Do not process subrequests in phase 2. See #135.

CHANGES

@@ -2,6 +2,8 @@
 ?? ??? 2007 - 2.5.0-dev3
 ------------------------
 
+ * Do not process subrequests in phase 2.
+
  * Fixed deprecatevar:var=N/S action so that it decrements N every S seconds
    as documented instead of decrementing by a rate.
 

apache2/mod_security2.c

@@ -581,6 +581,13 @@ static int hook_request_late(request_rec *r) {
     modsec_rec *msr = NULL;
     int rc;
 
+    /* This function needs to run only once per transaction
+     * (i.e. subrequests and redirects are excluded).
+     */
+    if ((r->main != NULL)||(r->prev != NULL)) {
+        return DECLINED;
+    }
+
     /* Find the transaction context and make sure
      * we are supposed to proceed.
      */
@@ -594,25 +601,7 @@ static int hook_request_late(request_rec *r) {
 
     /* Has this phase been completed already? */
     if (msr->phase_request_body_complete) {
-        /* If we are redirecting and there was no previous response it is
-         * an error page request and we ignore it.
-         */
-        if (    (msr->r->prev != NULL)
-            && ((msr->r->prev->headers_out == NULL) || (apr_is_empty_table(msr->r->prev->headers_out))) )
-        {
-            msr_log(msr, 9, "Allowing internally redirected error document: %s", msr->r->uri);
-            return DECLINED;
-        }
-
-        if (msr->was_intercepted) {
-            msr_log(msr, 4, "Phase REQUEST_BODY request already intercepted. Intercepting additional request.");
-            return perform_interception(msr);
-        }
-
-        if (msr->txcfg->debuglog_level >= 4) {
-            msr_log(msr, 4, "Phase REQUEST_BODY already complete, skipping.");
-        }
-
+        msr_log(msr, 1, "Internal Error: Attempted to process the request body more than once.");
         return DECLINED;
     }
     msr->phase_request_body_complete = 1;