github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Nginx: Added SecDisableBackendCompression support

Browse Source 
Nginx: Added internel redirected request processing
This commit is contained in:
chaizhenhua 2013-03-22 14:12:55 +08:00 committed by chaizhenhua
parent 55850a9c85
commit 177b5b9c98
7 changed files with 1090 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
nginx/modsecurity/apr_bucket_nginx.c
View File

@ -2,7 +2,7 @@
#include <apr_bucket_nginx.h>
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block);
apr_size_t *len, apr_read_type_e block);
static void nginx_bucket_destroy(void *data);
static const apr_bucket_type_t apr_bucket_type_nginx = {
@ -110,14 +110,14 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
b->last_buf = 0;
return b;
}
buf = ngx_palloc(pool, sizeof(ngx_buf_t));
if (buf == NULL) {
return NULL;
}
ngx_memcpy(buf, b, sizeof(ngx_buf_t));
if (ngx_buf_in_memory(buf)) {
if (ngx_buf_in_memory(buf)) {
buf->start = buf->pos = buf->pos + e->start;
buf->end = buf->last = buf->pos + e->length;
} else {
@ -125,7 +125,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
buf->file_pos += e->start;
buf->file_last = buf->file_pos + e->length;
}
buf->last_buf = 0;
return buf;
}
@ -134,7 +134,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
&len, APR_BLOCK_READ) != APR_SUCCESS) {
return NULL;
}
buf = ngx_calloc_buf(pool);
if (buf == NULL) {
return NULL;
@ -146,7 +146,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
buf->start = ngx_palloc(pool, len);
ngx_memcpy(buf->start, data, len);
}
buf->pos = buf->start;
buf->end = buf->last = buf->start + len;
buf->temporary = 1;
@ -154,10 +154,10 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
}
ngx_int_t
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool) {
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf) {
apr_bucket *e;
ngx_chain_t *cl;
while (chain) {
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) {
@ -175,6 +175,13 @@ move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *po
chain = chain->next;
ngx_free_chain(pool, cl);
}
if (last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
return NGX_AGAIN;
}
@ -185,16 +192,16 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
ngx_chain_t *cl;
cl = NULL;
if (APR_BRIGADE_EMPTY(bb)) {
*ll = NULL;
return NGX_OK;
}
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e)) {
if (APR_BUCKET_IS_EOS(e)) {
if (cl == NULL) {
*ll = cl;
@ -204,7 +211,7 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
apr_brigade_cleanup(bb);
return NGX_OK;
}
if (APR_BUCKET_IS_METADATA(e)) {
continue;
}
@ -213,12 +220,12 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
if (buf == NULL) {
break;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = buf;
cl->next = NULL;
*ll = cl;

2
nginx/modsecurity/apr_bucket_nginx.h
View File

@ -13,6 +13,6 @@ apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);

9
nginx/modsecurity/config
View File

@ -1,9 +1,8 @@
ngx_addon_name=ngx_http_modsecurity
# HTTP_MODULES="$HTTP_MODULES ngx_http_modsecurity"
HTTP_HEADERS_FILTER_MODULE="ngx_http_modsecurity $HTTP_HEADERS_FILTER_MODULE"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c"
NGX_ADDON_DEPS="$NGX_ADDON_DEPS"
CORE_MODULES="$CORE_MODULES ngx_pool_context_module"
HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c"
NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h"
CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm"
CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2"
have=REQUEST_EARLY . auto/have

1021
nginx/modsecurity/ngx_http_modsecurity.c
View File

File diff suppressed because it is too large Load Diff

212
nginx/modsecurity/ngx_pool_context.c Normal file
View File

@ -0,0 +1,212 @@
#include <ngx_core.h>
#define NGX_POOL_CTX_SIZE 1024
typedef struct ngx_pool_context_node_s ngx_pool_context_node_t;
struct ngx_pool_context_node_s
{
ngx_pool_context_node_t *next;
ngx_pool_context_node_t **prev;
ngx_pool_t *pool;
ngx_uint_t index;
void *data;
};
static void
ngx_pool_context_cleanup(void *data);
typedef struct {
ngx_uint_t size;
} ngx_pool_context_conf_t;
static void * ngx_pool_context_create_conf(ngx_cycle_t *cycle);
static char * ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf);
static ngx_core_module_t ngx_pool_context_module_ctx = {
ngx_string("pool_context"),
ngx_pool_context_create_conf,
ngx_pool_context_init_conf,
};
static ngx_command_t ngx_pool_context_commands[] = {
{ ngx_string("pool_context_hash_size"),
NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
ngx_conf_set_num_slot,
0,
offsetof(ngx_pool_context_conf_t, size),
NULL
},
ngx_null_command
};
ngx_module_t ngx_pool_context_module = {
NGX_MODULE_V1,
&ngx_pool_context_module_ctx, /* module context */
ngx_pool_context_commands, /* module directives */
NGX_CORE_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
#define ngx_pool_context_hash_key(r, ctx_index) ((ngx_uint_t) r + ctx_index)
#define ngx_pool_context_unlink(node) \
\
*(node->prev) = node->next; \
\
if (node->next) { \
node->next->prev = node->prev; \
} \
\
node->prev = NULL; \
#define ngx_pool_context_link(queue, node) \
\
if (node->prev != NULL) { \
ngx_pool_context_unlink(node); \
} \
node->next = (ngx_pool_context_node_t *) *queue; \
node->prev = (ngx_pool_context_node_t **) queue; \
*queue = node; \
\
if (node->next) { \
node->next->prev = &node->next; \
}
static ngx_pool_context_node_t **ngx_pool_context_hash;
static ngx_uint_t ngx_pool_context_hash_size;
/* Nginx has removed multi-thread support, so we do not need mutex */
void *
ngx_pool_get_ctx(ngx_pool_t *pool, ngx_uint_t index)
{
ngx_uint_t hash;
uint32_t key;
ngx_pool_context_node_t *node;
hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key];
while (node) {
if (node->pool == pool && node->index == index) {
return node->data;
}
node = node->next;
}
return NULL;
}
ngx_int_t
ngx_pool_set_ctx(ngx_pool_t *pool, ngx_uint_t index, void *data)
{
ngx_uint_t hash;
uint32_t key;
ngx_pool_context_node_t *node;
ngx_pool_cleanup_t *cln;
hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key];
while (node) {
if (node->pool == pool
&& node->index == index) {
node->data = data;
return NGX_OK;
}
node = node->next;
}
cln = ngx_pool_cleanup_add(pool, sizeof(ngx_pool_context_node_t));
if (cln == NULL) {
return NGX_ERROR;
}
cln->handler = ngx_pool_context_cleanup;
node = cln->data;
node->prev = NULL;
node->next = NULL;
node->pool = pool;
node->index = index;
node->data = data;
ngx_pool_context_link(&ngx_pool_context_hash[key], node);
return NGX_OK;
}
static void
ngx_pool_context_cleanup(void *data)
{
ngx_pool_context_node_t *node = data;
ngx_pool_context_unlink(node);
}
static void *
ngx_pool_context_create_conf(ngx_cycle_t *cycle)
{
ngx_pool_context_conf_t *pcf;
/* create config */
pcf = ngx_pcalloc(cycle->pool, sizeof(ngx_pool_context_conf_t));
if (pcf == NULL) {
return NULL;
}
pcf->size = NGX_CONF_UNSET_UINT;
return pcf;
}
static char *
ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf)
{
ngx_pool_context_conf_t *pcf = conf;
ngx_conf_init_uint_value(pcf->size, NGX_POOL_CTX_SIZE);
ngx_pool_context_hash_size = pcf->size;
ngx_pool_context_hash = ngx_palloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size);
if (ngx_pool_context_hash == NULL) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}

12
nginx/modsecurity/ngx_pool_context.h Normal file
View File

@ -0,0 +1,12 @@
#ifndef _NGX_POOL_CONTEXT_H_INCLUDE_
#define _NGX_POOL_CONTEXT_H_INCLUDE_
void* ngx_pool_get_ctx(ngx_pool_t * pool, ngx_uint_t index);
ngx_int_t ngx_pool_set_ctx(ngx_pool_t * pool, ngx_uint_t index,void * data);
#define ngx_http_get_module_pool_ctx(r, module) ngx_pool_get_ctx(r->pool, module.index)
#define ngx_http_set_pool_ctx(r, c, module) ngx_pool_set_ctx(r->pool, module.index, c)
#endif /* _NGX_POOL_CONTEXT_H_INCLUDE_ */

39
standalone/Makefile.in
View File

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -16,6 +16,23 @@
@SET_MAKE@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
@ -118,6 +135,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(standalone_la_SOURCES)
DIST_SOURCES = $(standalone_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@ -395,7 +417,6 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(pkglibdir)" || $(MKDIR_P) "$(DESTDIR)$(pkglibdir)"
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
@ -403,6 +424,8 @@ install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
else :; fi; \
done; \
test -z "$$list2" || { \
echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
}
@ -935,7 +958,17 @@ uninstall-am: uninstall-pkglibLTLIBRARIES
install-exec-hook: $(pkglib_LTLIBRARIES)
@echo "Removing unused static libraries..."; \
@echo "Creating Nginx config file..."; \
rm -f ../nginx/modsecurity/config; \
echo "ngx_addon_name=ngx_http_modsecurity" >> ../nginx/modsecurity/config; \
echo "# HTTP_MODULES=\"\$$HTTP_MODULES ngx_http_modsecurity\"" >> ../nginx/modsecurity/config; \
echo "HTTP_HEADERS_FILTER_MODULE=\"ngx_http_modsecurity \$$HTTP_HEADERS_FILTER_MODULE\"" >> ../nginx/modsecurity/config; \
echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c\"" >> ../nginx/modsecurity/config;\
echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS\"" >> ../nginx/modsecurity/config; \
echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \
echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \
echo "have=REQUEST_EARLY . auto/have" >> ../nginx/modsecurity/config;\
echo "Removing unused static libraries..."; \
for m in $(pkglib_LTLIBRARIES); do \
base=`echo $$m | sed 's/\..*//'`; \
rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \