diff --git a/CHANGES b/CHANGES index 0d7e6d33..df99f262 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ ?? ??? 2007 - 2.2.0-trunk ------------------------- + * Do not try to intercept a request after a failed rule. This fixes the + issue associated with an "Internal Error: Asked to intercept request + but was_intercepted is zero" error message. + * Removed extraneous exported symbols. * Merged the PDF XSS protection functionality into ModSecurity. diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index db9d9918..34b25771 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -531,7 +531,7 @@ static int hook_request_early(request_rec *r) { /* Process phase REQUEST_HEADERS */ rc = DECLINED; - if (modsecurity_process_phase(msr, PHASE_REQUEST_HEADERS)) { + if (modsecurity_process_phase(msr, PHASE_REQUEST_HEADERS) > 0) { rc = perform_interception(msr); } @@ -649,7 +649,7 @@ static int hook_request_late(request_rec *r) { record_time_checkpoint(msr, 1); rc = DECLINED; - if (modsecurity_process_phase(msr, PHASE_REQUEST_BODY)) { + if (modsecurity_process_phase(msr, PHASE_REQUEST_BODY) > 0) { rc = perform_interception(msr); } diff --git a/apache2/re.c b/apache2/re.c index c26d479c..cd630a70 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -639,7 +639,7 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) arr = ruleset->phase_logging; break; default : - /* ENH Log a warning message here. */ + msr_log(msr, 1, "Internal Error: Invalid phase %d", msr->phase); return -1; } @@ -777,8 +777,12 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) } } } + else if (rc < 0) { + msr_log(msr, 1, "Rule processing failed."); + return -1; + } else { - msr_log(msr, 1, "Unknown rule processing return code: %i.", rc); + msr_log(msr, 1, "Rule processing failed with unknown return code: %i.", rc); return -1; } }