github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Stricter configuration parsing. See #66 and #429.

Browse Source
This commit is contained in:
brectanus
2007-12-14 22:45:01 +00:00
parent cd51a10046
commit 476684e6ec
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
apache2/apache2_config.c
View File

@@ -554,21 +554,24 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, const char *
if (dcfg->tmp_default_actionset == NULL) return FATAL_ERROR;
}
/* Merge actions with the parent. */
rule->actionset = msre_actionset_merge(modsecurity->msre, dcfg->tmp_default_actionset,
rule->actionset, 1);
/* Check some cases prior to merging so we know where it came from */
/* Must NOT specify a disruptive action in logging phase. */
if (rule->actionset->phase == PHASE_LOGGING && (rule->actionset->intercept_action != ACTION_ALLOW && rule->actionset->intercept_action != ACTION_NONE)) {
return apr_psprintf(cmd->pool, "ModSecurity: Disruptive actions "
"cannot be specified in the logging phase. %d", rule->actionset->intercept_action);
}
/* Check syntax for chained rules */
if (dcfg->tmp_chain_starter != NULL) {
/* This rule is part of a chain. */
/* Must NOT specify a disruptive action. */
if (rule->actionset->intercept_action == NOT_SET) {
if (rule->actionset->intercept_action != NOT_SET) {
return apr_psprintf(cmd->pool, "ModSecurity: Disruptive actions can only "
"be specified by chain starter rules.");
}
/* Must NOT specify a phase. */
if (rule->actionset->phase == NOT_SET) {
if (rule->actionset->phase != NOT_SET) {
return apr_psprintf(cmd->pool, "ModSecurity: Execution phases can only be "
"specified by chain starter rules.");
}
@@ -593,6 +596,13 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, const char *
rule->actionset->phase = rule->chain_starter->actionset->phase;
}
/* Merge actions with the parent.
*
* ENH Probably do not want this done fully for chained rules.
*/
rule->actionset = msre_actionset_merge(modsecurity->msre, dcfg->tmp_default_actionset,
rule->actionset, 1);
if (rule->actionset->is_chained != 1) {
/* If this rule is part of the chain but does
* not want more rules to follow in the chain