From 20014c808cb6c174def8d759bc04ca2fc90cf36b Mon Sep 17 00:00:00 2001 From: "Felipe \"Zimmerle\" Costa" Date: Sat, 15 Feb 2014 00:29:51 -0200 Subject: [PATCH] Adds modsecStatusEngineCall to standalone API In ModSecurityIIS the configuration is loaded upon the first request is received. In other words, SecStatusEngine value can be only loaded once the first request hit the server, and so, the status function was moved to proceed just after the configuration got loaded. This update is IIS only. --- apache2/mod_security2.c | 2 ++ apache2/msc_status_engine.c | 4 ++-- apache2/msc_status_engine.h | 4 ++++ iis/mymodule.cpp | 3 +++ standalone/api.c | 13 +++++++++++++ standalone/api.h | 4 ++++ 6 files changed, 28 insertions(+), 2 deletions(-) diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index 98315634..2d67b310 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -726,6 +726,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t "Original server signature: %s", real_server_signature); } +#ifndef WIN32 if (status_engine_state != STATUS_ENGINE_DISABLED) { msc_status_engine_call(); } @@ -734,6 +735,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t "Status engine is currently disabled, enable it by set " \ "SecStatusEngine to On."); } +#endif } srand((unsigned int)(time(NULL) * getpid())); diff --git a/apache2/msc_status_engine.c b/apache2/msc_status_engine.c index c073a157..c1b790d8 100644 --- a/apache2/msc_status_engine.c +++ b/apache2/msc_status_engine.c @@ -356,8 +356,8 @@ int msc_status_engine_call (void) { } apr_snprintf(beacon_string, beacon_string_len+1+10+4, - "%s,%s/IIS,%s/%s,%s/%s,%s/%s,%s/%s,%s", - modsec, apache, apr, apr_loaded, pcre, pcre_loaded, lua, lua_loaded, + "%s,IIS,%s/%s,%s/%s,%s/%s,%s/%s,%s", + modsec, apr, apr_loaded, pcre, pcre_loaded, lua, lua_loaded, libxml, libxml_loaded, id); #else beacon_string = malloc(sizeof(char)*(beacon_string_len+1+10)); diff --git a/apache2/msc_status_engine.h b/apache2/msc_status_engine.h index b757e9a9..6b3a7670 100644 --- a/apache2/msc_status_engine.h +++ b/apache2/msc_status_engine.h @@ -21,7 +21,11 @@ #include "apr_optional.h" #include "msc_pcre.h" +#ifndef WIN32 #define STATUS_ENGINE_DNS_IN_BETWEEN_DOTS 32 +#else +#define STATUS_ENGINE_DNS_IN_BETWEEN_DOTS 30 +#endif #define STATUS_ENGINE_DNS_SUFFIX "status.modsecurity.org" diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index e949ca8c..c268f3b0 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -796,6 +796,9 @@ CMyHttpModule::OnBeginRequest( delete path; goto Finished; } + + modsecStatusEngineCall(); + } delete apppath; } diff --git a/standalone/api.c b/standalone/api.c index 8ad67956..88d56f7d 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -701,3 +701,16 @@ const char *modsecIsServerSignatureAvailale(void) { return new_server_signature; } +#ifdef WIN32 +void modsecStatusEngineCall() +{ + if (status_engine_state != STATUS_ENGINE_DISABLED) { + msc_status_engine_call(); + } + else { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "Status engine is currently disabled, enable it by set " \ + "SecStatusEngine to On.\n"); + } +} +#endif \ No newline at end of file diff --git a/standalone/api.h b/standalone/api.h index 60d30733..fa3fa476 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -119,6 +119,10 @@ void modsecSetConfigForIISRequestBody(request_rec *r); const char *modsecIsServerSignatureAvailale(void); +#ifdef WIN32 +void modsecStatusEngineCall(void); +#endif + #ifdef __cplusplus } #endif