mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-16 16:06:12 +03:00
Loader improvement & request wrapper fix
This commit is contained in:
Mihai Pitu
Felipe Zimmerle
parent
5e98205ccc
commit
8a0e3d0e9f
BIN
java/ModSecurityLoader/dist/ModSecurityLoader.jar
vendored
BIN
java/ModSecurityLoader/dist/ModSecurityLoader.jar
vendored
Binary file not shown.
BIN
java/ModSecurityTestApp/dist/ModSecurityTestApp.war
vendored
BIN
java/ModSecurityTestApp/dist/ModSecurityTestApp.war
vendored
Binary file not shown.
@ -19,37 +19,42 @@ public final class ModSecurity {
|
|||||||
private static boolean libsLoaded = false;
|
private static boolean libsLoaded = false;
|
||||||
|
|
||||||
private void loadNativeLibs(String zlibPath,
|
private void loadNativeLibs(String zlibPath,
|
||||||
String libxml2Path,
|
String libxml2Path,
|
||||||
String libpcrePath,
|
String libpcrePath,
|
||||||
String libaprPath,
|
String libaprPath,
|
||||||
String libapriconvPath,
|
String libapriconvPath,
|
||||||
String libaprutilPath,
|
String libaprutilPath,
|
||||||
String libModSecurityPath) {
|
String libModSecurityPath) {
|
||||||
if (!libsLoaded) {
|
if (!libsLoaded) {
|
||||||
libsLoaded = true;
|
libsLoaded = true;
|
||||||
//ModSecurityLoader calls System.load() for every native library needed by ModSecurity.
|
//ModSecurityLoader calls System.load() for every native library needed by ModSecurity.
|
||||||
// try {
|
boolean loaderFound = false;
|
||||||
// Class.forName("org.modsecurity.loader.ModSecurityLoader");
|
// try {
|
||||||
// } catch (ClassNotFoundException ex) {
|
// Class.forName("org.modsecurity.loader.ModSecurityLoader");
|
||||||
// java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
|
// loaderFound = true;
|
||||||
// "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
|
// } catch (ClassNotFoundException ex) {
|
||||||
// }
|
// //java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
|
||||||
|
// // "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
|
||||||
|
// } catch (NoClassDefFoundError ex) {
|
||||||
|
// }
|
||||||
|
|
||||||
//If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if
|
if (!loaderFound) {
|
||||||
//ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
|
//If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if
|
||||||
try {
|
//ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
|
||||||
loadLib("zlib1", zlibPath);
|
try {
|
||||||
} catch (UnsatisfiedLinkError ex) {
|
loadLib("zlib1", zlibPath);
|
||||||
|
} catch (UnsatisfiedLinkError err) {
|
||||||
|
}
|
||||||
|
loadLib("xml2", libxml2Path);
|
||||||
|
loadLib("pcre", libpcrePath);
|
||||||
|
loadLib("apr-1", libaprPath);
|
||||||
|
try {
|
||||||
|
loadLib("apriconv-1", libapriconvPath);
|
||||||
|
} catch (UnsatisfiedLinkError err) {
|
||||||
|
}
|
||||||
|
loadLib("aprutil-1", libaprutilPath);
|
||||||
|
loadLib("ModSecurityJNI", libModSecurityPath);
|
||||||
}
|
}
|
||||||
loadLib("xml2", libxml2Path);
|
|
||||||
loadLib("pcre", libpcrePath);
|
|
||||||
loadLib("apr-1", libaprPath);
|
|
||||||
try {
|
|
||||||
loadLib("apriconv-1", libapriconvPath);
|
|
||||||
} catch (UnsatisfiedLinkError ex) {
|
|
||||||
}
|
|
||||||
loadLib("aprutil-1", libaprutilPath);
|
|
||||||
loadLib("ModSecurityJNI", libModSecurityPath);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,14 +79,14 @@ public final class ModSecurity {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public ModSecurity(FilterConfig fc,
|
public ModSecurity(FilterConfig fc,
|
||||||
String confFile,
|
String confFile,
|
||||||
String zlibPath,
|
String zlibPath,
|
||||||
String libxml2Path,
|
String libxml2Path,
|
||||||
String libpcrePath,
|
String libpcrePath,
|
||||||
String libaprPath,
|
String libaprPath,
|
||||||
String libapriconvPath,
|
String libapriconvPath,
|
||||||
String libaprutilPath,
|
String libaprutilPath,
|
||||||
String libModSecurityPath) throws ServletException {
|
String libModSecurityPath) throws ServletException {
|
||||||
loadNativeLibs(zlibPath, libxml2Path, libpcrePath, libaprPath, libapriconvPath, libaprutilPath, libModSecurityPath);
|
loadNativeLibs(zlibPath, libxml2Path, libpcrePath, libaprPath, libapriconvPath, libaprutilPath, libModSecurityPath);
|
||||||
|
|
||||||
this.filterConfig = fc;
|
this.filterConfig = fc;
|
||||||
|
|||||||
@ -43,6 +43,7 @@ public class ModSecurityFilter implements Filter {
|
|||||||
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code
|
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
//onRequest is responsable of calling MsHttpServletRequest.readBody
|
||||||
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
|
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
|
||||||
|
|
||||||
if (status != ModSecurity.DECLINED) {
|
if (status != ModSecurity.DECLINED) {
|
||||||
|
|||||||
@ -176,6 +176,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
|
|||||||
}
|
}
|
||||||
|
|
||||||
body = new String(bodyBytes, encoding);
|
body = new String(bodyBytes, encoding);
|
||||||
|
|
||||||
if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) {
|
if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) {
|
||||||
addUrlEncoded(body);
|
addUrlEncoded(body);
|
||||||
}
|
}
|
||||||
@ -459,6 +460,14 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
|
|||||||
return sis;
|
return sis;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Replacement for the ServletRequest.getReader() method.
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public BufferedReader getReader() throws java.io.IOException {
|
||||||
|
return new BufferedReader(new InputStreamReader(getInputStream(), encoding));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Replacement for the ServletRequest.getParameter() method.
|
* Replacement for the ServletRequest.getParameter() method.
|
||||||
*/
|
*/
|
||||||
@ -514,6 +523,9 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (count == 0)
|
||||||
|
return null;
|
||||||
|
|
||||||
// put them into a String array
|
// put them into a String array
|
||||||
String values[] = new String[count];
|
String values[] = new String[count];
|
||||||
count = 0;
|
count = 0;
|
||||||
@ -527,11 +539,4 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
|
|||||||
return values;
|
return values;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Replacement for the ServletRequest.getReader() method.
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public BufferedReader getReader() throws java.io.IOException {
|
|
||||||
return new BufferedReader(new InputStreamReader(getInputStream(), encoding));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
@ -17,8 +17,6 @@
|
|||||||
-->
|
-->
|
||||||
</init-param>
|
</init-param>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
OPTIONAL parameters for loading native libraries from absolute paths. This is an alternitive to specifying
|
OPTIONAL parameters for loading native libraries from absolute paths. This is an alternitive to specifying
|
||||||
-Djava.library.path=/path/to/libs/ variable which is used by the JVM to search libraries.
|
-Djava.library.path=/path/to/libs/ variable which is used by the JVM to search libraries.
|
||||||
@ -26,36 +24,34 @@
|
|||||||
zlib1 and libapriconv-1 are Windows only libraries
|
zlib1 and libapriconv-1 are Windows only libraries
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<!--
|
<init-param>
|
||||||
<init-param>
|
|
||||||
<param-name>zlib1</param-name>
|
<param-name>zlib1</param-name>
|
||||||
<param-value>c:\work\zlib1.dll</param-value>
|
<param-value>c:\work\mod_security\java\libs\zlib1.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>libxml2</param-name>
|
<param-name>libxml2</param-name>
|
||||||
<param-value>/usr/lib/i386-linux-gnu/libxml2.so</param-value>
|
<param-value>c:\work\mod_security\java\libs\libxml2.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>libpcre</param-name>
|
<param-name>libpcre</param-name>
|
||||||
<param-value>/usr/lib/i386-linux-gnu/libxml2.so</param-value>
|
<param-value>c:\work\mod_security\java\libs\pcre.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>libapr-1</param-name>
|
<param-name>libapr-1</param-name>
|
||||||
<param-value>/usr/lib/libapr-1.so</param-value>
|
<param-value>c:\work\mod_security\java\libs\libapr-1.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>libapriconv-1</param-name>
|
<param-name>libapriconv-1</param-name>
|
||||||
<param-value>c:\work\zlib1.dll</param-value>
|
<param-value>c:\work\mod_security\java\libs\libapriconv-1.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>libaprutil-1</param-name>
|
<param-name>libaprutil-1</param-name>
|
||||||
<param-value>/usr/lib/libaprutil-1.so</param-value>
|
<param-value>c:\work\mod_security\java\libs\libaprutil-1.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>libModSecurityJNI</param-name>
|
<param-name>libModSecurityJNI</param-name>
|
||||||
<param-value>/usr/lib/libModSecurityJNI.so</param-value>
|
<param-value>c:\work\mod_security\java\libs\ModSecurityJNI.dll</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
-->
|
|
||||||
</filter>
|
</filter>
|
||||||
|
|
||||||
<filter-mapping>
|
<filter-mapping>
|
||||||
|
|||||||
@ -128,6 +128,37 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
|
|||||||
Include activated_rules\*.conf
|
Include activated_rules\*.conf
|
||||||
-->
|
-->
|
||||||
</init-param>
|
</init-param>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
<init-param>
|
||||||
|
<param-name>zlib1</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\zlib1.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>libxml2</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\libxml2.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>libpcre</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\pcre.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>libapr-1</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\libapr-1.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>libapriconv-1</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\libapriconv-1.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>libaprutil-1</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\libaprutil-1.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>libModSecurityJNI</param-name>
|
||||||
|
<param-value>c:\work\mod_security\java\libs\ModSecurityJNI.dll</param-value>
|
||||||
|
</init-param>
|
||||||
|
-->
|
||||||
</filter>
|
</filter>
|
||||||
|
|
||||||
<filter-mapping>
|
<filter-mapping>
|
||||||
@ -158,7 +189,8 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
|
|||||||
<p>
|
<p>
|
||||||
You can specify multiple folders for the <span class="code">java.library.path</span> variable by using
|
You can specify multiple folders for the <span class="code">java.library.path</span> variable by using
|
||||||
: (colon) or ; (semi-colon), depending on your environment. Also, the libraries can be loaded using
|
: (colon) or ; (semi-colon), depending on your environment. Also, the libraries can be loaded using
|
||||||
their absolute path using <span class="code">System.load()</span>.
|
their absolute path by uncommenting the <span class="code">init-param</span> elements in the above
|
||||||
|
filter example.
|
||||||
</p>
|
</p>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -167,8 +199,14 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
|
|||||||
<p>
|
<p>
|
||||||
<a class="code" href="../../ModSecurityLoader/dist/ModSecurityLoader.jar">ModSecurityLoader.jar</a> should be placed
|
<a class="code" href="../../ModSecurityLoader/dist/ModSecurityLoader.jar">ModSecurityLoader.jar</a> should be placed
|
||||||
in the Java server library loader folder (for example, in Tomcat 7: <span class="code">$CATALINA_HOME/lib</span>).
|
in the Java server library loader folder (for example, in Tomcat 7: <span class="code">$CATALINA_HOME/lib</span>).
|
||||||
You can build or modify the load directory of <span class="code">ModSecurityLoader</span> from
|
The server has to be started with the VM options:
|
||||||
<span class="code">/mod_security/java/ModSecurityLoader/src/</span>.
|
</p>
|
||||||
|
<pre class="codecanvas">
|
||||||
|
-Djava.library.path=/path/to/libraries/folder/
|
||||||
|
</pre>
|
||||||
|
<p>
|
||||||
|
or alternatively by specifying <span class="code">init-param</span> elements with absolute paths
|
||||||
|
in the <span class="code">ModSecurityLoaderConfig.xml</span> file.
|
||||||
</p>
|
</p>
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user