diff --git a/CHANGES b/CHANGES index 31a62c2c..30ebd1f8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +19 Mar 2008 - 2.5.1-breach1 +--------------------------- + + * Allow HTTP_* targets as an alias for REQUEST_HEADERS:*. + + 14 Mar 2008 - 2.5.1 ------------------- diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 0287a08c..6de2223a 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -1129,10 +1129,11 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg, const char *p if ((dcfg->tmp_default_actionset->severity != NOT_SET) ||(dcfg->tmp_default_actionset->logdata != NOT_SET_P)) { - ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool, - "ModSecurity: WARNING SecDefaultAction \"%s\" should not " - "contain a severity or logdata action (%s:%d).", - p1, cmd->directive->filename, cmd->directive->line_num); + ap_log_perror(APLOG_MARK, + APLOG_STARTUP|APLOG_WARNING|APLOG_NOERRNO, 0, cmd->pool, + "ModSecurity: WARNING Using \"severity\" or \"logdata\" in " + "SecDefaultAction is deprecated (%s:%d).", + cmd->directive->filename, cmd->directive->line_num); } /* Must not use chain. */ diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 3f1fbe16..0c25c933 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -63,8 +63,8 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[]; #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "5" #define MODSEC_VERSION_MAINT "1" -#define MODSEC_VERSION_TYPE "" -#define MODSEC_VERSION_RELEASE "" +#define MODSEC_VERSION_TYPE "-breach" +#define MODSEC_VERSION_RELEASE "1" #define MODULE_NAME "ModSecurity for Apache" diff --git a/apache2/re.c b/apache2/re.c index 0fd7ecf8..a5470253 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -231,6 +231,7 @@ msre_action_metadata *msre_resolve_action(msre_engine *engine, const char *name) msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *name, const char *param, modsec_rec *msr, char **error_msg) { + const char *varparam = param; msre_var *var = apr_pcalloc(pool, sizeof(msre_var)); if (var == NULL) return NULL; @@ -251,6 +252,17 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char * var->name = name; } + /* Treat HTTP_* targets as an alias for REQUEST_HEADERS:* */ + if ( (var->name != NULL) + && (strlen(var->name) > 5) + && (strncmp("HTTP_", var->name, 5) == 0)) + { + const char *oldname = var->name; + var->name = apr_pstrdup(pool, "REQUEST_HEADERS"); + varparam = apr_pstrdup(pool, oldname + 5); + } + + /* Resolve variable */ var->metadata = msre_resolve_var(engine, var->name); if (var->metadata == NULL) { @@ -268,7 +280,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char * } /* Check the parameter. */ - if (param == NULL) { + if (varparam == NULL) { if (var->metadata->argc_min > 0) { *error_msg = apr_psprintf(engine->mp, "Missing mandatory parameter for variable %s.", name); @@ -283,7 +295,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char * return NULL; } - var->param = param; + var->param = varparam; } return var; diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index 1b54e280..8c4a8742 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -4,7 +4,7 @@ Manual - Version 2.5.1 (March 14, 2008) + Version 2.5.1-breach1 (March 19, 2008) 2004-2008