github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed patch for subrequests to be more complete. See #124.

Browse Source
This commit is contained in:
brectanus 2007-05-31 15:42:42 +00:00
parent e887faac2b
commit 84c0ca303e
2 changed files with 36 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -2,6 +2,10 @@
?? ??? 2007 - 2.2.0-trunk ?? ??? 2007 - 2.2.0-trunk
------------------------- -------------------------
* TODO: Add file/line to audit log
* TODO: Detect static files (trac #15)
* Added new parallel matching operators, @pm and @pmfile. These use * Added new parallel matching operators, @pm and @pmfile. These use
an alternate set based matching engine to perform faster keyword an alternate set based matching engine to perform faster keyword
type matches. type matches.

58
apache2/mod_security2.c
View File

@ -55,6 +55,7 @@ int perform_interception(modsec_rec *msr) {
msre_actionset *actionset = NULL; msre_actionset *actionset = NULL;
const char *message = NULL; const char *message = NULL;
const char *phase_text = ""; const char *phase_text = "";
const char *subreq_text = (msr->r->main == NULL) ? "" : "Subrequest. ";
int status = DECLINED; int status = DECLINED;
int log_level = 1; int log_level = 1;
@ -95,14 +96,14 @@ int perform_interception(modsec_rec *msr) {
case ACTION_DENY : case ACTION_DENY :
if (actionset->intercept_status != 0) { if (actionset->intercept_status != 0) {
status = actionset->intercept_status; status = actionset->intercept_status;
message = apr_psprintf(msr->mp, "Access denied with code %i%s.", status, message = apr_psprintf(msr->mp, "%sAccess denied with code %i%s.",
phase_text); subreq_text, status, phase_text);
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Internal Error: Invalid status code requested %i).", phase_text, "(Internal Error: Invalid status code requested %i).",
actionset->intercept_status); subreq_text, phase_text, actionset->intercept_status);
} }
break; break;
@ -111,23 +112,25 @@ int perform_interception(modsec_rec *msr) {
if (ap_find_linked_module("mod_proxy.c") == NULL) { if (ap_find_linked_module("mod_proxy.c") == NULL) {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Configuration Error: Proxy action to %s requested but mod_proxy not found).", "(Configuration Error: Proxy action to %s requested but mod_proxy not found).",
phase_text, log_escape_nq(msr->mp, actionset->intercept_uri)); subreq_text, phase_text,
log_escape_nq(msr->mp, actionset->intercept_uri));
} else { } else {
msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri); msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri);
msr->r->proxyreq = PROXYREQ_REVERSE; msr->r->proxyreq = PROXYREQ_REVERSE;
msr->r->handler = "proxy-server"; msr->r->handler = "proxy-server";
status = OK; status = OK;
message = apr_psprintf(msr->mp, "Access denied using proxy to %s%s.", message = apr_psprintf(msr->mp, "%sAccess denied using proxy to %s%s.",
phase_text, log_escape_nq(msr->mp, actionset->intercept_uri)); subreq_text, phase_text,
log_escape_nq(msr->mp, actionset->intercept_uri));
} }
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Configuration Error: Proxy action requested but it does not work in output phases).", "(Configuration Error: Proxy action requested but it does not work in output phases).",
phase_text); subreq_text, phase_text);
} }
break; break;
@ -144,29 +147,30 @@ int perform_interception(modsec_rec *msr) {
if (csd) { if (csd) {
if (apr_socket_close(csd) == APR_SUCCESS) { if (apr_socket_close(csd) == APR_SUCCESS) {
status = HTTP_FORBIDDEN; status = HTTP_FORBIDDEN;
message = apr_psprintf(msr->mp, "Access denied with connection close%s.", message = apr_psprintf(msr->mp, "%sAccess denied with connection close%s.",
phase_text); subreq_text, phase_text);
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop requested but failed to close the " "(Error: Connection drop requested but failed to close the "
" socket).", phase_text); " socket).",
subreq_text, phase_text);
} }
} else { } else {
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop requested but socket not found.", "(Error: Connection drop requested but socket not found.",
phase_text); subreq_text, phase_text);
} }
} }
#else #else
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Error: Connection drop not implemented on this platform).", "(Error: Connection drop not implemented on this platform).",
phase_text); subreq_text, phase_text);
#endif #endif
break; break;
@ -179,23 +183,25 @@ int perform_interception(modsec_rec *msr) {
} else { } else {
status = HTTP_MOVED_TEMPORARILY; status = HTTP_MOVED_TEMPORARILY;
} }
message = apr_psprintf(msr->mp, "Access denied with redirection to %s using " message = apr_psprintf(msr->mp, "%sAccess denied with redirection to %s using "
"status %i%s.", log_escape_nq(msr->mp, actionset->intercept_uri), status, "status %i%s.",
subreq_text,
log_escape_nq(msr->mp, actionset->intercept_uri), status,
phase_text); phase_text);
break; break;
case ACTION_ALLOW : case ACTION_ALLOW :
status = DECLINED; status = DECLINED;
message = apr_psprintf(msr->mp, "Access allowed%s.", phase_text); message = apr_psprintf(msr->mp, "%sAccess allowed%s.", subreq_text, phase_text);
msr->was_intercepted = 0; msr->was_intercepted = 0;
break; break;
default : default :
log_level = 1; log_level = 1;
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
message = apr_psprintf(msr->mp, "Access denied with code 500%s " message = apr_psprintf(msr->mp, "%sAccess denied with code 500%s "
"(Internal Error: invalid interception action %i).", "(Internal Error: invalid interception action %i).",
phase_text, actionset->intercept_action); subreq_text, phase_text, actionset->intercept_action);
break; break;
} }
@ -563,8 +569,8 @@ static int hook_request_late(request_rec *r) {
/* Has this phase been completed already? */ /* Has this phase been completed already? */
if (msr->phase_request_body_complete) { if (msr->phase_request_body_complete) {
if (msr->was_intercepted) { if (msr->was_intercepted) {
msr_log(msr, 4, "Phase REQUEST_BODY subrequest already intercepted with code %u.", msr->intercept_actionset->intercept_status); msr_log(msr, 4, "Phase REQUEST_BODY request already intercepted. Intercepting additional request.");
return msr->intercept_actionset->intercept_status; return perform_interception(msr);
} }
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Phase REQUEST_BODY already complete, skipping."); msr_log(msr, 4, "Phase REQUEST_BODY already complete, skipping.");