github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

nginx: Adds proper support to SecServerSignature

Browse Source 
SecServerSignature was leading nginx to crash. It was trying to write over a
memory area that it was not allowed to. In order to fix that a new function was
created on the standalone api. This function is called
modsecIsServerSignatureAvailale. Whenever it returns data it means that the
function SecServerSignature was used by the user. Nginx module was also patched
to support this new function.
This commit is contained in:
Felipe Zimmerle
2014-01-08 13:54:51 -08:00
parent 2a43589395
commit 7ac515ee29
4 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nginx/modsecurity/ngx_http_modsecurity.c
View File

@@ -719,6 +719,14 @@ ngx_http_modsecurity_save_headers_out(ngx_http_request_t *r)
upstream = r->upstream;
r->upstream = &ngx_http_modsecurity_upstream;
/* case SecServerSignature was used, the "Server: ..." header is added
* here, overwriting the default header supplied by nginx.
*/
if (modsecIsServerSignatureAvailale() != NULL) {
apr_table_add(ctx->req->headers_out, "Server",
modsecIsServerSignatureAvailale());
}
if (apr_table_do(ngx_http_modsecurity_save_headers_out_visitor,
r, ctx->req->headers_out, NULL) == 0) {