github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Nginx: fixed SecRequestBodyAccess

Browse Source
This commit is contained in:
Breno Silva 2013-01-30 16:51:42 -04:00
parent 154e80750e
commit 4a8e536b0b
3 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nginx/modsecurity/ngx_http_modsecurity.c
View File

@ -387,7 +387,7 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r)
return NGX_DONE;
}
/* other method */
rc = modsecProcessRequestBody(ctx->req);
rc = modsecProcessRequestBody(ctx->req);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc);
}
@ -407,11 +407,11 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r)
static void
ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
ngx_int_t rc;
ngx_http_modsecurity_ctx_t *ctx = NULL;
ngx_int_t rc = DECLINED;
apr_off_t content_length;
ngx_str_t *str;
ngx_buf_t *buf;
ngx_str_t *str = NULL;
ngx_buf_t *buf = NULL;
if (r->request_body == NULL || r->request_body->bufs == NULL) {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: request body empty");
@ -433,12 +433,12 @@ ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
r->request_body = NULL;
modsecSetBodyBrigade(ctx->req, ctx->brigade);
rc = modsecProcessRequestBody(ctx->req);
if(modsecIsRequestBodyAccessEnabled(ctx->req))
rc = modsecProcessRequestBody(ctx->req);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc);
if (rc != DECLINED) {
/* Nginx and Apache share same response code */
if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) {
rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
@ -451,13 +451,11 @@ ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
if (buf == NULL){
return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
}
if (apr_brigade_flatten(ctx->brigade, (char *)buf->pos, (apr_size_t *)&content_length) != APR_SUCCESS) {
return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
}
apr_brigade_cleanup(ctx->brigade);
buf->last += content_length;
r->header_in = buf;
@ -469,9 +467,8 @@ ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
}
str->len = ngx_snprintf(str->data, NGX_OFF_T_LEN, "%O", content_length) - str->data;
}
r->headers_in.content_length_n = content_length;
r->phase_handler++;
ngx_http_core_run_phases(r);
ngx_http_finalize_request(r, NGX_DONE);

20
standalone/api.c
View File

@ -521,13 +521,23 @@ int modsecProcessRequestBody(request_rec *r) {
void modsecSetConfigForIISRequestBody(request_rec *r)
{
modsec_rec *msr = retrieve_msr(r);
modsec_rec *msr = retrieve_msr(r);
if(msr == NULL || msr->txcfg == NULL)
return;
if(msr == NULL || msr->txcfg == NULL)
return;
if(msr->txcfg->reqbody_access)
msr->txcfg->stream_inbody_inspection = 1;
if(msr->txcfg->reqbody_access)
msr->txcfg->stream_inbody_inspection = 1;
}
int modsecIsRequestBodyAccessEnabled(request_rec *r)
{
modsec_rec *msr = retrieve_msr(r);
if(msr == NULL || msr->txcfg == NULL)
return 0;
return msr->txcfg->reqbody_access;
}
int modsecIsResponseBodyAccessEnabled(request_rec *r)

1
standalone/api.h
View File

@ -110,6 +110,7 @@ void modsecSetWriteResponse(apr_status_t (*func)(request_rec *r, char *buf, unsi
void modsecSetDropAction(int (*func)(request_rec *r));
int modsecIsResponseBodyAccessEnabled(request_rec *r);
int modsecIsRequestBodyAccessEnabled(request_rec *r);
void modsecSetConfigForIISRequestBody(request_rec *r);