github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make phase 5 more strict and catch an inherited disruptive action. See #429.

Browse Source
This commit is contained in:
brectanus 2007-12-17 05:13:49 +00:00
parent 5bd9e0640f
commit 8a1687bf36
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apache2/apache2_config.c
View File

@ -556,12 +556,6 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, const char *
/* Check some cases prior to merging so we know where it came from */
/* Must NOT specify a disruptive action in logging phase. */
if ((rule->actionset != NULL) && (rule->actionset->phase == PHASE_LOGGING) && (rule->actionset->intercept_action != ACTION_ALLOW && rule->actionset->intercept_action != ACTION_NONE)) {
return apr_psprintf(cmd->pool, "ModSecurity: Disruptive actions "
"cannot be specified in the logging phase. %d", rule->actionset->intercept_action);
}
/* Check syntax for chained rules */
if ((rule->actionset != NULL) && (dcfg->tmp_chain_starter != NULL)) {
/* Must NOT specify a disruptive action. */
@ -600,6 +594,12 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, const char *
rule->actionset = msre_actionset_merge(modsecurity->msre, dcfg->tmp_default_actionset,
rule->actionset, 1);
/* Must NOT specify a disruptive action in logging phase. */
if ((rule->actionset != NULL) && (rule->actionset->phase == PHASE_LOGGING) && (rule->actionset->intercept_action != ACTION_ALLOW) && (rule->actionset->intercept_action != ACTION_NONE)) {
return apr_psprintf(cmd->pool, "ModSecurity: Disruptive actions "
"cannot be specified in the logging phase.");
}
if (dcfg->tmp_chain_starter != NULL) {
rule->chain_starter = dcfg->tmp_chain_starter;
rule->actionset->phase = rule->chain_starter->actionset->phase;