diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index c8b3b1b5..65295326 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -215,13 +215,18 @@ class Transaction { const char *m_serverIpAddress; /** - * Holds the raw URI that was requestd. + * Holds the raw URI that was requested. */ const char *m_uri; + /** + * Holds the URI that was requests (without the query string). + */ + std::string m_uri_no_query_string_decoded; + /** * Holds the combined size of all arguments, later used to fill the - * variable ARGS_COMBINED_SIZE. + * variable ARGS_COMBINED_SIZE. */ double m_ARGScombinedSize; diff --git a/src/rule_message.cc b/src/rule_message.cc index 0d0d8262..4dbfaffb 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -45,7 +45,7 @@ std::string RuleMessage::errorLog(Transaction *trans) { } msg.append(" [hostname \"" + std::string(trans->m_serverIpAddress) \ + "\"]"); - msg.append(" [uri \"" + std::string(trans->m_uri) + "\"]"); + msg.append(" [uri \"" + trans->m_uri_no_query_string_decoded + "\"]"); msg.append(" [unique_id \"" + trans->m_id + "\"]"); return modsecurity::utils::string::toHexIfNeeded(msg); diff --git a/src/transaction.cc b/src/transaction.cc index 7e652bf8..92a7c36f 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -102,6 +102,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData) m_clientPort(0), m_serverPort(0), m_uri(""), + m_uri_no_query_string_decoded(""), m_method(""), m_httpVersion(""), m_rules(rules), @@ -384,6 +385,12 @@ int Transaction::processURI(const char *uri, const char *method, m_collections.store("REQUEST_LINE", std::string(method) + " " + std::string(uri) + " HTTP/" + std::string(http_version)); + if (pos != std::string::npos) { + m_uri_no_query_string_decoded = std::string(m_uri_decoded, 0, pos); + } else { + m_uri_no_query_string_decoded = std::string(m_uri_decoded); + } + if (pos_raw != std::string::npos) { m_collections.store("QUERY_STRING", std::string(uri_s, pos_raw + 1, uri_s.length() - (pos_raw + 1)));