github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Places connection filter engine in a separated configuration

Browse Source 
Different from the Rules or other options, the connections filters are applied
to entire server, not to a single vhost, or so. In order to keep it clear to
the user this patches adds "SecConnectionEngine" which works in the same way
that SecRuleEngine does.
This commit is contained in:
Felipe Zimmerle 2013-11-01 06:22:04 -07:00
parent a15f8813e9
commit 48d85c7d6e
2 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
apache2/apache2_config.c
View File

@ -2141,6 +2141,34 @@ static const char *cmd_rule(cmd_parms *cmd, void *_dcfg,
return add_rule(cmd, (directory_config *)_dcfg, RULE_TYPE_NORMAL, p1, p2, p3); return add_rule(cmd, (directory_config *)_dcfg, RULE_TYPE_NORMAL, p1, p2, p3);
} }
static const char *cmd_sever_conn_filters_engine(cmd_parms *cmd, void *_dcfg,
const char *p1)
{
directory_config *dcfg = (directory_config *)_dcfg;
if (dcfg == NULL) return NULL;
if (strcasecmp(p1, "on") == 0)
{
conn_limits_filter_state = MODSEC_ENABLED;
}
else if (strcasecmp(p1, "off") == 0)
{
conn_limits_filter_state = MODSEC_DISABLED;
}
else if (strcasecmp(p1, "detectiononly") == 0)
{
conn_limits_filter_state = MODSEC_DETECTION_ONLY;
}
else
{
return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
"SecConnectionEngine: %s", p1);
}
return NULL;
}
static const char *cmd_rule_engine(cmd_parms *cmd, void *_dcfg, const char *p1) static const char *cmd_rule_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
{ {
directory_config *dcfg = (directory_config *)_dcfg; directory_config *dcfg = (directory_config *)_dcfg;
@ -2167,8 +2195,6 @@ static const char *cmd_rule_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
"SecRuleEngine: %s", p1); "SecRuleEngine: %s", p1);
} }
conn_limits_filter_state = dcfg->is_enabled;
return NULL; return NULL;
} }
@ -3411,6 +3437,14 @@ const command_rec module_directives[] = {
"On or Off" "On or Off"
), ),
AP_INIT_TAKE1 (
"SecConnectionEngine",
cmd_sever_conn_filters_engine,
NULL,
CMD_SCOPE_ANY,
"On or Off"
),
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecXmlExternalEntity", "SecXmlExternalEntity",
cmd_xml_external_entity, cmd_xml_external_entity,

2
apache2/mod_security2.c
View File

@ -63,7 +63,7 @@ unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED; int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
int DSOLOCAL conn_limits_filter_state = 0; int DSOLOCAL conn_limits_filter_state = MODSEC_DISABLED;
unsigned long int DSOLOCAL conn_read_state_limit = 0; unsigned long int DSOLOCAL conn_read_state_limit = 0;
TreeRoot DSOLOCAL *conn_read_state_whitelist = 0; TreeRoot DSOLOCAL *conn_read_state_whitelist = 0;