github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Nginx: Added SecDisableBackendCompression support

Browse Source 
Nginx: Added internel redirected request processing
This commit is contained in:
chaizhenhua
2013-03-22 14:12:55 +08:00
committed by chaizhenhua
parent 55850a9c85
commit 177b5b9c98
7 changed files with 1090 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
nginx/modsecurity/apr_bucket_nginx.c
View File

@@ -2,7 +2,7 @@
#include <apr_bucket_nginx.h>
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
apr_size_t *len, apr_read_type_e block);
apr_size_t *len, apr_read_type_e block);
static void nginx_bucket_destroy(void *data);
static const apr_bucket_type_t apr_bucket_type_nginx = {
@@ -110,14 +110,14 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
b->last_buf = 0;
return b;
}
buf = ngx_palloc(pool, sizeof(ngx_buf_t));
if (buf == NULL) {
return NULL;
}
ngx_memcpy(buf, b, sizeof(ngx_buf_t));
if (ngx_buf_in_memory(buf)) {
if (ngx_buf_in_memory(buf)) {
buf->start = buf->pos = buf->pos + e->start;
buf->end = buf->last = buf->pos + e->length;
} else {
@@ -125,7 +125,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
buf->file_pos += e->start;
buf->file_last = buf->file_pos + e->length;
}
buf->last_buf = 0;
return buf;
}
@@ -134,7 +134,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
&len, APR_BLOCK_READ) != APR_SUCCESS) {
return NULL;
}
buf = ngx_calloc_buf(pool);
if (buf == NULL) {
return NULL;
@@ -146,7 +146,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
buf->start = ngx_palloc(pool, len);
ngx_memcpy(buf->start, data, len);
}
buf->pos = buf->start;
buf->end = buf->last = buf->start + len;
buf->temporary = 1;
@@ -154,10 +154,10 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
}
ngx_int_t
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool) {
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf) {
apr_bucket *e;
ngx_chain_t *cl;
while (chain) {
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
if (e == NULL) {
@@ -175,6 +175,13 @@ move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *po
chain = chain->next;
ngx_free_chain(pool, cl);
}
if (last_buf) {
e = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
return NGX_OK;
}
return NGX_AGAIN;
}
@@ -185,16 +192,16 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
ngx_chain_t *cl;
cl = NULL;
if (APR_BRIGADE_EMPTY(bb)) {
*ll = NULL;
return NGX_OK;
}
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e)) {
if (APR_BUCKET_IS_EOS(e)) {
if (cl == NULL) {
*ll = cl;
@@ -204,7 +211,7 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
apr_brigade_cleanup(bb);
return NGX_OK;
}
if (APR_BUCKET_IS_METADATA(e)) {
continue;
}
@@ -213,12 +220,12 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
if (buf == NULL) {
break;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = buf;
cl->next = NULL;
*ll = cl;

2
nginx/modsecurity/apr_bucket_nginx.h
View File

@@ -13,6 +13,6 @@ apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool);
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);

9
nginx/modsecurity/config
View File

@@ -1,9 +1,8 @@
ngx_addon_name=ngx_http_modsecurity
# HTTP_MODULES="$HTTP_MODULES ngx_http_modsecurity"
HTTP_HEADERS_FILTER_MODULE="ngx_http_modsecurity $HTTP_HEADERS_FILTER_MODULE"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c"
NGX_ADDON_DEPS="$NGX_ADDON_DEPS"
CORE_MODULES="$CORE_MODULES ngx_pool_context_module"
HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c"
NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h"
CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm"
CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2"
have=REQUEST_EARLY . auto/have

1021
nginx/modsecurity/ngx_http_modsecurity.c
View File

File diff suppressed because it is too large Load Diff

212
nginx/modsecurity/ngx_pool_context.c Normal file
View File

@@ -0,0 +1,212 @@
#include <ngx_core.h>
#define NGX_POOL_CTX_SIZE 1024
typedef struct ngx_pool_context_node_s ngx_pool_context_node_t;
struct ngx_pool_context_node_s
{
ngx_pool_context_node_t *next;
ngx_pool_context_node_t **prev;
ngx_pool_t *pool;
ngx_uint_t index;
void *data;
};
static void
ngx_pool_context_cleanup(void *data);
typedef struct {
ngx_uint_t size;
} ngx_pool_context_conf_t;
static void * ngx_pool_context_create_conf(ngx_cycle_t *cycle);
static char * ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf);
static ngx_core_module_t ngx_pool_context_module_ctx = {
ngx_string("pool_context"),
ngx_pool_context_create_conf,
ngx_pool_context_init_conf,
};
static ngx_command_t ngx_pool_context_commands[] = {
{ ngx_string("pool_context_hash_size"),
NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
ngx_conf_set_num_slot,
0,
offsetof(ngx_pool_context_conf_t, size),
NULL
},
ngx_null_command
};
ngx_module_t ngx_pool_context_module = {
NGX_MODULE_V1,
&ngx_pool_context_module_ctx, /* module context */
ngx_pool_context_commands, /* module directives */
NGX_CORE_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
#define ngx_pool_context_hash_key(r, ctx_index) ((ngx_uint_t) r + ctx_index)
#define ngx_pool_context_unlink(node) \
\
*(node->prev) = node->next; \
\
if (node->next) { \
node->next->prev = node->prev; \
} \
\
node->prev = NULL; \
#define ngx_pool_context_link(queue, node) \
\
if (node->prev != NULL) { \
ngx_pool_context_unlink(node); \
} \
node->next = (ngx_pool_context_node_t *) *queue; \
node->prev = (ngx_pool_context_node_t **) queue; \
*queue = node; \
\
if (node->next) { \
node->next->prev = &node->next; \
}
static ngx_pool_context_node_t **ngx_pool_context_hash;
static ngx_uint_t ngx_pool_context_hash_size;
/* Nginx has removed multi-thread support, so we do not need mutex */
void *
ngx_pool_get_ctx(ngx_pool_t *pool, ngx_uint_t index)
{
ngx_uint_t hash;
uint32_t key;
ngx_pool_context_node_t *node;
hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key];
while (node) {
if (node->pool == pool && node->index == index) {
return node->data;
}
node = node->next;
}
return NULL;
}
ngx_int_t
ngx_pool_set_ctx(ngx_pool_t *pool, ngx_uint_t index, void *data)
{
ngx_uint_t hash;
uint32_t key;
ngx_pool_context_node_t *node;
ngx_pool_cleanup_t *cln;
hash = (ngx_uint_t) pool + index;
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
node = ngx_pool_context_hash[key];
while (node) {
if (node->pool == pool
&& node->index == index) {
node->data = data;
return NGX_OK;
}
node = node->next;
}
cln = ngx_pool_cleanup_add(pool, sizeof(ngx_pool_context_node_t));
if (cln == NULL) {
return NGX_ERROR;
}
cln->handler = ngx_pool_context_cleanup;
node = cln->data;
node->prev = NULL;
node->next = NULL;
node->pool = pool;
node->index = index;
node->data = data;
ngx_pool_context_link(&ngx_pool_context_hash[key], node);
return NGX_OK;
}
static void
ngx_pool_context_cleanup(void *data)
{
ngx_pool_context_node_t *node = data;
ngx_pool_context_unlink(node);
}
static void *
ngx_pool_context_create_conf(ngx_cycle_t *cycle)
{
ngx_pool_context_conf_t *pcf;
/* create config */
pcf = ngx_pcalloc(cycle->pool, sizeof(ngx_pool_context_conf_t));
if (pcf == NULL) {
return NULL;
}
pcf->size = NGX_CONF_UNSET_UINT;
return pcf;
}
static char *
ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf)
{
ngx_pool_context_conf_t *pcf = conf;
ngx_conf_init_uint_value(pcf->size, NGX_POOL_CTX_SIZE);
ngx_pool_context_hash_size = pcf->size;
ngx_pool_context_hash = ngx_palloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size);
if (ngx_pool_context_hash == NULL) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}

12
nginx/modsecurity/ngx_pool_context.h Normal file
View File

@@ -0,0 +1,12 @@
#ifndef _NGX_POOL_CONTEXT_H_INCLUDE_
#define _NGX_POOL_CONTEXT_H_INCLUDE_
void* ngx_pool_get_ctx(ngx_pool_t * pool, ngx_uint_t index);
ngx_int_t ngx_pool_set_ctx(ngx_pool_t * pool, ngx_uint_t index,void * data);
#define ngx_http_get_module_pool_ctx(r, module) ngx_pool_get_ctx(r->pool, module.index)
#define ngx_http_set_pool_ctx(r, c, module) ngx_pool_set_ctx(r->pool, module.index, c)
#endif /* _NGX_POOL_CONTEXT_H_INCLUDE_ */