From 8360aacc224cbdc2d478d92319d015961e1980f6 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Mon, 17 Dec 2007 19:58:35 +0000
Subject: [PATCH] Use use new msr->rule_was_intercepted flag.  See #425.

---
 apache2/modsecurity.h |  1 +
 apache2/re.c          | 14 +++++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index 7ec5d9a4..586e2f27 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -332,6 +332,7 @@ struct modsec_rec {
     apr_md5_ctx_t        new_auditlog_md5ctx;
 
     unsigned int         was_intercepted;
+    unsigned int         rule_was_intercepted;
     unsigned int         intercept_phase;
     msre_actionset      *intercept_actionset;
     const char          *intercept_message;
diff --git a/apache2/re.c b/apache2/re.c
index 4f878429..d4233486 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -673,6 +673,9 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
         apr_time_t time1 = 0;
 #endif
 
+        /* Reset the rule interception flag */
+        msr->rule_was_intercepted = 0;
+
         /* SKIP_RULES is used to skip all rules until we hit a placeholder
          * with the specified rule ID and then resume execution after that.
          */
@@ -828,8 +831,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
         }
         else
         if (rc == RULE_MATCH) {
-            if ((msr->phase == msr->intercept_phase) && msr->was_intercepted) {
-                /* If the transaction was intercepted we will
+            if (msr->rule_was_intercepted) {
+                /* If the transaction was intercepted by this rule we will
                  * go back. Do note that we are relying on the
                  * rule to know if it is a part of a chain and
                  * not intercept if it is.
@@ -1363,6 +1366,7 @@ static void msre_perform_disruptive_actions(modsec_rec *msr, msre_rule *rule,
      * transaction, and rememer the rule that caused it.
      */
     msr->was_intercepted = 1;
+    msr->rule_was_intercepted = 1;
     msr->intercept_phase = msr->phase;
     msr->intercept_actionset = actionset;
     msr->intercept_message = message;
@@ -1701,7 +1705,7 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
                      * was intercepted - no need to process the remaining
                      * targets.
                      */
-                    if (msr->was_intercepted) {
+                    if (msr->rule_was_intercepted) {
                         return RULE_MATCH;
                     }
                 }
@@ -1761,7 +1765,7 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
                         * was intercepted - no need to process the remaining
                         * targets.
                         */
-                        if (msr->was_intercepted) {
+                        if (msr->rule_was_intercepted) {
                             return RULE_MATCH;
                         }
                     }
@@ -1847,7 +1851,7 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
                  * was intercepted - no need to process the remaining
                  * targets.
                  */
-                if (msr->was_intercepted) {
+                if (msr->rule_was_intercepted) {
                     return RULE_MATCH;
                 }
             }