mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-17 14:46:13 +03:00
Nginx: Added SecDisableBackendCompression support
Nginx: Added internel redirected request processing
This commit is contained in:
chaizhenhua
chaizhenhua
parent
55850a9c85
commit
177b5b9c98
@ -154,7 +154,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool) {
|
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf) {
|
||||||
apr_bucket *e;
|
apr_bucket *e;
|
||||||
ngx_chain_t *cl;
|
ngx_chain_t *cl;
|
||||||
|
|
||||||
@ -175,6 +175,13 @@ move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *po
|
|||||||
chain = chain->next;
|
chain = chain->next;
|
||||||
ngx_free_chain(pool, cl);
|
ngx_free_chain(pool, cl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (last_buf) {
|
||||||
|
e = apr_bucket_eos_create(bb->bucket_alloc);
|
||||||
|
APR_BRIGADE_INSERT_TAIL(bb, e);
|
||||||
|
return NGX_OK;
|
||||||
|
}
|
||||||
|
|
||||||
return NGX_AGAIN;
|
return NGX_AGAIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,6 @@ apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
|
|||||||
|
|
||||||
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
|
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
|
||||||
|
|
||||||
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool);
|
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
|
||||||
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);
|
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);
|
||||||
|
|
||||||
|
|||||||
@ -1,9 +1,8 @@
|
|||||||
ngx_addon_name=ngx_http_modsecurity
|
ngx_addon_name=ngx_http_modsecurity
|
||||||
# HTTP_MODULES="$HTTP_MODULES ngx_http_modsecurity"
|
CORE_MODULES="$CORE_MODULES ngx_pool_context_module"
|
||||||
HTTP_HEADERS_FILTER_MODULE="ngx_http_modsecurity $HTTP_HEADERS_FILTER_MODULE"
|
HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES"
|
||||||
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c"
|
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c"
|
||||||
NGX_ADDON_DEPS="$NGX_ADDON_DEPS"
|
NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h"
|
||||||
CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm"
|
CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm"
|
||||||
CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2"
|
CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2"
|
||||||
have=REQUEST_EARLY . auto/have
|
|
||||||
|
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
212
nginx/modsecurity/ngx_pool_context.c
Normal file
212
nginx/modsecurity/ngx_pool_context.c
Normal file
@ -0,0 +1,212 @@
|
|||||||
|
|
||||||
|
|
||||||
|
#include <ngx_core.h>
|
||||||
|
|
||||||
|
#define NGX_POOL_CTX_SIZE 1024
|
||||||
|
|
||||||
|
typedef struct ngx_pool_context_node_s ngx_pool_context_node_t;
|
||||||
|
struct ngx_pool_context_node_s
|
||||||
|
{
|
||||||
|
ngx_pool_context_node_t *next;
|
||||||
|
ngx_pool_context_node_t **prev;
|
||||||
|
ngx_pool_t *pool;
|
||||||
|
ngx_uint_t index;
|
||||||
|
void *data;
|
||||||
|
};
|
||||||
|
|
||||||
|
static void
|
||||||
|
ngx_pool_context_cleanup(void *data);
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
ngx_uint_t size;
|
||||||
|
} ngx_pool_context_conf_t;
|
||||||
|
|
||||||
|
static void * ngx_pool_context_create_conf(ngx_cycle_t *cycle);
|
||||||
|
static char * ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf);
|
||||||
|
|
||||||
|
static ngx_core_module_t ngx_pool_context_module_ctx = {
|
||||||
|
ngx_string("pool_context"),
|
||||||
|
ngx_pool_context_create_conf,
|
||||||
|
ngx_pool_context_init_conf,
|
||||||
|
};
|
||||||
|
|
||||||
|
static ngx_command_t ngx_pool_context_commands[] = {
|
||||||
|
|
||||||
|
{ ngx_string("pool_context_hash_size"),
|
||||||
|
NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
|
||||||
|
ngx_conf_set_num_slot,
|
||||||
|
0,
|
||||||
|
offsetof(ngx_pool_context_conf_t, size),
|
||||||
|
NULL
|
||||||
|
},
|
||||||
|
ngx_null_command
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
ngx_module_t ngx_pool_context_module = {
|
||||||
|
NGX_MODULE_V1,
|
||||||
|
&ngx_pool_context_module_ctx, /* module context */
|
||||||
|
ngx_pool_context_commands, /* module directives */
|
||||||
|
NGX_CORE_MODULE, /* module type */
|
||||||
|
NULL, /* init master */
|
||||||
|
NULL, /* init module */
|
||||||
|
NULL, /* init process */
|
||||||
|
NULL, /* init thread */
|
||||||
|
NULL, /* exit thread */
|
||||||
|
NULL, /* exit process */
|
||||||
|
NULL, /* exit master */
|
||||||
|
NGX_MODULE_V1_PADDING
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
#define ngx_pool_context_hash_key(r, ctx_index) ((ngx_uint_t) r + ctx_index)
|
||||||
|
|
||||||
|
#define ngx_pool_context_unlink(node) \
|
||||||
|
\
|
||||||
|
*(node->prev) = node->next; \
|
||||||
|
\
|
||||||
|
if (node->next) { \
|
||||||
|
node->next->prev = node->prev; \
|
||||||
|
} \
|
||||||
|
\
|
||||||
|
node->prev = NULL; \
|
||||||
|
|
||||||
|
|
||||||
|
#define ngx_pool_context_link(queue, node) \
|
||||||
|
\
|
||||||
|
if (node->prev != NULL) { \
|
||||||
|
ngx_pool_context_unlink(node); \
|
||||||
|
} \
|
||||||
|
node->next = (ngx_pool_context_node_t *) *queue; \
|
||||||
|
node->prev = (ngx_pool_context_node_t **) queue; \
|
||||||
|
*queue = node; \
|
||||||
|
\
|
||||||
|
if (node->next) { \
|
||||||
|
node->next->prev = &node->next; \
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static ngx_pool_context_node_t **ngx_pool_context_hash;
|
||||||
|
static ngx_uint_t ngx_pool_context_hash_size;
|
||||||
|
|
||||||
|
/* Nginx has removed multi-thread support, so we do not need mutex */
|
||||||
|
|
||||||
|
void *
|
||||||
|
ngx_pool_get_ctx(ngx_pool_t *pool, ngx_uint_t index)
|
||||||
|
{
|
||||||
|
ngx_uint_t hash;
|
||||||
|
uint32_t key;
|
||||||
|
ngx_pool_context_node_t *node;
|
||||||
|
|
||||||
|
hash = (ngx_uint_t) pool + index;
|
||||||
|
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
|
||||||
|
|
||||||
|
node = ngx_pool_context_hash[key];
|
||||||
|
|
||||||
|
while (node) {
|
||||||
|
|
||||||
|
if (node->pool == pool && node->index == index) {
|
||||||
|
|
||||||
|
return node->data;
|
||||||
|
}
|
||||||
|
node = node->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
ngx_int_t
|
||||||
|
ngx_pool_set_ctx(ngx_pool_t *pool, ngx_uint_t index, void *data)
|
||||||
|
{
|
||||||
|
ngx_uint_t hash;
|
||||||
|
uint32_t key;
|
||||||
|
ngx_pool_context_node_t *node;
|
||||||
|
ngx_pool_cleanup_t *cln;
|
||||||
|
|
||||||
|
hash = (ngx_uint_t) pool + index;
|
||||||
|
key = ngx_murmur_hash2((u_char *)&hash, sizeof(hash)) % ngx_pool_context_hash_size;
|
||||||
|
|
||||||
|
node = ngx_pool_context_hash[key];
|
||||||
|
|
||||||
|
while (node) {
|
||||||
|
|
||||||
|
if (node->pool == pool
|
||||||
|
&& node->index == index) {
|
||||||
|
|
||||||
|
|
||||||
|
node->data = data;
|
||||||
|
return NGX_OK;
|
||||||
|
}
|
||||||
|
node = node->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
cln = ngx_pool_cleanup_add(pool, sizeof(ngx_pool_context_node_t));
|
||||||
|
|
||||||
|
if (cln == NULL) {
|
||||||
|
|
||||||
|
return NGX_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
cln->handler = ngx_pool_context_cleanup;
|
||||||
|
node = cln->data;
|
||||||
|
|
||||||
|
node->prev = NULL;
|
||||||
|
node->next = NULL;
|
||||||
|
node->pool = pool;
|
||||||
|
node->index = index;
|
||||||
|
node->data = data;
|
||||||
|
|
||||||
|
ngx_pool_context_link(&ngx_pool_context_hash[key], node);
|
||||||
|
|
||||||
|
return NGX_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
ngx_pool_context_cleanup(void *data)
|
||||||
|
{
|
||||||
|
ngx_pool_context_node_t *node = data;
|
||||||
|
|
||||||
|
ngx_pool_context_unlink(node);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void *
|
||||||
|
ngx_pool_context_create_conf(ngx_cycle_t *cycle)
|
||||||
|
{
|
||||||
|
ngx_pool_context_conf_t *pcf;
|
||||||
|
|
||||||
|
/* create config */
|
||||||
|
pcf = ngx_pcalloc(cycle->pool, sizeof(ngx_pool_context_conf_t));
|
||||||
|
if (pcf == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
pcf->size = NGX_CONF_UNSET_UINT;
|
||||||
|
|
||||||
|
return pcf;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static char *
|
||||||
|
ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf)
|
||||||
|
{
|
||||||
|
ngx_pool_context_conf_t *pcf = conf;
|
||||||
|
|
||||||
|
ngx_conf_init_uint_value(pcf->size, NGX_POOL_CTX_SIZE);
|
||||||
|
|
||||||
|
ngx_pool_context_hash_size = pcf->size;
|
||||||
|
|
||||||
|
ngx_pool_context_hash = ngx_palloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size);
|
||||||
|
|
||||||
|
if (ngx_pool_context_hash == NULL) {
|
||||||
|
return NGX_CONF_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NGX_CONF_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
12
nginx/modsecurity/ngx_pool_context.h
Normal file
12
nginx/modsecurity/ngx_pool_context.h
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
|
||||||
|
|
||||||
|
#ifndef _NGX_POOL_CONTEXT_H_INCLUDE_
|
||||||
|
#define _NGX_POOL_CONTEXT_H_INCLUDE_
|
||||||
|
|
||||||
|
void* ngx_pool_get_ctx(ngx_pool_t * pool, ngx_uint_t index);
|
||||||
|
ngx_int_t ngx_pool_set_ctx(ngx_pool_t * pool, ngx_uint_t index,void * data);
|
||||||
|
|
||||||
|
#define ngx_http_get_module_pool_ctx(r, module) ngx_pool_get_ctx(r->pool, module.index)
|
||||||
|
#define ngx_http_set_pool_ctx(r, c, module) ngx_pool_set_ctx(r->pool, module.index, c)
|
||||||
|
|
||||||
|
#endif /* _NGX_POOL_CONTEXT_H_INCLUDE_ */
|
||||||
@ -1,4 +1,4 @@
|
|||||||
# Makefile.in generated by automake 1.11.3 from Makefile.am.
|
# Makefile.in generated by automake 1.11.6 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
@ -16,6 +16,23 @@
|
|||||||
@SET_MAKE@
|
@SET_MAKE@
|
||||||
|
|
||||||
VPATH = @srcdir@
|
VPATH = @srcdir@
|
||||||
|
am__make_dryrun = \
|
||||||
|
{ \
|
||||||
|
am__dry=no; \
|
||||||
|
case $$MAKEFLAGS in \
|
||||||
|
*\\[\ \ ]*) \
|
||||||
|
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
|
||||||
|
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
|
||||||
|
*) \
|
||||||
|
for am__flg in $$MAKEFLAGS; do \
|
||||||
|
case $$am__flg in \
|
||||||
|
*=*|--*) ;; \
|
||||||
|
*n*) am__dry=yes; break;; \
|
||||||
|
esac; \
|
||||||
|
done;; \
|
||||||
|
esac; \
|
||||||
|
test $$am__dry = yes; \
|
||||||
|
}
|
||||||
pkgdatadir = $(datadir)/@PACKAGE@
|
pkgdatadir = $(datadir)/@PACKAGE@
|
||||||
pkgincludedir = $(includedir)/@PACKAGE@
|
pkgincludedir = $(includedir)/@PACKAGE@
|
||||||
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
||||||
@ -118,6 +135,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
|
|||||||
$(LDFLAGS) -o $@
|
$(LDFLAGS) -o $@
|
||||||
SOURCES = $(standalone_la_SOURCES)
|
SOURCES = $(standalone_la_SOURCES)
|
||||||
DIST_SOURCES = $(standalone_la_SOURCES)
|
DIST_SOURCES = $(standalone_la_SOURCES)
|
||||||
|
am__can_run_installinfo = \
|
||||||
|
case $$AM_UPDATE_INFO_DIR in \
|
||||||
|
n|no|NO) false;; \
|
||||||
|
*) (install-info --version) >/dev/null 2>&1;; \
|
||||||
|
esac
|
||||||
ETAGS = etags
|
ETAGS = etags
|
||||||
CTAGS = ctags
|
CTAGS = ctags
|
||||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||||
@ -395,7 +417,6 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
|
|||||||
$(am__aclocal_m4_deps):
|
$(am__aclocal_m4_deps):
|
||||||
install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
|
install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
|
||||||
@$(NORMAL_INSTALL)
|
@$(NORMAL_INSTALL)
|
||||||
test -z "$(pkglibdir)" || $(MKDIR_P) "$(DESTDIR)$(pkglibdir)"
|
|
||||||
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
|
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
|
||||||
list2=; for p in $$list; do \
|
list2=; for p in $$list; do \
|
||||||
if test -f $$p; then \
|
if test -f $$p; then \
|
||||||
@ -403,6 +424,8 @@ install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
|
|||||||
else :; fi; \
|
else :; fi; \
|
||||||
done; \
|
done; \
|
||||||
test -z "$$list2" || { \
|
test -z "$$list2" || { \
|
||||||
|
echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
|
||||||
|
$(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
|
||||||
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
|
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
|
||||||
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
|
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
|
||||||
}
|
}
|
||||||
@ -935,7 +958,17 @@ uninstall-am: uninstall-pkglibLTLIBRARIES
|
|||||||
|
|
||||||
|
|
||||||
install-exec-hook: $(pkglib_LTLIBRARIES)
|
install-exec-hook: $(pkglib_LTLIBRARIES)
|
||||||
@echo "Removing unused static libraries..."; \
|
@echo "Creating Nginx config file..."; \
|
||||||
|
rm -f ../nginx/modsecurity/config; \
|
||||||
|
echo "ngx_addon_name=ngx_http_modsecurity" >> ../nginx/modsecurity/config; \
|
||||||
|
echo "# HTTP_MODULES=\"\$$HTTP_MODULES ngx_http_modsecurity\"" >> ../nginx/modsecurity/config; \
|
||||||
|
echo "HTTP_HEADERS_FILTER_MODULE=\"ngx_http_modsecurity \$$HTTP_HEADERS_FILTER_MODULE\"" >> ../nginx/modsecurity/config; \
|
||||||
|
echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c\"" >> ../nginx/modsecurity/config;\
|
||||||
|
echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS\"" >> ../nginx/modsecurity/config; \
|
||||||
|
echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \
|
||||||
|
echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \
|
||||||
|
echo "have=REQUEST_EARLY . auto/have" >> ../nginx/modsecurity/config;\
|
||||||
|
echo "Removing unused static libraries..."; \
|
||||||
for m in $(pkglib_LTLIBRARIES); do \
|
for m in $(pkglib_LTLIBRARIES); do \
|
||||||
base=`echo $$m | sed 's/\..*//'`; \
|
base=`echo $$m | sed 's/\..*//'`; \
|
||||||
rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
|
rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user