github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added ability to use ctl:requestBodyAccess=off in phase:1 to avoid limit check.

Browse Source 
Added regression tests for this as well.
This commit is contained in:
brectanus
2008-09-10 19:45:13 +00:00
parent c5e258f0ba
commit 67c48bfdfb
2 changed files with 224 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/mod_security2.c
View File

@@ -577,7 +577,10 @@ static int hook_request_early(request_rec *r) {
rc = perform_interception(msr);
}
if ((msr->txcfg->is_enabled != MODSEC_DISABLED) && (rc == DECLINED)) {
if ( (msr->txcfg->is_enabled != MODSEC_DISABLED)
&& (msr->txcfg->reqbody_access == 1)
&& (rc == DECLINED))
{
/* Check request body limit (non-chunked requests only). */
if (msr->request_content_length > msr->txcfg->reqbody_limit) {
msr_log(msr, 1, "Request body (Content-Length) is larger than the "