mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Improvements, bug fixes and cleanup from Tom Donavan
This commit is contained in:
parent
f0d6a06a95
commit
6031e7fdae
@ -1,181 +1,191 @@
|
||||
============================================================
|
||||
Build notes for Windows from Tom Donovan
|
||||
============================================================
|
||||
These are the raw build notes from Tom Donovan for building
|
||||
ModSecurity 2.5.12 with Apache httpd 2.2.14 on Windows. Some
|
||||
day these should be incorporated into the official docs, but
|
||||
there has not yet been time, so they are included here in
|
||||
their raw format for now.
|
||||
============================================================
|
||||
=====================================================================
|
||||
MOD_SECURITY 2.6 Command-line Build notes for Windows 4/2/2011
|
||||
=====================================================================
|
||||
|
||||
I build Apache 2.2.14 from source in C:\work\httpd-2.2.14
|
||||
I have a VC9 build of Apache 2.2.14 installed in C:\Apache2214
|
||||
PREREQUISITES:
|
||||
|
||||
My PATH includes VC9 and CMAKE 2.6
|
||||
Microsoft Visual Studio C++ tested with Visual Studio 2008 (aka VC9)
|
||||
|
||||
BEFORE BUILDING - if OpenSSL and Zlib support is desired in LIBXML2 and CURL
|
||||
CMake build system from: http://www.cmake.org/ tested with CMake v2.8.0
|
||||
|
||||
REM #### set an env variable to my Apache build directory
|
||||
SET HTTPD_BUILD=C:\work\httpd-2.2.14
|
||||
Apache 2.2.x from: http://httpd.apache.org/ tested with Apache 2.2.17
|
||||
Apache must be built from source using the same Visual Studio compiler as mod_security.
|
||||
|
||||
REM #### ensure that CURL and LIBXML2 can find the OpenSSL and Zlib includes and libraries that Apache was built with
|
||||
SET INCLUDE=%INCLUDE%;%HTTPD_BUILD%\srclib\openssl\inc32;%HTTPD_BUILD%\srclib\zlib
|
||||
SET LIB=%LIB%;%HTTPD_BUILD%\srclib\openssl\out32dll;%HTTPD_BUILD%\srclib\zlib
|
||||
PCRE Perl Compatible Regular Expression library from: http://www.pcre.org/ tested with PCRE v8.12
|
||||
|
||||
REM #### ensure that CURL doesn't use the static zlib library: zlib.lib. Force it to use zdll.lib instead, which points to zlib1.dll
|
||||
IF EXIST %HTTPD_BUILD%\srclib\zlib\zlib.lib DEL %HTTPD_BUILD%\srclib\zlib\zlib.lib
|
||||
LibXML2 from: http://xmlsoft.org/ tested with LibXML2 v2.7.7
|
||||
Note that LibXML2 v2.7.8 does not build correctly for Windows
|
||||
|
||||
BUILD PCRE-7.9
|
||||
Lua Scripting Language from: http://www.lua.org/ tested with Lua v5.1.4
|
||||
|
||||
Downloaded pcre-7.9.tar.gz from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
|
||||
untar'd into C:\work\ creating C:\work\pcre-7.9
|
||||
cURL multiprotocol file transfer library from: http://curl.haxx.se/ tested with cURL v7.21.4
|
||||
|
||||
CD C:\work\pcre-7.9
|
||||
|
||||
BEFORE BUILDING
|
||||
|
||||
The directory where you build software from source ( C:\work in this exmaple)
|
||||
must contain the Apache source you used to build the Apache web serverand the mod_security source
|
||||
|
||||
Apache source is in C:\work\httpd-2.2.17 in this example.
|
||||
Apache has been installed to C:\Apache2217 in this example.
|
||||
Mod_security source is in C:\work\mod_security in this example.
|
||||
|
||||
Download and untar the prerequite library sources:
|
||||
|
||||
Download pcre-8.12.tar.gz from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
|
||||
untar it into C:\work\ creating C:\work\pcre-8.12
|
||||
|
||||
Download libxml2-2.7.7.tar.gz from ftp://xmlsoft.org/libxml2/
|
||||
untar it into C:\work\ creating C:\work\libxml2-2.7.7
|
||||
|
||||
Download lua-5.1.4.tar.gz from http://www.lua.org/ftp/
|
||||
untar it into C:\work\ creating C:\work\lua-5.1.4
|
||||
|
||||
Download curl-7.21.4.tar.gz from http://curl.haxx.se/download.html
|
||||
untar it into C:\work\ creating C:\work\curl-7.21.4
|
||||
|
||||
Setup your build environment:
|
||||
|
||||
The PATH environment variable must include the Visual Studio variables as set by vsvars32.bat
|
||||
The PATH environment variable must also include the CMAKE bin\ directory
|
||||
|
||||
Set an environment variable to the Apache source code directory:
|
||||
|
||||
SET HTTPD_BUILD=C:\work\httpd-2.2.17
|
||||
|
||||
If OpenSSL and Zlib support were included when you built Apache 2.2, and you want them available to LIBXML2 and CURL
|
||||
|
||||
Ensure that cURL and libXML2 can find the OpenSSL and Zlib includes and libraries that Apache was built with.
|
||||
|
||||
SET INCLUDE=%INCLUDE%;%HTTPD_BUILD%\srclib\openssl\inc32;%HTTPD_BUILD%\srclib\zlib
|
||||
SET LIB=%LIB%;%HTTPD_BUILD%\srclib\openssl\out32dll;%HTTPD_BUILD%\srclib\zlib
|
||||
|
||||
Ensure that cURL and libXML2 don't use the static zlib library: zlib.lib.
|
||||
Force cURL and libXML2 to use zdll.lib instead, requiring zlib1.dll at runtime:
|
||||
|
||||
IF EXIST %HTTPD_BUILD%\srclib\zlib\zlib.lib DEL %HTTPD_BUILD%\srclib\zlib\zlib.lib
|
||||
|
||||
BUILD PCRE-8.12
|
||||
|
||||
CD C:\work\pcre-8.12
|
||||
CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True
|
||||
NMAKE
|
||||
|
||||
BUILD LIBXML2-2.7.6
|
||||
BUILD LIBXML2-2.7.7 (note: the more recent version: 2.7.8 does not build correctly on Windows)
|
||||
|
||||
Downloaded libxml2-2.7.6.tar.gz from ftp://xmlsoft.org/libxml2/
|
||||
untar'd into C:\work\ creating C:\work\libxml2-2.7.6
|
||||
|
||||
CD C:\work\libxml2-2.7.6\win32
|
||||
CD C:\work\libxml2-2.7.7\win32
|
||||
CSCRIPT configure.js iconv=no vcmanifest=yes zlib=yes
|
||||
NMAKE -f Makefile.msvc
|
||||
|
||||
BUILD LUA-5.1.4
|
||||
|
||||
Downloaded lua-5.1.4.tar.gz from http://www.lua.org/ftp/
|
||||
untar'd into C:\work\ creating C:\work\lua-5.1.4
|
||||
|
||||
CD C:\work\lua-5.1.4\src
|
||||
CL /Ox /arch:SSE2 /GF /GL /Gy /FD /EHsc /MD /Zi /TC /wd4005 /D "_MBCS" /D "LUA_CORE" /D "LUA_BUILD_AS_DLL" /D "_CRT_SECURE_NO_WARNINGS" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_WIN32" /D "_WINDLL" /c *.c
|
||||
DEL lua.obj luac.obj
|
||||
LINK /DLL /LTCG /DEBUG /OUT:lua5.1.dll *.obj
|
||||
IF EXIST lua5.1.dll.manifest MT -manifest lua5.1.dll.manifest -outputresource:lua5.1.dll;2
|
||||
|
||||
BUILD CURL-7.20.0
|
||||
Downloaded curl-7.20.0.tar.gz from http://curl.haxx.se/download.html
|
||||
untar'd into C:\work\ creating C:\work\curl-7.20.0
|
||||
|
||||
CD C:\work\curl-7.20.0
|
||||
|
||||
*** Fixed Bug: https://sourceforge.net/tracker/?func=detail&aid=2951269&group_id=976&atid=100976 ***
|
||||
Edited the file include\curl\curlbuild.h.cmake near line 160 - put double-quotes around all CURL_FORMAT* values.
|
||||
e.g. change: ${CURL_FORMAT_CURL_OFF_T} to: "${CURL_FORMAT_CURL_OFF_T}"
|
||||
|
||||
/* curl_off_t formatting string directive without "%" conversion specifier. */
|
||||
#cmakedefine CURL_FORMAT_CURL_OFF_T "${CURL_FORMAT_CURL_OFF_T}"
|
||||
|
||||
/* unsigned curl_off_t formatting string without "%" conversion specifier. */
|
||||
#cmakedefine CURL_FORMAT_CURL_OFF_TU "${CURL_FORMAT_CURL_OFF_TU}"
|
||||
|
||||
/* curl_off_t formatting string directive with "%" conversion specifier. */
|
||||
#cmakedefine CURL_FORMAT_OFF_T "${CURL_FORMAT_OFF_T}"
|
||||
BUILD CURL-7.21.4
|
||||
|
||||
CD C:\work\curl-7.21.4
|
||||
CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DCURL_ZLIB=True
|
||||
|
||||
NMAKE
|
||||
|
||||
BUILD MOD_SECURITY-2.5.12
|
||||
BUILD MOD_SECURITY-2.6
|
||||
|
||||
Edited the top of C:\work\mod_security-2.5.12\apache2\Makefile.win and set my local paths
|
||||
(note that pcre.lib is not in $(PCRE)\LibR as it is in the original Makefile.win )
|
||||
CD C:\work\mod_security\apache2
|
||||
NMAKE -f Makefile.win APACHE=C:\Apache2217 PCRE=C:\work\pcre-8.12 LIBXML2=C:\work\libxml2-2.7.7 LUA=C:\work\lua-5.1.4\src
|
||||
|
||||
# Path to Apache httpd installation
|
||||
BASE = C:\Apache2214
|
||||
INSTALL MOD_SECURITY AND RUN APACHE
|
||||
|
||||
# Paths to required libraries
|
||||
LIBXML2 = C:\work\libxml2-2.7.6
|
||||
LUA = C:\work\lua-5.1.4\src
|
||||
PCRE = C:\work\pcre-7.9
|
||||
Copy these five files to C:\Apache2217\bin:
|
||||
C:\work\pcre-8.12\pcre.dll C:\Apache2217\bin\
|
||||
C:\work\lua-5.1.4\src\lua5.1.dll C:\Apache2217\bin\
|
||||
C:\work\libxml2-2.7.7\win32\bin.msvc\libxml2.dll C:\Apache2217\bin\
|
||||
C:\work\curl-7.21.4\libcurl.dll C:\Apache2217\bin\
|
||||
C:\work\mod_security\apache2\mlogc-src\mlogc.exe
|
||||
|
||||
# Linking libraries
|
||||
LIBS = $(BASE)\lib\libhttpd.lib \
|
||||
$(BASE)\lib\libapr-1.lib \
|
||||
$(BASE)\lib\libaprutil-1.lib \
|
||||
$(PCRE)\pcre.lib \
|
||||
$(LIBXML2)\win32\bin.msvc\libxml2.lib \
|
||||
$(LUA)\lua5.1.lib \
|
||||
wsock32.lib
|
||||
Copy this one file to C:\Apache2217\modules:
|
||||
|
||||
CD C:\work\mod_security-2.5.12\apache2
|
||||
NMAKE -f Makefile.win
|
||||
C:\work\mod_security\apache2\mod_security2.so
|
||||
|
||||
BUILD MOD_SECURITY-2.5.12 MLOGC program
|
||||
You may also copy C:\work\curl-7.21.4\curl.exe to C:\Apache2217\bin, if you want to use the cURL command-line program.
|
||||
|
||||
Edited the top of C:\work\mod_security-2.5.12\apache2\mlogc-src\Makefile.win and set my local paths
|
||||
Download the core rules from http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
|
||||
and unzip them into C:\Apache2217\conf\modsecurity_crs
|
||||
|
||||
# Path to Apache httpd installation
|
||||
BASE = C:\Apache2214
|
||||
Add configuration directives to your Apache conf\httpd.conf:
|
||||
|
||||
# Paths to required libraries
|
||||
PCRE = C:\work\pcre-7.9
|
||||
CURL = C:\work\curl-7.20.0
|
||||
# mod_security requires mod_unique_id
|
||||
LoadModule unique_id_module modules/mod_unique_id.so
|
||||
|
||||
# Linking libraries
|
||||
LIBS = $(BASE)\lib\libapr-1.lib \
|
||||
$(BASE)\lib\libaprutil-1.lib \
|
||||
$(PCRE)\pcre.lib \
|
||||
$(CURL)\libcurl_imp.lib \
|
||||
wsock32.lib
|
||||
# mod_security
|
||||
LoadModule security2_module modules/mod_security2.so
|
||||
<IfModule security2_module>
|
||||
SecRuleEngine On
|
||||
SecDataDir logs
|
||||
Include conf/modsecurity_crs/*.conf
|
||||
Include conf/modsecurity_crs/base_rules/*.conf
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
|
||||
SecAuditLogType Serial
|
||||
SecAuditLogParts ABCDEFGHZ
|
||||
SecAuditLog logs/modsecurity.log
|
||||
</IfModule>
|
||||
|
||||
|
||||
CD C:\work\mod_security-2.5.12\apache2\mlogc-src
|
||||
NMAKE -f Makefile.win
|
||||
==============================================================================================
|
||||
OPTIONAL: BUILD AND CONFIGURE THE MOD_SECURITY-2.6 MLOGC piped-logging program
|
||||
|
||||
INSTALL AND RUN
|
||||
Edit the top of C:\work\mod_security\apache2\mlogc-src\Makefile.win and set your local paths
|
||||
|
||||
Copied these five files to C:\Apache2214\bin:
|
||||
C:\work\pcre-7.9\pcre.dll
|
||||
C:\work\lua-5.1.4\src\lua5.1.dll
|
||||
C:\work\libxml2-2.7.6\win32\bin.msvc\libxml2.dll
|
||||
C:\work\curl-7.20.0\libcurl.dll
|
||||
C:\work\mod_security-2.5.12\apache2\mlogc-src\mlogc.exe
|
||||
# Path to Apache httpd installation
|
||||
BASE = C:\Apache2217
|
||||
|
||||
Copied this one file to C:\Apache2214\modules:
|
||||
# Paths to required libraries
|
||||
PCRE = C:\work\pcre-8.12
|
||||
CURL = C:\work\curl-7.21.4
|
||||
|
||||
C:\work\mod_security-2.5.12\apache2\mod_security2.so
|
||||
# Linking libraries
|
||||
LIBS = $(BASE)\lib\libapr-1.lib \
|
||||
$(BASE)\lib\libaprutil-1.lib \
|
||||
$(PCRE)\pcre.lib \
|
||||
$(CURL)\libcurl_imp.lib \
|
||||
wsock32.lib
|
||||
|
||||
You could also copy C:\work\curl-7.20.0\\curl.exe to C:\Apache2214\bin, if you want to use the cURL command-line.
|
||||
Build the mlogc.exe program:
|
||||
|
||||
Downloaded the core rules from http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
|
||||
and unzipped them in C:\Apache2214\conf\modsecurity_crs
|
||||
CD C:\work\mod_security_trunk\mlogc
|
||||
NMAKE -f Makefile.win
|
||||
|
||||
Added this to my conf\httpd.conf:
|
||||
Copy mlocg.exe to C:\Apache2217\bin\
|
||||
|
||||
LoadModule unique_id_module modules/mod_unique_id.so
|
||||
LoadModule security2_module modules/mod_security2.so
|
||||
<IfModule security2_module>
|
||||
Include conf/modsecurity_crs/*.conf
|
||||
Include conf/modsecurity_crs/base_rules/*.conf
|
||||
SecDataDir logs
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
|
||||
SecAuditLogType Concurrent
|
||||
SecAuditLogParts ABCDEFGHZ
|
||||
SecAuditLogStorageDir logs/data/
|
||||
SecAuditLog "|bin/mlogc.exe"
|
||||
</IfModule>
|
||||
Create a new command file C:\Apache2217\bin\mlogc.bat with one line:
|
||||
|
||||
My conf\mlogc.conf has this:
|
||||
CollectorRoot "C:/Apache2214/logs"
|
||||
ConsoleURI "https://localhost:8888/rpc/auditLogReceiver"
|
||||
SensorUsername "test"
|
||||
SensorPassword "testtest"
|
||||
LogStorageDir "data"
|
||||
TransactionLog "mlogc-transaction.log"
|
||||
QueuePath "mlogc-queue.log"
|
||||
ErrorLog "mlogc-error.log"
|
||||
LockFile "mlogc.lck"
|
||||
KeepEntries 0
|
||||
ErrorLogLevel 2
|
||||
MaxConnections 10
|
||||
MaxWorkerRequests 1000
|
||||
TransactionDelay 50
|
||||
StartupDelay 5000
|
||||
CheckpointInterval 15
|
||||
ServerErrorTimeout 60
|
||||
C:\Apache2217\bin\mlogc.exe C:\Apache2217\conf\mlogc.conf
|
||||
|
||||
Create a new configuration file C:\Apache2217\conf\mlogc.conf to control the piped-logging program mlogc.exe.
|
||||
Here is an example conf\mlogc.conf:
|
||||
|
||||
Mod_security appears to work OK with the "ModSecurity Community Console".
|
||||
CollectorRoot "C:/Apache2217/logs"
|
||||
ConsoleURI "https://localhost:8888/rpc/auditLogReceiver"
|
||||
SensorUsername "test"
|
||||
SensorPassword "testtest"
|
||||
LogStorageDir "data"
|
||||
TransactionLog "mlogc-transaction.log"
|
||||
QueuePath "mlogc-queue.log"
|
||||
ErrorLog "mlogc-error.log"
|
||||
LockFile "mlogc.lck"
|
||||
KeepEntries 0
|
||||
ErrorLogLevel 2
|
||||
MaxConnections 10
|
||||
MaxWorkerRequests 1000
|
||||
TransactionDelay 50
|
||||
StartupDelay 5000
|
||||
CheckpointInterval 15
|
||||
ServerErrorTimeout 60
|
||||
|
||||
Change the SecAuditLog directive in conf\httpd.conf to pipe the log data to mlogc
|
||||
instead of writing them to a file:
|
||||
|
||||
SecAuditLog |C:/Apache2217/bin/mlogc.bat
|
||||
|
@ -1,51 +1,51 @@
|
||||
###########################################################################
|
||||
### You Will need to modify the following variables for your system
|
||||
###########################################################################
|
||||
###########################################################################
|
||||
|
||||
# Path to Apache httpd installation
|
||||
BASE = C:\Apache2
|
||||
|
||||
# Paths to required libraries
|
||||
LIBXML2 = C:\work\libxml2-2.6.31
|
||||
LUA = C:\work\lua-5.1.3
|
||||
PCRE = C:\work\httpd-2.2.8\srclib\pcre
|
||||
#
|
||||
# Usage: NMAKE -f Makefile.win APACHE={httpd installion dir} PCRE={pcre dir} LIBXML2={LibXML2 dir} [ LUA={Lua dir} ]
|
||||
#
|
||||
!IF "$(APACHE)" == "" || "$(PCRE)" == "" || "$(LIBXML2)" == ""
|
||||
!ERROR NMAKE arguments: APACHE=dir PCRE=dir LIBXML2=dir are required to build mod_security2 for Windows
|
||||
!ENDIF
|
||||
|
||||
# Linking libraries
|
||||
LIBS = $(BASE)\lib\libhttpd.lib \
|
||||
$(BASE)\lib\libapr-1.lib \
|
||||
$(BASE)\lib\libaprutil-1.lib \
|
||||
$(PCRE)\LibR\pcre.lib \
|
||||
LIBS = $(APACHE)\lib\libhttpd.lib \
|
||||
$(APACHE)\lib\libapr-1.lib \
|
||||
$(APACHE)\lib\libaprutil-1.lib \
|
||||
$(PCRE)\pcre.lib \
|
||||
$(LIBXML2)\win32\bin.msvc\libxml2.lib \
|
||||
$(LUA)\lua5.1.lib \
|
||||
wsock32.lib
|
||||
Ws2_32.lib
|
||||
|
||||
###########################################################################
|
||||
###########################################################################
|
||||
|
||||
CC = cL
|
||||
CC = CL
|
||||
|
||||
MT = mt
|
||||
|
||||
DEFS = /nologo /O2 /LD /W3 /wd4244 -DWIN32 -DWINNT -Dinline=APR_INLINE
|
||||
DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWIN32 -DWINNT -Dinline=APR_INLINE
|
||||
|
||||
DLL = mod_security2.so
|
||||
|
||||
INCLUDES = -I. \
|
||||
INCLUDES = -I. -I.. \
|
||||
-I$(PCRE)\include -I$(PCRE) \
|
||||
-I$(LIBXML2)\include \
|
||||
-I$(LUA)\include -I$(LUA) \
|
||||
-I$(BASE)\include
|
||||
-I$(APACHE)\include
|
||||
|
||||
# Lua is optional
|
||||
!IF "$(LUA)" != ""
|
||||
LIBS = $(LIBS) $(LUA)\lua5.1.lib
|
||||
DEFS=$(DEFS) -DWITH_LUA
|
||||
INCLUDES = $(INCLUDES) -I$(LUA)\include -I$(LUA) \
|
||||
!ENDIF
|
||||
|
||||
CFLAGS= -MD $(INCLUDES) $(DEFS)
|
||||
|
||||
LDFLAGS =
|
||||
LDFLAGS =
|
||||
|
||||
OBJS = mod_security2.obj apache2_config.obj apache2_io.obj apache2_util.obj \
|
||||
re.obj re_operators.obj re_actions.obj re_tfns.obj re_variables.obj \
|
||||
msc_logging.obj msc_xml.obj msc_multipart.obj modsecurity.obj \
|
||||
msc_parsers.obj msc_util.obj msc_pcre.obj persist_dbm.obj \
|
||||
msc_reqbody.obj pdf_protect.obj msc_geo.obj msc_gsb.obj acmp.obj msc_lua.obj \
|
||||
msc_reqbody.obj msc_geo.obj msc_gsb.obj acmp.obj msc_lua.obj \
|
||||
msc_release.obj
|
||||
|
||||
all: $(DLL)
|
||||
@ -53,21 +53,20 @@ all: $(DLL)
|
||||
dll: $(DLL)
|
||||
|
||||
mod_security2_config.h: mod_security2_config.hw
|
||||
@echo off
|
||||
type mod_security2_config.hw > mod_security2_config.h
|
||||
@type mod_security2_config.hw > mod_security2_config.h
|
||||
|
||||
.c.obj:
|
||||
$(CC) $(CFLAGS) -c $< -Fo$@
|
||||
$(CC) $(CFLAGS) -c $< -Fo$@
|
||||
|
||||
.cpp.obj:
|
||||
$(CC) $(CFLAGS) -c $< -Fo$@
|
||||
$(CC) $(CFLAGS) -c $< -Fo$@
|
||||
|
||||
$(DLL): mod_security2_config.h $(OBJS)
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) -LD $(OBJS) -Fe$(DLL) $(LIBS) /link
|
||||
IF EXIST $(DLL).manifest $(MT) -manifest $(DLL).manifest -outputresource:$(DLL);2
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) -LD $(OBJS) -Fe$(DLL) $(LIBS) /link
|
||||
IF EXIST $(DLL).manifest $(MT) -manifest $(DLL).manifest -outputresource:$(DLL);2
|
||||
|
||||
install: $(DLL)
|
||||
copy $(DLL) $(BASE)\modules
|
||||
copy /Y $(DLL) $(APACHE)\modules
|
||||
|
||||
clean:
|
||||
del $(OBJS) $(DLL) *.dll *.lib *.pdb *.idb *.ilk *.exp *.res *.rc *.bin mod_security2_config.h *.manifest
|
||||
del $(OBJS) $(DLL) *.dll *.lib *.pdb *.idb *.ilk *.exp *.res *.rc *.bin mod_security2_config.h *.manifest
|
||||
|
@ -205,10 +205,6 @@ static int db_open(directory_config *dcfg, char **error_msg)
|
||||
apr_pool_t *mp = dcfg->mp;
|
||||
geo_db *geo = dcfg->geo;
|
||||
apr_status_t rc;
|
||||
apr_size_t nbytes;
|
||||
apr_off_t offset;
|
||||
unsigned char buf[3];
|
||||
int i, j;
|
||||
|
||||
#ifdef DEBUG_CONF
|
||||
fprintf(stderr, "GEO: Initializing geo DB \"%s\".\n", geo->dbfn);
|
||||
@ -280,9 +276,6 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
|
||||
int level;
|
||||
double dtmp;
|
||||
int itmp;
|
||||
const unsigned char * p;
|
||||
unsigned int x;
|
||||
int j;
|
||||
|
||||
*error_msg = NULL;
|
||||
|
||||
|
@ -1120,13 +1120,13 @@ void sec_audit_logger(modsec_rec *msr) {
|
||||
|
||||
/* AUDITLOG_PART_UPLOADS */
|
||||
if ((strchr(msr->txcfg->auditlog_parts, AUDITLOG_PART_UPLOADS) != NULL) && (msr->mpd != NULL)) {
|
||||
text = apr_psprintf(msr->mp, "\n--%s-%c--\n", msr->new_auditlog_boundary, AUDITLOG_PART_UPLOADS);
|
||||
sec_auditlog_write(msr, text, strlen(text));
|
||||
|
||||
multipart_part **parts = NULL;
|
||||
unsigned int total_size = 0;
|
||||
int cfiles = 0;
|
||||
|
||||
text = apr_psprintf(msr->mp, "\n--%s-%c--\n", msr->new_auditlog_boundary, AUDITLOG_PART_UPLOADS);
|
||||
sec_auditlog_write(msr, text, strlen(text));
|
||||
|
||||
parts = (multipart_part **)msr->mpd->parts->elts;
|
||||
for(cfiles = 0; cfiles < msr->mpd->parts->nelts; cfiles++) {
|
||||
if (parts[cfiles]->type == MULTIPART_FILE) {
|
||||
|
@ -38,6 +38,7 @@
|
||||
#define AUDITLOG_PART_ENDMARKER 'Z'
|
||||
|
||||
#include "modsecurity.h"
|
||||
#include "apr_pools.h"
|
||||
|
||||
int DSOLOCAL is_valid_parts_specification(char *p);
|
||||
|
||||
@ -47,4 +48,6 @@ char DSOLOCAL *construct_log_vcombinedus_limited(modsec_rec *msr, int _limit, in
|
||||
|
||||
void DSOLOCAL sec_audit_logger(modsec_rec *msr);
|
||||
|
||||
void DSOLOCAL version(apr_pool_t *mp);
|
||||
|
||||
#endif
|
||||
|
@ -42,6 +42,8 @@ char DSOLOCAL *lua_compile(msc_script **script, const char *filename, apr_pool_t
|
||||
|
||||
int DSOLOCAL lua_execute(msc_script *script, char *param, modsec_rec *msr, msre_rule *rule, char **error_msg);
|
||||
|
||||
apr_status_t DSOLOCAL msre_action_setvar_execute(modsec_rec *r, apr_pool_t *, msre_rule *, char *, char *);
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* WITH_LUA */
|
||||
|
@ -69,6 +69,37 @@ static const short b64_reverse_t[256] = {
|
||||
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2
|
||||
};
|
||||
|
||||
#if defined(WIN32) || defined(WINNT)
|
||||
/* Windows does not have inet_aton */
|
||||
int inet_aton(const char *cp, struct in_addr *inp) {
|
||||
inp->s_addr = inet_addr(cp);
|
||||
return (inp->s_addr == 0);
|
||||
}
|
||||
/* Windows versions before Vista do not have inet_pton */
|
||||
#if !defined(NTDDI_VERSION) || NTDDI_VERSION < NTDDI_VISTA
|
||||
int inet_pton(int family, const char *cp, struct in6_addr *addr) {
|
||||
struct addrinfo hints;
|
||||
PADDRINFOA ppResult;
|
||||
|
||||
ZeroMemory( &hints, sizeof(hints) );
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
hints.ai_family = AF_INET6;
|
||||
if (getaddrinfo(cp, NULL, &hints, &ppResult) == 0) {
|
||||
while (ppResult) {
|
||||
if (ppResult->ai_family == AF_INET6) {
|
||||
memcpy(addr, ppResult->ai_addr, ppResult->ai_addrlen);
|
||||
return 1;
|
||||
}
|
||||
ppResult = ppResult->ai_next;
|
||||
}
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
#endif /* NTDDI_VERSION */
|
||||
#endif /* WIN32 || WINNT */
|
||||
|
||||
|
||||
/* \brief Remove escape char
|
||||
*
|
||||
* \param mptmp Pointer to the pool
|
||||
@ -78,7 +109,7 @@ static const short b64_reverse_t[256] = {
|
||||
* \retval string On Success
|
||||
*/
|
||||
char *remove_escape(apr_pool_t *mptmp, const char *input, int input_len) {
|
||||
char *parm = apr_palloc(mptmp, input_len);;
|
||||
char *parm = apr_palloc(mptmp, input_len);
|
||||
char *ret = parm;
|
||||
int len = input_len;
|
||||
|
||||
@ -204,7 +235,6 @@ int convert_to_int(const char c)
|
||||
int set_match_to_tx(modsec_rec *msr, int capture, const char *match, int tx_n) {
|
||||
|
||||
if (capture) {
|
||||
int i;
|
||||
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
|
||||
|
||||
if (s == NULL) return -1;
|
||||
|
@ -120,4 +120,13 @@ char DSOLOCAL *construct_single_var(modsec_rec *msr, char *name);
|
||||
|
||||
char DSOLOCAL *format_all_performance_variables(modsec_rec *msr, apr_pool_t *mp);
|
||||
|
||||
#if defined(WIN32) || defined(WINNT)
|
||||
int DSOLOCAL inet_pton(int family, const char *cp, struct in6_addr *addr);
|
||||
|
||||
#if !defined(NTDDI_VERSION) || NTDDI_VERSION < NTDDI_VISTA
|
||||
int DSLOCAL inet_aton(const char *cp, struct in_addr *inp);
|
||||
|
||||
#endif /* NTDDI_VERSION */
|
||||
#endif /* WIN32 || WINNT */
|
||||
|
||||
#endif
|
||||
|
@ -1993,9 +1993,11 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
|
||||
parm = strchr(msr->matched_var->name,':');
|
||||
|
||||
if(parm) {
|
||||
msc_string *mvar = NULL;
|
||||
|
||||
parm++;
|
||||
|
||||
msc_string *mvar = apr_palloc(msr->mp, sizeof(msc_string));
|
||||
mvar = apr_palloc(msr->mp, sizeof(msc_string));
|
||||
mvar->name = apr_pstrdup(msr->mp, parm);
|
||||
mvar->name_len = strlen(mvar->name);
|
||||
mvar->value = apr_pmemdup(msr->mp, var->value, var->value_len);
|
||||
|
@ -584,6 +584,10 @@ static apr_status_t msre_action_tag_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
msre_rule *rule, msre_action *action)
|
||||
{
|
||||
msc_string *var = NULL;
|
||||
msre_action *action = NULL;
|
||||
const apr_array_header_t *tarr = NULL;
|
||||
const apr_table_entry_t *telts = NULL;
|
||||
int act;
|
||||
|
||||
var = apr_pcalloc(mptmp, sizeof(msc_string));
|
||||
if (var == NULL) return -1;
|
||||
@ -591,9 +595,19 @@ static apr_status_t msre_action_tag_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
var->value_len = strlen(var->value);
|
||||
expand_macros(msr, var, rule, mptmp);
|
||||
|
||||
action->param = apr_pstrmemdup(msr->mp, var->value, var->value_len);
|
||||
tarr = apr_table_elts(rule->actionset->actions);
|
||||
telts = (const apr_table_entry_t*)tarr->elts;
|
||||
|
||||
return 1;
|
||||
for (act = 0; act < tarr->nelts; act++) {
|
||||
action = (msre_action *)telts[act].val;
|
||||
if((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) {
|
||||
action->param = apr_pstrmemdup(msr->mp, var->value, var->value_len);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* proxy */
|
||||
@ -604,7 +618,7 @@ static char *msre_action_proxy_validate(msre_engine *engine, msre_action *action
|
||||
}
|
||||
|
||||
static apr_status_t msre_action_proxy_init(msre_engine *engine, msre_actionset *actionset,
|
||||
msre_action *action)
|
||||
msre_action *action)
|
||||
{
|
||||
actionset->intercept_action = ACTION_PROXY;
|
||||
actionset->intercept_uri = action->param;
|
||||
@ -613,7 +627,7 @@ static apr_status_t msre_action_proxy_init(msre_engine *engine, msre_actionset *
|
||||
}
|
||||
|
||||
static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
msre_rule *rule, msre_action *action)
|
||||
msre_rule *rule, msre_action *action)
|
||||
{
|
||||
msc_string *var = NULL;
|
||||
|
||||
@ -631,7 +645,7 @@ static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp
|
||||
/* pass */
|
||||
|
||||
static apr_status_t msre_action_pass_init(msre_engine *engine, msre_actionset *actionset,
|
||||
msre_action *action)
|
||||
msre_action *action)
|
||||
{
|
||||
actionset->intercept_action = ACTION_NONE;
|
||||
actionset->intercept_action_rec = action;
|
||||
@ -646,7 +660,7 @@ static char *msre_action_skip_validate(msre_engine *engine, msre_action *action)
|
||||
}
|
||||
|
||||
static apr_status_t msre_action_skip_init(msre_engine *engine, msre_actionset *actionset,
|
||||
msre_action *action)
|
||||
msre_action *action)
|
||||
{
|
||||
actionset->skip_count = atoi(action->param);
|
||||
if (actionset->skip_count <= 0) actionset->skip_count = 1;
|
||||
@ -661,7 +675,7 @@ static char *msre_action_skipAfter_validate(msre_engine *engine, msre_action *ac
|
||||
}
|
||||
|
||||
static apr_status_t msre_action_skipAfter_init(msre_engine *engine, msre_actionset *actionset,
|
||||
msre_action *action)
|
||||
msre_action *action)
|
||||
{
|
||||
actionset->skip_after = action->param;
|
||||
return 1;
|
||||
@ -1149,9 +1163,7 @@ static apr_status_t msre_action_sanitizeMatched_execute(modsec_rec *msr, apr_poo
|
||||
const char *sargname = NULL;
|
||||
const apr_array_header_t *tarr;
|
||||
const apr_table_entry_t *telts;
|
||||
const apr_array_header_t *tarr_pattern;
|
||||
const apr_table_entry_t *telts_pattern;
|
||||
int i, type = 0, k;
|
||||
int i, type = 0;
|
||||
msc_string *mvar = msr->matched_var;
|
||||
|
||||
if (mvar->name_len == 0) return 0;
|
||||
@ -2626,10 +2638,9 @@ void msre_engine_register_default_actions(msre_engine *engine) {
|
||||
);
|
||||
|
||||
/* tag */
|
||||
/* ENH: This should be ACTION_METADATA??? */
|
||||
msre_engine_action_register(engine,
|
||||
"tag",
|
||||
ACTION_NON_DISRUPTIVE,
|
||||
ACTION_METADATA,
|
||||
1, 1,
|
||||
NO_PLUS_MINUS,
|
||||
ACTION_CARDINALITY_MANY,
|
||||
|
@ -18,13 +18,10 @@
|
||||
#include "apr_lib.h"
|
||||
#include "apr_strmatch.h"
|
||||
#include "acmp.h"
|
||||
#if defined(WIN32) || defined(WINNT)
|
||||
#include "pcre.h"
|
||||
#else
|
||||
#if !defined(WIN32) && !defined(WINNT)
|
||||
#include <regex.h>
|
||||
#endif
|
||||
|
||||
|
||||
#define PARSE_REGEX_IP "([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)(?:(\\/[0-9]+))?|([0-9a-f]+\\:[0-9a-f]+\\:[0-9a-f]+\\:[0-9a-f]+\\:[0-9a-f]+\\:[0-9a-f]+\\:[0-9a-f]+\\:[0-9a-f]+)(?:(\\/[0-9]+))?"
|
||||
#define MAX_SUBSTRINGS 30
|
||||
|
||||
@ -79,7 +76,6 @@ static int msre_op_nomatch_execute(modsec_rec *msr, msre_rule *rule,
|
||||
|
||||
/* ipmatch */
|
||||
|
||||
#if !defined(WIN32) || !defined(WINNT)
|
||||
/*
|
||||
* \brief Init function to ipmatch operator
|
||||
*
|
||||
@ -91,7 +87,7 @@ static int msre_op_nomatch_execute(modsec_rec *msr, msre_rule *rule,
|
||||
*/
|
||||
static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
const char *errptr = NULL;
|
||||
int erroffset;
|
||||
int erroffset = 0;
|
||||
char *data = NULL;
|
||||
const char *str = NULL;
|
||||
char *saved = NULL;
|
||||
@ -207,6 +203,8 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
while (maskbits >= 8) {
|
||||
#ifdef LINUX
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j++] = 0xff;
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
mask6.sin6_addr.s6_addr[j++] = 0xff;
|
||||
#elif SOLARIS2
|
||||
mask6.sin6_addr._S6_un._S6_u8[j++] = 0xff;
|
||||
#else
|
||||
@ -219,6 +217,9 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
#ifdef LINUX
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j] >>= 1;
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j] |= 0x80;
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
mask6.sin6_addr.s6_addr[j] >>= 1;
|
||||
mask6.sin6_addr.s6_addr[j] |= 0x80;
|
||||
#elif SOLARIS2
|
||||
mask6.sin6_addr._S6_un._S6_u8[j] >>= 1;
|
||||
mask6.sin6_addr._S6_un._S6_u8[j] |= 0x80;
|
||||
@ -233,6 +234,8 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
while (j < 16) {
|
||||
#ifdef LINUX
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j++] = 0;
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
mask6.sin6_addr.s6_addr[j++] = 0;
|
||||
#elif SOLARIS2
|
||||
mask6.sin6_addr._S6_un._S6_u8[j++] = 0;
|
||||
#else
|
||||
@ -243,6 +246,9 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
for (j = 0; j < 4; j++) {
|
||||
#ifdef LINUX
|
||||
sa.sin6_addr.__in6_u.__u6_addr32[j] &= mask6.sin6_addr.__in6_u.__u6_addr32[j];
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
sa.sin6_addr.s6_words[j*2] &= mask6.sin6_addr.s6_words[j*2] ;
|
||||
sa.sin6_addr.s6_words[j*2+1] &= mask6.sin6_addr.s6_words[j*2+1] ;
|
||||
#elif SOLARIS2
|
||||
sa.sin6_addr._S6_un.u6__S6_u32[j] &= mask6.sin6_addr._S6_un._S6_u32[j];
|
||||
#else
|
||||
@ -286,6 +292,8 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
while (maskbits >= 8) {
|
||||
#ifdef LINUX
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j++] = 0xff;
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
mask6.sin6_addr.s6_addr[j++] = 0xff;
|
||||
#elif SOLARIS2
|
||||
mask6.sin6_addr._S6_un._S6_u8[j++] = 0xff;
|
||||
#else
|
||||
@ -297,6 +305,9 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
#ifdef LINUX
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j] >>= 1;
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j] |= 0x80;
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
mask6.sin6_addr.s6_addr[j] >>= 1;
|
||||
mask6.sin6_addr.s6_addr[j] |= 0x80;
|
||||
#elif SOLARIS2
|
||||
mask6.sin6_addr._S6_un._S6_u8[j] >>= 1;
|
||||
mask6.sin6_addr._S6_un._S6_u8[j] |= 0x80;
|
||||
@ -311,6 +322,8 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
while (j < 16) {
|
||||
#ifdef LINUX
|
||||
mask6.sin6_addr.__in6_u.__u6_addr8[j++] = 0;
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
mask6.sin6_addr.s6_addr[j++] = 0;
|
||||
#elif SOLARIS2
|
||||
mask6.sin6_addr._S6_un._S6_u8[j++] = 0;
|
||||
#else
|
||||
@ -322,6 +335,9 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
for (j = 0; j < 4; j++) {
|
||||
#ifdef LINUX
|
||||
sa.sin6_addr.__in6_u.__u6_addr32[j] &= mask6.sin6_addr.__in6_u.__u6_addr32[j];
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
sa.sin6_addr.s6_words[j*2] &= mask6.sin6_addr.s6_words[j*2] ;
|
||||
sa.sin6_addr.s6_words[j*2+1] &= mask6.sin6_addr.s6_words[j*2+1] ;
|
||||
#elif SOLARIS2
|
||||
sa.sin6_addr._S6_un._S6_u32[j] &= mask6.sin6_addr._S6_un._S6_u32[j];
|
||||
#else
|
||||
@ -421,7 +437,7 @@ static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
|
||||
*/
|
||||
static int msre_op_ipmatch_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
|
||||
const char *errptr = NULL;
|
||||
int erroffset;
|
||||
int erroffset=0;
|
||||
struct in_addr addr;
|
||||
struct sockaddr_in6 sa;
|
||||
unsigned long ipaddr;
|
||||
@ -472,6 +488,9 @@ static int msre_op_ipmatch_execute(modsec_rec *msr, msre_rule *rule, msre_var *v
|
||||
#ifdef LINUX
|
||||
if (((sa.sin6_addr.__in6_u.__u6_addr8[i] ^ ipdata->netaddr->sin6_addr.__in6_u.__u6_addr8[i]) &
|
||||
ipdata->netaddr->sin6_addr.__in6_u.__u6_addr8[i]) == 0)
|
||||
#elif defined(WIN32) || defined(WINNT)
|
||||
if (((sa.sin6_addr.s6_addr[i] ^ ipdata->netaddr->sin6_addr.s6_addr[i]) &
|
||||
ipdata->netaddr->sin6_addr.s6_addr[i]) == 0)
|
||||
#elif SOLARIS2
|
||||
if (((sa.sin6_addr._S6_un._S6_u8[i] ^ ipdata->netaddr->sin6_addr._S6_un._S6_u8[i]) &
|
||||
ipdata->netaddr->sin6_addr._S6_un._S6_u8[i]) == 0)
|
||||
@ -488,12 +507,11 @@ static int msre_op_ipmatch_execute(modsec_rec *msr, msre_rule *rule, msre_var *v
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* WIN32 | WINNT */
|
||||
|
||||
/* rsub */
|
||||
|
||||
static char *param_remove_escape(msre_rule *rule, char *str, int len) {
|
||||
char *parm = apr_palloc(rule->ruleset->mp, len);;
|
||||
char *parm = apr_palloc(rule->ruleset->mp, len);
|
||||
char *ret = parm;
|
||||
|
||||
for(;*str!='\0';str++) {
|
||||
@ -525,7 +543,7 @@ static char *param_remove_escape(msre_rule *rule, char *str, int len) {
|
||||
*/
|
||||
static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
|
||||
const char *errptr = NULL;
|
||||
int erroffset;
|
||||
int erroffset = 0;
|
||||
ap_regex_t *regex;
|
||||
const char *pattern = NULL;
|
||||
const char *line = NULL;
|
||||
@ -1387,7 +1405,6 @@ static int msre_op_gsbLookup_execute(modsec_rec *msr, msre_rule *rule, msre_var
|
||||
const char *match = NULL;
|
||||
unsigned int match_length;
|
||||
unsigned int canon_length;
|
||||
unsigned int base_length;
|
||||
int rv, i, ret;
|
||||
char *data = NULL;
|
||||
unsigned int size = var->value_len;
|
||||
@ -3728,14 +3745,12 @@ void msre_engine_register_default_operators(msre_engine *engine) {
|
||||
msre_op_nomatch_execute
|
||||
);
|
||||
|
||||
#if !defined(WIN32) || !defined(WINNT)
|
||||
/* ipmatch */
|
||||
msre_engine_op_register(engine,
|
||||
"ipmatch",
|
||||
msre_op_ipmatch_param_init,
|
||||
msre_op_ipmatch_execute
|
||||
);
|
||||
#endif /* WIN32 | WINNT */
|
||||
|
||||
/* rsub */
|
||||
msre_engine_op_register(engine,
|
||||
|
Loading…
x
Reference in New Issue
Block a user