Cleanup more subrequest code.

Do not run with subrequests in phase 3-4. Still need to look at phase 5 to see what I can cleanup there. See #135.
2025-08-13 21:36:00 +03:00 · 2007-09-26 21:46:06 +00:00 · 2007-09-26 21:46:06 +00:00 · 5022ddcadf
commit 5022ddcadf
parent 86c9a9bf1f
2 changed files with 32 additions and 43 deletions
--- a/2
+++ b/2
@ -2,7 +2,7 @@
 ?? ??? 2007 - 2.5.0-dev3
 ------------------------
- * Do not process subrequests in phase 2.
+ * Do not process subrequests in phase 2-4.
 * Fixed deprecatevar:var=N/S action so that it decrements N every S seconds
   as documented instead of decrementing by a rate.
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@ -61,26 +61,9 @@ int perform_interception(modsec_rec *msr) {
    msre_actionset *actionset = NULL;
    const char *message = NULL;
    const char *phase_text = "";
    const char *intreq_text = "";
    int is_initial_req = ap_is_initial_req(msr->r);
    int status = DECLINED;
    int log_level = 1;
    /* Check for an initial request */
    if (is_initial_req != 1) {
        if (msr->r->main != NULL) {
            intreq_text = "Sub-Request: ";
        }
        else if (msr->r->prev != NULL) {
            intreq_text = "Internal Redirect: ";
        }
        else {
            intreq_text = "Internal Request: ";
        }
    }
    /* Sanity checks first. */
    if (msr->was_intercepted == 0) {
@ -103,10 +86,10 @@ int perform_interception(modsec_rec *msr) {
     * if a nolog action was used or this is not the initial request
     * to hide the message.
     */
-    log_level = ((actionset->log != 1) || (is_initial_req != 1)) ? 4 : 1;
+    log_level = (actionset->log != 1) ? 4 : 1;
    /* Pause the request first (if configured and the initial request). */
-    if (actionset->intercept_pause && (is_initial_req == 1)) {
+    if (actionset->intercept_pause) {
        msr_log(msr, (log_level > 3 ? log_level : log_level + 1), "Pausing transaction for "
            "%i msec.", actionset->intercept_pause);
        /* apr_sleep accepts microseconds */
@ -118,14 +101,14 @@ int perform_interception(modsec_rec *msr) {
        case ACTION_DENY :
            if (actionset->intercept_status != 0) {
                status = actionset->intercept_status;
-                message = apr_psprintf(msr->mp, "%sAccess denied with code %i%s.",
+                message = apr_psprintf(msr->mp, "Access denied with code %i%s.",
-                    intreq_text, status, phase_text);
+                    status, phase_text);
            } else {
                log_level = 1;
                status = HTTP_INTERNAL_SERVER_ERROR;
-                message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+                message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                    "(Internal Error: Invalid status code requested %i).",
-                    intreq_text, phase_text, actionset->intercept_status);
+                    phase_text, actionset->intercept_status);
            }
            break;
@ -134,25 +117,25 @@ int perform_interception(modsec_rec *msr) {
                if (ap_find_linked_module("mod_proxy.c") == NULL) {
                    log_level = 1;
                    status = HTTP_INTERNAL_SERVER_ERROR;
-                    message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+                    message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                        "(Configuration Error: Proxy action to %s requested but mod_proxy not found).",
-                        intreq_text, phase_text,
+                        phase_text,
                        log_escape_nq(msr->mp, actionset->intercept_uri));
                } else {
                    msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri);
                    msr->r->proxyreq = PROXYREQ_REVERSE;
                    msr->r->handler = "proxy-server";
                    status = OK;
-                    message = apr_psprintf(msr->mp, "%sAccess denied using proxy to%s %s.",
+                    message = apr_psprintf(msr->mp, "Access denied using proxy to%s %s.",
-                        intreq_text, phase_text,
+                        phase_text,
                        log_escape_nq(msr->mp, actionset->intercept_uri));
                }
            } else {
                log_level = 1;
                status = HTTP_INTERNAL_SERVER_ERROR;
-                message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+                message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                    "(Configuration Error: Proxy action requested but it does not work in output phases).",
-                    intreq_text, phase_text);
+                    phase_text);
            }
            break;
@ -169,30 +152,30 @@ int perform_interception(modsec_rec *msr) {
                if (csd) {
                    if (apr_socket_close(csd) == APR_SUCCESS) {
                        status = HTTP_FORBIDDEN;
-                        message = apr_psprintf(msr->mp, "%sAccess denied with connection close%s.",
+                        message = apr_psprintf(msr->mp, "Access denied with connection close%s.",
-                            intreq_text, phase_text);
+                            phase_text);
                    } else {
                        log_level = 1;
                        status = HTTP_INTERNAL_SERVER_ERROR;
-                        message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+                        message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                            "(Error: Connection drop requested but failed to close the "
                            " socket).",
-                            intreq_text, phase_text);
+                            phase_text);
                    }
                } else {
                    log_level = 1;
                    status = HTTP_INTERNAL_SERVER_ERROR;
-                    message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+                    message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                        "(Error: Connection drop requested but socket not found.",
-                        intreq_text, phase_text);
+                        phase_text);
                }
            }
            #else
            log_level = 1;
            status = HTTP_INTERNAL_SERVER_ERROR;
-            message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+            message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                "(Error: Connection drop not implemented on this platform).",
-                intreq_text, phase_text);
+                phase_text);
            #endif
            break;
@ -205,25 +188,24 @@ int perform_interception(modsec_rec *msr) {
            } else {
                status = HTTP_MOVED_TEMPORARILY;
            }
-            message = apr_psprintf(msr->mp, "%sAccess denied with redirection to %s using "
+            message = apr_psprintf(msr->mp, "Access denied with redirection to %s using "
                "status %i%s.",
                intreq_text,
                log_escape_nq(msr->mp, actionset->intercept_uri), status,
                phase_text);
            break;
        case ACTION_ALLOW :
            status = DECLINED;
-            message = apr_psprintf(msr->mp, "%sAccess allowed%s.", intreq_text, phase_text);
+            message = apr_psprintf(msr->mp, "Access allowed%s.", phase_text);
            msr->was_intercepted = 0;
            break;
        default :
            log_level = 1;
            status = HTTP_INTERNAL_SERVER_ERROR;
-            message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
+            message = apr_psprintf(msr->mp, "Access denied with code 500%s "
                "(Internal Error: invalid interception action %i).",
-                intreq_text, phase_text, actionset->intercept_action);
+                phase_text, actionset->intercept_action);
            break;
    }
@ -897,6 +879,13 @@ static int hook_log_transaction(request_rec *r) {
 static void hook_insert_filter(request_rec *r) {
    modsec_rec *msr = NULL;
    /* This function needs to run only once per transaction
     * (i.e. subrequests and redirects are excluded).
     */
    if ((r->main != NULL)||(r->prev != NULL)) {
        return;
    }
    /* Find the transaction context first. */
    msr = retrieve_tx_context(r);
    if (msr == NULL) return;