mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
nginx: Warn about not workable 'proxy'
Proxy is not yet ready for nginx. Instead of give a generic error, this patch adds a clean message explains that such functionality is not available on the nginx port. This patch also modifies the test cases to reflect this changes.
This commit is contained in:
Felipe Zimmerle
parent
7478faa5ce
commit
795d6a64d2
@ -195,6 +195,7 @@ int perform_interception(modsec_rec *msr) {
|
||||
break;
|
||||
|
||||
case ACTION_PROXY :
|
||||
#if !(defined(VERSION_IIS)) && !(defined(VERSION_NGINX)) && !(defined(VERSION_STANDALONE))
|
||||
if (msr->phase < 3) {
|
||||
if (ap_find_linked_module("mod_proxy.c") == NULL) {
|
||||
log_level = 1;
|
||||
@ -219,6 +220,15 @@ int perform_interception(modsec_rec *msr) {
|
||||
"(Configuration Error: Proxy action requested but it does not work in output phases).",
|
||||
phase_text);
|
||||
}
|
||||
#else
|
||||
log_level = 1;
|
||||
status = HTTP_INTERNAL_SERVER_ERROR;
|
||||
message = apr_psprintf(msr->mp, "Access denied with code 500%s "
|
||||
"(Configuration Error: Proxy action to %s requested but "
|
||||
"proxy is only available in Apache version).",
|
||||
phase_text,
|
||||
log_escape_nq(msr->mp, actionset->intercept_uri));
|
||||
#endif
|
||||
break;
|
||||
|
||||
case ACTION_DROP :
|
||||
|
||||
@ -454,12 +454,22 @@
|
||||
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1 ],
|
||||
error => {
|
||||
apache => [qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1],
|
||||
nginx => [qr/ModSecurity: Access denied with code 500 \(phase 1\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
|
||||
},
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
content => qr/^TEST$/,
|
||||
status => {
|
||||
apache => qr/^200$/,
|
||||
nginx => qr/^500$/,
|
||||
},
|
||||
content => {
|
||||
apache => qr/^TEST$/,
|
||||
nginx => qr/^*$/,
|
||||
},
|
||||
},
|
||||
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
|
||||
),
|
||||
@ -475,11 +485,20 @@
|
||||
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500006"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied using proxy to \(phase 2\)/, 1 ],
|
||||
error => {
|
||||
apache => [qr/ModSecurity: Access denied using proxy to \(phase 2\)/, 1],
|
||||
nginx => [qr/ModSecurity: Access denied with code 500 \(phase 2\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
|
||||
},
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
content => qr/^TEST$/,
|
||||
status => {
|
||||
apache => qr/^200$/,
|
||||
nginx => qr/^500$/,
|
||||
},
|
||||
content => {
|
||||
apache => qr/^TEST$/,
|
||||
nginx => qr/^*$/,
|
||||
},
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
|
||||
@ -498,10 +517,16 @@
|
||||
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500007"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied with code 500 \(phase 3\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ],
|
||||
error => {
|
||||
apache => [qr/ModSecurity: Access denied with code 500 \(phase 3\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1],
|
||||
nginx => [qr/ModSecurity: Access denied with code 500 \(phase 3\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
|
||||
}
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
status => {
|
||||
apache => qr/^500$/,
|
||||
nginx => qr/^500$/,
|
||||
},
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
|
||||
@ -520,10 +545,16 @@
|
||||
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500008"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied with code 500 \(phase 4\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ],
|
||||
error => {
|
||||
apache => [qr/ModSecurity: Access denied with code 500 \(phase 4\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1],
|
||||
nginx => [qr/ModSecurity: Access denied with code 500 \(phase 4\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
|
||||
}
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
status => {
|
||||
apache => qr/^500$/,
|
||||
nginx => qr/^500$/,
|
||||
},
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user