From 40b6cd3ebefc3975bc89d80fd98f2db277829811 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Tue, 29 Jul 2008 05:47:14 +0000
Subject: [PATCH] Cleanup.  See #364.

---
 apache2/apache2_config.c                            |  2 +-
 apache2/modsecurity.c                               |  1 -
 apache2/modsecurity.h                               |  1 -
 apache2/re.c                                        | 12 +++++++++---
 apache2/t/regression/misc/10-tfn-cache.t            |  4 ++--
 apache2/t/regression/server_root/conf/httpd.conf.in |  2 ++
 doc/modsecurity2-apache-reference.xml               |  2 +-
 7 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index 389209ff..78f91762 100644
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -538,7 +538,7 @@ void init_directory_config(directory_config *dcfg) {
     if (dcfg->cache_trans_incremental == NOT_SET) dcfg->cache_trans_incremental = 0;
     if (dcfg->cache_trans_min == (apr_size_t)NOT_SET) dcfg->cache_trans_min = 32;
     if (dcfg->cache_trans_max == (apr_size_t)NOT_SET) dcfg->cache_trans_max = 1024;
-    if (dcfg->cache_trans_maxitems == (apr_size_t)NOT_SET) dcfg->cache_trans_maxitems = 1024;
+    if (dcfg->cache_trans_maxitems == (apr_size_t)NOT_SET) dcfg->cache_trans_maxitems = 512;
 
     if (dcfg->request_encoding == NOT_SET_P) dcfg->request_encoding = NULL;
 }
diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c
index ed9c1da7..685e9fbe 100644
--- a/apache2/modsecurity.c
+++ b/apache2/modsecurity.c
@@ -314,7 +314,6 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
     /* Other */
     msr->tcache = NULL;
     msr->tcache_items = 0;
-    msr->tcache_limit_warn = 0;
 
     msr->matched_rules = apr_array_make(msr->mp, 16, sizeof(void *));
     if (msr->matched_rules == NULL) return -1;
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index fc981bf1..159a2fe3 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -366,7 +366,6 @@ struct modsec_rec {
     /* data cache */
     apr_hash_t          *tcache;
     apr_size_t           tcache_items;
-    int                  tcache_limit_warn;
 
     /* removed rules */
     apr_array_header_t  *removed_rules;
diff --git a/apache2/re.c b/apache2/re.c
index 2d60c901..2c572c9b 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -2149,9 +2149,15 @@ static apr_status_t msre_rule_process_normal(msre_rule *rule, modsec_rec *msr) {
                     if ((msr->txcfg->cache_trans_maxitems != 0) &&
                         (msr->tcache_items >= msr->txcfg->cache_trans_maxitems))
                     {
-                        msr_log(msr, 4, "CACHE: Disabled - maxitems=%" APR_SIZE_T_FMT
-                                        " limit reached.",
-                                        msr->txcfg->cache_trans_maxitems);
+                        /* Warn only once if we attempt to go over the cache limit. */
+                        if (msr->tcache_items == msr->txcfg->cache_trans_maxitems) {
+                            msr->tcache_items++;
+                            msr_log(msr, 4, "CACHE: Disabled - phase=%d"
+                                            " maxitems=%" APR_SIZE_T_FMT
+                                            " limit reached.",
+                                            msr->phase,
+                                            msr->txcfg->cache_trans_maxitems);
+                        }
                     }
                     else if (msr->txcfg->cache_trans_incremental ||
                         (tfnsnum == tarr->nelts))
diff --git a/apache2/t/regression/misc/10-tfn-cache.t b/apache2/t/regression/misc/10-tfn-cache.t
index 4a8979d8..62ebfb77 100644
--- a/apache2/t/regression/misc/10-tfn-cache.t
+++ b/apache2/t/regression/misc/10-tfn-cache.t
@@ -166,8 +166,8 @@
 		SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny"
 	),
 	match_log => {
-		debug => [ qr/Adding request argument \(BODY\): name "test", value "foobar"/, 15 ],
-		-error => [ qr/segmentation fault/i, 15 ],
+		debug => [ qr/Adding request argument \(BODY\): name "test", value "foobar"/, 60 ],
+		-error => [ qr/segmentation fault/i, 60 ],
 	},
 	match_response => {
 		status => qr/^403$/,
diff --git a/apache2/t/regression/server_root/conf/httpd.conf.in b/apache2/t/regression/server_root/conf/httpd.conf.in
index 7d45cdbf..6e6109b7 100644
--- a/apache2/t/regression/server_root/conf/httpd.conf.in
+++ b/apache2/t/regression/server_root/conf/httpd.conf.in
@@ -23,6 +23,8 @@
 
 ServerName localhost
 
+CoreDumpDirectory @MSC_REGRESSION_SERVERROOT_DIR@/tmp
+
 LogLevel debug
 ErrorLog @MSC_REGRESSION_LOGS_DIR@/error.log
 
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index e095c1d0..db8f94b6 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -909,7 +909,7 @@ SecAuditLogStorageDir logs/audit
           more than N transformations to be cached. The cache will then be
           disabled. A zero value is interpreted as "unlimited". This option
           may be useful to limit caching for a form with a large number of
-          ARGS.  (default: 1024)</para>
+          ARGS.  (default: 512)</para>
         </listitem>
 
         <listitem>