diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 2ee70bfe..140401e2 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -2141,6 +2141,34 @@ static const char *cmd_rule(cmd_parms *cmd, void *_dcfg, return add_rule(cmd, (directory_config *)_dcfg, RULE_TYPE_NORMAL, p1, p2, p3); } +static const char *cmd_sever_conn_filters_engine(cmd_parms *cmd, void *_dcfg, + const char *p1) +{ + directory_config *dcfg = (directory_config *)_dcfg; + + if (dcfg == NULL) return NULL; + + if (strcasecmp(p1, "on") == 0) + { + conn_limits_filter_state = MODSEC_ENABLED; + } + else if (strcasecmp(p1, "off") == 0) + { + conn_limits_filter_state = MODSEC_DISABLED; + } + else if (strcasecmp(p1, "detectiononly") == 0) + { + conn_limits_filter_state = MODSEC_DETECTION_ONLY; + } + else + { + return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \ + "SecConnectionEngine: %s", p1); + } + + return NULL; +} + static const char *cmd_rule_engine(cmd_parms *cmd, void *_dcfg, const char *p1) { directory_config *dcfg = (directory_config *)_dcfg; @@ -2167,8 +2195,6 @@ static const char *cmd_rule_engine(cmd_parms *cmd, void *_dcfg, const char *p1) "SecRuleEngine: %s", p1); } - conn_limits_filter_state = dcfg->is_enabled; - return NULL; } @@ -3411,6 +3437,14 @@ const command_rec module_directives[] = { "On or Off" ), + AP_INIT_TAKE1 ( + "SecConnectionEngine", + cmd_sever_conn_filters_engine, + NULL, + CMD_SCOPE_ANY, + "On or Off" + ), + AP_INIT_TAKE1 ( "SecXmlExternalEntity", cmd_xml_external_entity, diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index 8e90e64a..c0240ef5 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -63,7 +63,7 @@ unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0; int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED; -int DSOLOCAL conn_limits_filter_state = 0; +int DSOLOCAL conn_limits_filter_state = MODSEC_DISABLED; unsigned long int DSOLOCAL conn_read_state_limit = 0; TreeRoot DSOLOCAL *conn_read_state_whitelist = 0;