "http_protocol.h"
#define MODULE_NAME "ModSecurity" #define MODULE_NAME "ModSecurity"
#define MODULE_RELEASE "2.1.1-breach3" #define MODULE_RELEASE "2.1.2-rc1"
#define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)") #define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)")
#define PHASE_REQUEST_HEADERS 1 #define PHASE_REQUEST_HEADERS 1

14
apache2/msc_util.c
View File

@@ -549,8 +549,18 @@ int urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_len)
if ( (VALID_HEX(input[i + 2]))&&(VALID_HEX(input[i + 3])) if ( (VALID_HEX(input[i + 2]))&&(VALID_HEX(input[i + 3]))
&&(VALID_HEX(input[i + 4]))&&(VALID_HEX(input[i + 5])) ) &&(VALID_HEX(input[i + 4]))&&(VALID_HEX(input[i + 5])) )
{ {
/* We make use of the lower byte here, ignoring the higher byte. */ /* We first make use of the lower byte here, ignoring the higher byte. */
*d++ = x2c(&input[i + 4]); *d = x2c(&input[i + 4]);
/* Full width ASCII (ff01 - ff5e) needs 0x20 added */
if ( (*d > 0x00) && (*d < 0x5f)
&& ((input[i + 2] == 'f') || (input[i + 2] == 'F'))
&& ((input[i + 3] == 'f') || (input[i + 3] == 'F')))
{
*d += 0x20;
}
d++;
count++; count++;
i += 6; i += 6;
} else { } else {

6
apache2/re.c
View File

@@ -1166,7 +1166,7 @@ static void msre_perform_disruptive_actions(modsec_rec *msr, msre_rule *rule,
static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr, static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
msre_actionset *acting_actionset, apr_pool_t *mptmp) msre_actionset *acting_actionset, apr_pool_t *mptmp)
{ {
apr_time_t time_before_regex; apr_time_t time_before_regex = 0;
char *my_error_msg = NULL; char *my_error_msg = NULL;
int rc; int rc;
@@ -1181,7 +1181,9 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
var->value_len)); var->value_len));
} }
time_before_regex = apr_time_now(); /* IMP1 time_before_regex? */ if (msr->txcfg->debuglog_level >= 4) {
time_before_regex = apr_time_now(); /* IMP1 time_before_regex? */
}
rc = rule->op_metadata->execute(msr, rule, var, &my_error_msg); rc = rule->op_metadata->execute(msr, rule, var, &my_error_msg);
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Operator completed in %" APR_TIME_T_FMT " usec.", msr_log(msr, 4, "Operator completed in %" APR_TIME_T_FMT " usec.",

2
doc/modsecurity2-apache-reference.xml
View File

@@ -3,7 +3,7 @@
<title>ModSecurity Reference Manual</title> <title>ModSecurity Reference Manual</title>
<articleinfo> <articleinfo>
<releaseinfo>Version 2.1.1-breach1 / (April 25, 2007)</releaseinfo> <releaseinfo>Version 2.1.2-rc1 / (May 31, 2007)</releaseinfo>
<copyright> <copyright>
<year>2004-2007</year> <year>2004-2007</year>