github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-58

Browse Source
This commit is contained in:
Breno Silva
2013-03-01 07:58:12 -04:00
parent 2472dcb541
commit 5fefb6a2cf
3 changed files with 102 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
apache2/apache2_config.c
View File

@@ -2796,15 +2796,28 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
#define CMD_SCOPE_MAIN (RSRC_CONF) #define CMD_SCOPE_MAIN (RSRC_CONF)
#define CMD_SCOPE_ANY (RSRC_CONF | ACCESS_CONF) #define CMD_SCOPE_ANY (RSRC_CONF | ACCESS_CONF)
#if defined(HTACCESS_CONFIG)
#define CMD_SCOPE_HTACCESS (OR_OPTIONS)
#endif
const command_rec module_directives[] = { const command_rec module_directives[] = {
#ifdef HTACCESS_CONFIG
AP_INIT_TAKE1 (
"SecAction",
cmd_action,
NULL,
CMD_SCOPE_HTACCESS,
"an action list"
),
#else
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecAction", "SecAction",
cmd_action, cmd_action,
NULL, NULL,
CMD_SCOPE_ANY, CMD_SCOPE_ANY,
"an action list" "an action list"
), #endif
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecArgumentSeparator", "SecArgumentSeparator",
@@ -3183,6 +3196,15 @@ const command_rec module_directives[] = {
"clears the list of MIME types that will be buffered on output" "clears the list of MIME types that will be buffered on output"
), ),
#ifdef HTACCESS_CONFIG
AP_INIT_TAKE23 (
"SecRule",
cmd_rule,
NULL,
CMD_SCOPE_HTACCESS,
"rule target, operator and optional action list"
),
#else
AP_INIT_TAKE23 ( AP_INIT_TAKE23 (
"SecRule", "SecRule",
cmd_rule, cmd_rule,
@@ -3190,6 +3212,7 @@ const command_rec module_directives[] = {
CMD_SCOPE_ANY, CMD_SCOPE_ANY,
"rule target, operator and optional action list" "rule target, operator and optional action list"
), ),
#endif
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecRuleEngine", "SecRuleEngine",
@@ -3215,6 +3238,31 @@ const command_rec module_directives[] = {
"rule script and optional actionlist" "rule script and optional actionlist"
), ),
#ifdef HTACCESS_CONFIG
AP_INIT_ITERATE (
"SecRuleRemoveById",
cmd_rule_remove_by_id,
NULL,
CMD_SCOPE_HTACCESS,
"rule ID for removal"
),
AP_INIT_ITERATE (
"SecRuleRemoveByTag",
cmd_rule_remove_by_tag,
NULL,
CMD_SCOPE_HTACCESS,
"rule tag for removal"
),
AP_INIT_ITERATE (
"SecRuleRemoveByMsg",
cmd_rule_remove_by_msg,
NULL,
CMD_SCOPE_HTACCESS,
"rule message for removal"
),
#else
AP_INIT_ITERATE ( AP_INIT_ITERATE (
"SecRuleRemoveById", "SecRuleRemoveById",
cmd_rule_remove_by_id, cmd_rule_remove_by_id,
@@ -3238,6 +3286,7 @@ const command_rec module_directives[] = {
CMD_SCOPE_ANY, CMD_SCOPE_ANY,
"rule message for removal" "rule message for removal"
), ),
#endif
AP_INIT_TAKE2 ( AP_INIT_TAKE2 (
"SecHashMethodPm", "SecHashMethodPm",
@@ -3255,6 +3304,39 @@ const command_rec module_directives[] = {
"Hash method and regex" "Hash method and regex"
), ),
#ifdef HTACCESS_CONFIG
AP_INIT_TAKE2 (
"SecRuleUpdateActionById",
cmd_rule_update_action_by_id,
NULL,
CMD_SCOPE_HTACCESS,
"updated action list"
),
AP_INIT_TAKE23 (
"SecRuleUpdateTargetById",
cmd_rule_update_target_by_id,
NULL,
CMD_SCOPE_HTACCESS,
"updated target list"
),
AP_INIT_TAKE23 (
"SecRuleUpdateTargetByTag",
cmd_rule_update_target_by_tag,
NULL,
CMD_SCOPE_HTACCESS,
"rule tag pattern and updated target list"
),
AP_INIT_TAKE23 (
"SecRuleUpdateTargetByMsg",
cmd_rule_update_target_by_msg,
NULL,
CMD_SCOPE_HTACCESS,
"rule message pattern and updated target list"
),
#else
AP_INIT_TAKE2 ( AP_INIT_TAKE2 (
"SecRuleUpdateActionById", "SecRuleUpdateActionById",
cmd_rule_update_action_by_id, cmd_rule_update_action_by_id,
@@ -3286,7 +3368,7 @@ const command_rec module_directives[] = {
CMD_SCOPE_ANY, CMD_SCOPE_ANY,
"rule message pattern and updated target list" "rule message pattern and updated target list"
), ),
#endif
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecServerSignature", "SecServerSignature",

2
apache2/re.c
View File

@@ -161,7 +161,7 @@ char *msre_ruleset_rule_update_target_matching_exception(modsec_rec *msr, msre_r
char *err; char *err;
if(ruleset == NULL) if(ruleset == NULL)
return apr_psprintf(ruleset->mp, "No ruleset present"); return NULL;
if(p2 == NULL) { if(p2 == NULL) {
return apr_psprintf(ruleset->mp, "Trying to update without a target"); return apr_psprintf(ruleset->mp, "Trying to update without a target");

18
configure.ac
View File

@@ -355,6 +355,22 @@ AC_ARG_ENABLE(lua-cache,
lua_cache= lua_cache=
]) ])
# Enable phase-1 in post_read_request
AC_ARG_ENABLE(htaccess-config,
AS_HELP_STRING([--enable-htaccess-config],
[Enable some mod_security directives into htaccess files.]),
[
if test "$enableval" != "no"; then
htaccess_config="-DHTACCESS_CONFIG"
MODSEC_EXTRA_CFLAGS="$MODSEC_EXTRA_CFLAGS $htaccess_config"
else
htaccess_config=
fi
],
[
htaccess_config=
])
# Enable phase-1 in post_read_request # Enable phase-1 in post_read_request
AC_ARG_ENABLE(request-early, AC_ARG_ENABLE(request-early,
AS_HELP_STRING([--enable-request-early], AS_HELP_STRING([--enable-request-early],
@@ -634,7 +650,7 @@ else
fi fi
fi fi
MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type" MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type"
APXS_WRAPPER=build/apxs-wrapper APXS_WRAPPER=build/apxs-wrapper
APXS_EXTRA_CFLAGS="" APXS_EXTRA_CFLAGS=""