github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added ctl:ruleRemoveById action. See #259.

Browse Source
This commit is contained in:
brectanus 2007-10-17 19:11:47 +00:00
parent 9efa02f423
commit 974298a76c
4 changed files with 38 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -1,7 +1,9 @@
01 Oct 2007 - 2.5.0-dev3
17 Oct 2007 - 2.5.0-dev3
------------------------
* Added ctl:ruleRemoveById action to allow rule removal on a match.
* Added a @containsWord operator that will match a given string anywhere in
the target value, but only on word boundaries.

47
apache2/re.c
View File

@ -703,6 +703,34 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
continue;
}
/* Check if this rule was removed at runtime */
if ((rule->actionset->id !=NULL) && (! apr_is_empty_array(msr->removed_rules))) {
int j;
int do_process = 1;
const char *range;
for(j = 0; j < msr->removed_rules->nelts; j++) {
range = ((const char**)msr->removed_rules->elts)[j];
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Checking removal of rule id=\"%s\" against: %s", rule->actionset->id, range);
}
if (rule_id_in_range(atoi(rule->actionset->id), range)) {
do_process = 0;
break;
}
}
/* Go to the next rule if this one has been removed. */
if (do_process == 0) {
if (msr->txcfg->debuglog_level >= 5) {
msr_log(msr, 5, "Not processing rule id=\"%s\": removed by ctl action", rule->actionset->id);
}
continue;
}
}
if (msr->txcfg->debuglog_level >= 4) {
apr_pool_t *p = msr->mp;
const char *fn = NULL;
@ -1384,25 +1412,6 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
int invocations = 0;
int multi_match = 0;
/* Check if this rule was excluded at runtime */
if ((rule->actionset->id !=NULL) && (! apr_is_empty_array(msr->removed_rules))) {
const char *range;
for(i = 0; i < msr->removed_rules->nelts; i++) {
range = ((const char**)msr->removed_rules->elts)[i];
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Checking rule id=\"%s\" against exclusion: %s", rule->actionset->id, range);
}
if (rule_id_in_range(atoi(rule->actionset->id), range)) {
msr_log(msr, 5, "Rule id=\"%s\" excluded.", rule->actionset->id);
return RULE_NO_MATCH;
}
}
}
/* Choose the correct metadata/disruptive action actionset. */
acting_actionset = rule->actionset;
if (rule->chain_starter != NULL) {

4
apache2/re_actions.c
View File

@ -482,7 +482,7 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
if (strcasecmp(value, "detectiononly") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name ruleEngine: %s", value);
} else
if (strcasecmp(name, "removeRuleById") == 0) {
if (strcasecmp(name, "ruleRemoveById") == 0) {
/* ENH nothing yet */
return NULL;
} else
@ -603,7 +603,7 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
return 1;
} else
if (strcasecmp(name, "removeRuleById") == 0) {
if (strcasecmp(name, "ruleRemoveById") == 0) {
*(const char **)apr_array_push(msr->removed_rules) = (const char *)apr_pstrdup(msr->mp, value);
return 1;
} else

6
doc/modsecurity2-apache-reference.xml
View File

@ -3624,6 +3624,10 @@ SecRule REQUEST_CONTENT_TYPE ^text/xml nolog,pass,<emphasis role="bold">ctl:requ
<para><literal moreinfo="none">debugLogLevel</literal></para>
</listitem>
<listitem>
<para><literal moreinfo="none">ruleRemoveById</literal></para>
</listitem>
<listitem>
<para><literal moreinfo="none">requestBodyAccess</literal></para>
</listitem>
@ -5110,4 +5114,4 @@ SecRule REQUEST_METHOD "!<emphasis role="bold">@within %{tx.allowed_methods}</em
</section>
</section>
</section>
</article>
</article>