mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 13:56:01 +03:00
Added ctl:ruleRemoveById action. See #259.
This commit is contained in:
brectanus
parent
9efa02f423
commit
974298a76c
4
CHANGES
4
CHANGES
@ -1,7 +1,9 @@
|
|||||||
|
|
||||||
01 Oct 2007 - 2.5.0-dev3
|
17 Oct 2007 - 2.5.0-dev3
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
|
* Added ctl:ruleRemoveById action to allow rule removal on a match.
|
||||||
|
|
||||||
* Added a @containsWord operator that will match a given string anywhere in
|
* Added a @containsWord operator that will match a given string anywhere in
|
||||||
the target value, but only on word boundaries.
|
the target value, but only on word boundaries.
|
||||||
|
|
||||||
|
|||||||
47
apache2/re.c
47
apache2/re.c
@ -703,6 +703,34 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Check if this rule was removed at runtime */
|
||||||
|
if ((rule->actionset->id !=NULL) && (! apr_is_empty_array(msr->removed_rules))) {
|
||||||
|
int j;
|
||||||
|
int do_process = 1;
|
||||||
|
const char *range;
|
||||||
|
|
||||||
|
for(j = 0; j < msr->removed_rules->nelts; j++) {
|
||||||
|
range = ((const char**)msr->removed_rules->elts)[j];
|
||||||
|
|
||||||
|
if (msr->txcfg->debuglog_level >= 9) {
|
||||||
|
msr_log(msr, 9, "Checking removal of rule id=\"%s\" against: %s", rule->actionset->id, range);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rule_id_in_range(atoi(rule->actionset->id), range)) {
|
||||||
|
do_process = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Go to the next rule if this one has been removed. */
|
||||||
|
if (do_process == 0) {
|
||||||
|
if (msr->txcfg->debuglog_level >= 5) {
|
||||||
|
msr_log(msr, 5, "Not processing rule id=\"%s\": removed by ctl action", rule->actionset->id);
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (msr->txcfg->debuglog_level >= 4) {
|
if (msr->txcfg->debuglog_level >= 4) {
|
||||||
apr_pool_t *p = msr->mp;
|
apr_pool_t *p = msr->mp;
|
||||||
const char *fn = NULL;
|
const char *fn = NULL;
|
||||||
@ -1384,25 +1412,6 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
|
|||||||
int invocations = 0;
|
int invocations = 0;
|
||||||
int multi_match = 0;
|
int multi_match = 0;
|
||||||
|
|
||||||
/* Check if this rule was excluded at runtime */
|
|
||||||
if ((rule->actionset->id !=NULL) && (! apr_is_empty_array(msr->removed_rules))) {
|
|
||||||
const char *range;
|
|
||||||
|
|
||||||
for(i = 0; i < msr->removed_rules->nelts; i++) {
|
|
||||||
range = ((const char**)msr->removed_rules->elts)[i];
|
|
||||||
|
|
||||||
if (msr->txcfg->debuglog_level >= 9) {
|
|
||||||
msr_log(msr, 9, "Checking rule id=\"%s\" against exclusion: %s", rule->actionset->id, range);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (rule_id_in_range(atoi(rule->actionset->id), range)) {
|
|
||||||
msr_log(msr, 5, "Rule id=\"%s\" excluded.", rule->actionset->id);
|
|
||||||
return RULE_NO_MATCH;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Choose the correct metadata/disruptive action actionset. */
|
/* Choose the correct metadata/disruptive action actionset. */
|
||||||
acting_actionset = rule->actionset;
|
acting_actionset = rule->actionset;
|
||||||
if (rule->chain_starter != NULL) {
|
if (rule->chain_starter != NULL) {
|
||||||
|
|||||||
@ -482,7 +482,7 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
if (strcasecmp(value, "detectiononly") == 0) return NULL;
|
if (strcasecmp(value, "detectiononly") == 0) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name ruleEngine: %s", value);
|
return apr_psprintf(engine->mp, "Invalid setting for ctl name ruleEngine: %s", value);
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "removeRuleById") == 0) {
|
if (strcasecmp(name, "ruleRemoveById") == 0) {
|
||||||
/* ENH nothing yet */
|
/* ENH nothing yet */
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
@ -603,7 +603,7 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
|||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "removeRuleById") == 0) {
|
if (strcasecmp(name, "ruleRemoveById") == 0) {
|
||||||
*(const char **)apr_array_push(msr->removed_rules) = (const char *)apr_pstrdup(msr->mp, value);
|
*(const char **)apr_array_push(msr->removed_rules) = (const char *)apr_pstrdup(msr->mp, value);
|
||||||
return 1;
|
return 1;
|
||||||
} else
|
} else
|
||||||
|
|||||||
@ -3624,6 +3624,10 @@ SecRule REQUEST_CONTENT_TYPE ^text/xml nolog,pass,<emphasis role="bold">ctl:requ
|
|||||||
<para><literal moreinfo="none">debugLogLevel</literal></para>
|
<para><literal moreinfo="none">debugLogLevel</literal></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><literal moreinfo="none">ruleRemoveById</literal></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><literal moreinfo="none">requestBodyAccess</literal></para>
|
<para><literal moreinfo="none">requestBodyAccess</literal></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@ -5110,4 +5114,4 @@ SecRule REQUEST_METHOD "!<emphasis role="bold">@within %{tx.allowed_methods}</em
|
|||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user