github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Honor the SecRuleEngine while filtering connections

Browse Source 
The SecRuleEngine has the capability to Enable, Disable or even to place the
ModSecurity in DetectionOnly mode. The SecReadStateLimit and SecWriteStateLimit
were not honoring such state, due the fact that our configuration belongs to
requests not to connections, the only struct that exists while those filters
are placed. By adding a global variable "conn_limits_filter_state" we are now
able to identify the current state of the ModSecurity, once the configuration
is loaded this variable is set and used by the connections filters.
This commit is contained in:
Felipe Zimmerle
2013-10-31 14:28:00 -07:00
parent 0037a0732a
commit a15f8813e9
3 changed files with 53 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apache2/modsecurity.h
View File

@@ -145,6 +145,8 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit_recursion;
extern DSOLOCAL int status_engine_state;
extern DSOLOCAL int conn_limits_filter_state;
extern DSOLOCAL unsigned long int conn_read_state_limit;
extern DSOLOCAL TreeRoot *conn_read_state_whitelist;
extern DSOLOCAL TreeRoot *conn_read_state_suspicious_list;