github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Nginx: fixed SecRequestBodyAccess

Browse Source
This commit is contained in:
Breno Silva
2013-01-30 16:51:42 -04:00
parent 154e80750e
commit 4a8e536b0b
3 changed files with 25 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
nginx/modsecurity/ngx_http_modsecurity.c
View File

@@ -407,11 +407,11 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r)
static void static void
ngx_http_modsecurity_body_handler(ngx_http_request_t *r) ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
{ {
ngx_http_modsecurity_ctx_t *ctx; ngx_http_modsecurity_ctx_t *ctx = NULL;
ngx_int_t rc; ngx_int_t rc = DECLINED;
apr_off_t content_length; apr_off_t content_length;
ngx_str_t *str; ngx_str_t *str = NULL;
ngx_buf_t *buf; ngx_buf_t *buf = NULL;
if (r->request_body == NULL || r->request_body->bufs == NULL) { if (r->request_body == NULL || r->request_body->bufs == NULL) {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: request body empty"); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: request body empty");
@@ -434,11 +434,11 @@ ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
modsecSetBodyBrigade(ctx->req, ctx->brigade); modsecSetBodyBrigade(ctx->req, ctx->brigade);
if(modsecIsRequestBodyAccessEnabled(ctx->req))
rc = modsecProcessRequestBody(ctx->req); rc = modsecProcessRequestBody(ctx->req);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc);
if (rc != DECLINED) { if (rc != DECLINED) {
/* Nginx and Apache share same response code */ /* Nginx and Apache share same response code */
if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) { if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) {
rc = NGX_HTTP_INTERNAL_SERVER_ERROR; rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
@@ -451,13 +451,11 @@ ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
if (buf == NULL){ if (buf == NULL){
return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
} }
if (apr_brigade_flatten(ctx->brigade, (char *)buf->pos, (apr_size_t *)&content_length) != APR_SUCCESS) { if (apr_brigade_flatten(ctx->brigade, (char *)buf->pos, (apr_size_t *)&content_length) != APR_SUCCESS) {
return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
} }
apr_brigade_cleanup(ctx->brigade); apr_brigade_cleanup(ctx->brigade);
buf->last += content_length; buf->last += content_length;
r->header_in = buf; r->header_in = buf;
@@ -471,7 +469,6 @@ ngx_http_modsecurity_body_handler(ngx_http_request_t *r)
} }
r->headers_in.content_length_n = content_length; r->headers_in.content_length_n = content_length;
r->phase_handler++; r->phase_handler++;
ngx_http_core_run_phases(r); ngx_http_core_run_phases(r);
ngx_http_finalize_request(r, NGX_DONE); ngx_http_finalize_request(r, NGX_DONE);

10
standalone/api.c
View File

@@ -530,6 +530,16 @@ void modsecSetConfigForIISRequestBody(request_rec *r)
msr->txcfg->stream_inbody_inspection = 1; msr->txcfg->stream_inbody_inspection = 1;
} }
int modsecIsRequestBodyAccessEnabled(request_rec *r)
{
modsec_rec *msr = retrieve_msr(r);
if(msr == NULL || msr->txcfg == NULL)
return 0;
return msr->txcfg->reqbody_access;
}
int modsecIsResponseBodyAccessEnabled(request_rec *r) int modsecIsResponseBodyAccessEnabled(request_rec *r)
{ {
modsec_rec *msr = retrieve_msr(r); modsec_rec *msr = retrieve_msr(r);

1
standalone/api.h
View File

@@ -110,6 +110,7 @@ void modsecSetWriteResponse(apr_status_t (*func)(request_rec *r, char *buf, unsi
void modsecSetDropAction(int (*func)(request_rec *r)); void modsecSetDropAction(int (*func)(request_rec *r));
int modsecIsResponseBodyAccessEnabled(request_rec *r); int modsecIsResponseBodyAccessEnabled(request_rec *r);
int modsecIsRequestBodyAccessEnabled(request_rec *r);
void modsecSetConfigForIISRequestBody(request_rec *r); void modsecSetConfigForIISRequestBody(request_rec *r);