Make a severity in a default action just a warning instead of a fatal error.

2026-01-13 06:37:06 +03:00 · 2008-03-04 22:55:39 +00:00
parent abbab078d5
commit 20274563fb
4 changed files with 16 additions and 7 deletions
--- a/4
+++ b/4
@@ -1,6 +1,8 @@
-03 Mar 2008 - 2.5.1-rc1
+04 Mar 2008 - 2.5.1-rc1
 -----------------------

+ * Using "severity" in a default action is now just a warning.
+
 * Cleaned up the "make test" target to better locate headers/libraries.

 * Now search /usr/lib64 and /usr/lib32 for lua libs.
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -1120,13 +1120,20 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg, const char *p
    /* ENH: loop through to check for tags */
    if ((dcfg->tmp_default_actionset->id != NOT_SET_P)
        ||(dcfg->tmp_default_actionset->rev != NOT_SET_P)
-        ||(dcfg->tmp_default_actionset->msg != NOT_SET_P)
-        ||(dcfg->tmp_default_actionset->severity != NOT_SET)
-        ||(dcfg->tmp_default_actionset->logdata != NOT_SET_P))
+        ||(dcfg->tmp_default_actionset->msg != NOT_SET_P))
    {
        return apr_psprintf(cmd->pool, "ModSecurity: SecDefaultAction must not "
            "contain any metadata actions (id, rev, msg, tag, severity, logdata).");
    }
+    /* These are just a warning for now. */
+    if ((dcfg->tmp_default_actionset->severity != NOT_SET)
+        ||(dcfg->tmp_default_actionset->logdata != NOT_SET_P))
+    {
+        ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
+            "ModSecurity: WARNING SecDefaultAction \"%s\" should not "
+            "contain a severity or logdata action (%s:%d).",
+            p1, cmd->directive->filename, cmd->directive->line_num);
+    }

    /* Must not use chain. */
    if (dcfg->tmp_default_actionset->is_chained != NOT_SET) {
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -63,8 +63,8 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
 #define MODSEC_VERSION_MAJOR       "2"
 #define MODSEC_VERSION_MINOR       "5"
 #define MODSEC_VERSION_MAINT       "0"
-#define MODSEC_VERSION_TYPE        ""
-#define MODSEC_VERSION_RELEASE     ""
+#define MODSEC_VERSION_TYPE        "-rc"
+#define MODSEC_VERSION_RELEASE     "1"

 #define MODULE_NAME "ModSecurity for Apache"

--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -4,7 +4,7 @@
  Manual</title>

  <articleinfo>
-    <releaseinfo>Version 2.5.1-rc1 (March 03, 2008)</releaseinfo>
+    <releaseinfo>Version 2.5.1-rc1 (March 04, 2008)</releaseinfo>

    <copyright>
      <year>2004-2008</year>