Worked around mod_jk issue where a 401 response was not including the WWW-Authentication header (MODSEC-16).

2025-08-13 21:36:00 +03:00 · 2008-09-15 19:51:06 +00:00 · 2008-09-15 19:51:06 +00:00 · 3848ff5b36
commit 3848ff5b36
parent 67c48bfdfb
3 changed files with 23 additions and 1 deletions
--- a/5
+++ b/5
@ -1,6 +1,9 @@
-03 Sep 2008 - trunk
+15 Sep 2008 - trunk
 -------------------

+ * Worked around mod_jk issue where a 401 response was not including the
+   WWW-Authentication header.
+
 * Fixed XML DTD/Schema validation which will now fail after request body
   processing errors, even if the XML parser returns a document tree.

--- a/apache2/apache2_io.c
+++ b/apache2/apache2_io.c
@ -378,6 +378,8 @@ static apr_status_t output_filter_init(modsec_rec *msr, ap_filter_t *f,
            return -1; /* Invalid. */
        }

+        msr->response_content_length = len;
+
        if (len == 0) {
            if (msr->txcfg->debuglog_level >= 4) {
                msr_log(msr, 4, "Output filter: Skipping response since Content-Length is zero.");
@ -676,6 +678,22 @@ apr_status_t output_filter(ap_filter_t *f, apr_bucket_brigade *bb_in) {
                }
            }

+            msr->of_done_reading = 1;
+        }
+        /* ENH: Probably need to make the handlers for this workaround
+         * configurable. */
+        else if (   (strcmp("jakarta-servlet", msr->r->handler) == 0)
+            && APR_BUCKET_IS_FLUSH(bucket)
+            && (APR_BUCKET_NEXT(bucket) == APR_BRIGADE_SENTINEL(bb_in))
+            && (msr->resbody_length == msr->response_content_length))
+        {
+            /* A FLUSH sent as the last bucket in the bridade may indicate
+             * the end of the response for certain modules if the bytes
+             * received match the response C-L header.  In this case, the
+             * FLUSH bucket is interpreted as an EOS.
+             */
+            msr_log(msr, 4, "Output filter: Interpreted FLUSH as EOS for handler \"%s\".", msr->r->handler);
+
            msr->of_done_reading = 1;
        }
    }
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@ -268,6 +268,7 @@ struct modsec_rec {
    const char          *response_protocol;
    apr_table_t         *response_headers;
    unsigned int         response_headers_sent;
+    apr_off_t            response_content_length;
    apr_off_t            bytes_sent;

    /* modsecurity request body processing stuff */