github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 17:41:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

nginx refactoring

Browse Source 
Refactoring on the nginx module, including:
 - Better handling larger posts;
 - Now using nginx echo module during the regression tests.
 - Better interacting with neginx chain rules
 - Separation of the request handling and content filters.
 - Better handling nginx sessions and resource counts to allow a
   more efficient garbage collector.
 - Handling both http/1.0 and 1.1, including keep-alive.
 - Tests are now capable to test nginx as a proxy or end-server.
 - Tested agains nginx 1.6 and 1.7.
This commit is contained in:
Felipe Zimmerle
2014-04-28 06:28:11 -07:00
parent fda20322fb
commit a3433c3d17
1 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
nginx/modsecurity/ngx_http_modsecurity.c
View File

@@ -21,6 +21,7 @@
/* Those are defined twice, lets keep it defined just once by `undef`
* the first one.
*/
*/
#undef CR
#undef LF
#undef CRLF
@@ -228,7 +229,6 @@ ngx_pstrdup0(ngx_pool_t *pool, ngx_str_t *src)
return dst;
}
/*
* MultiplyDeBruijnBitPosition
* http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup
@@ -563,6 +563,10 @@ ngx_http_modsecurity_load_request_body(ngx_http_request_t *r)
ngx_http_modsecurity_ctx_t *ctx;
ngx_chain_t *chain;
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: loading request body.");
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: loading request body.");
@@ -598,7 +602,6 @@ ngx_http_modsecurity_load_request_body(ngx_http_request_t *r)
return NGX_OK;
}
static ngx_inline ngx_int_t
ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
{
@@ -607,7 +610,6 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
apr_off_t content_length;
ngx_buf_t *buf;
#endif
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
#ifdef MOVE_REQUEST_CHAIN_TO_MODSEC
@@ -619,10 +621,8 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
apr_brigade_cleanup(ctx->brigade);
buf->last += content_length;
r->header_in = buf;
if (r->headers_in.content_length) {
ngx_str_t *str = NULL;
str = &r->headers_in.content_length->value;
str->data = ngx_palloc(r->pool, NGX_OFF_T_LEN);
if (str->data == NULL) {
@@ -631,11 +631,7 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
}
str->len = ngx_snprintf(str->data, NGX_OFF_T_LEN, "%O",
content_length) - str->data;
}
r->headers_in.content_length_n = content_length;
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: Content length: %O, Content length n: %O", content_length,
r->headers_in.content_length_n);
@@ -643,6 +639,9 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
apr_brigade_cleanup(ctx->brigade);
#endif
r->headers_in.content_length_n = content_length;
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSec: Content length: %O, Content length n: %O", content_length, r->headers_in.content_length_n);
return NGX_OK;
}
@@ -1151,19 +1150,25 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: ModSecurity is not enabled or not a main request.");
ctx = ngx_http_modsecurity_create_ctx(r);
return NGX_DECLINED;
if (ngx_http_set_pool_ctx(r, ctx, ngx_http_modsecurity) != NGX_OK) {
return NGX_ERROR;
}
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: Recovering ctx: %p", ctx);
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: ctx is null, nothing we can do, returning.");
if (ctx == NULL) {
ctx = ngx_http_modsecurity_create_ctx(r);
ngx_http_set_ctx(r, ctx, ngx_http_modsecurity);
"ModSec: ctx is now: %p / count: %d", ctx, r->main->count);
if (ngx_http_set_pool_ctx(r, ctx, ngx_http_modsecurity) != NGX_OK) {
return NGX_ERROR;
}
@@ -1181,12 +1186,9 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: ctx is now: %p / count: %d", ctx, r->main->count);
if (modsecContextState(ctx->req) == MODSEC_DISABLED) {
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: ModSecurity was disabled, returning....", ctx);
return NGX_DECLINED;
}
if (ctx->waiting_more_body == 1) {
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: waiting for more data before proceed. / count: %d",
@@ -1194,6 +1196,7 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
return NGX_DONE;
}
ngx_http_modsecurity_request_read);
if (ctx->body_requested == 0) {
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
@@ -1218,12 +1221,16 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
}
if (ctx->waiting_more_body == 0 && ctx->request_processed == 0) {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: request is ready to be processed.");
ngx_http_modsecurity_process_request(r);
ctx->request_processed = 1;
}
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: request is ready to be processed.");
rc = ngx_http_modsecurity_process_request(r);
ctx->request_processed = 1;
if (rc == NGX_ERROR || rc >= NGX_HTTP_SPECIAL_RESPONSE) {
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: returning a special response after process " \
@@ -1232,8 +1239,10 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
return rc;
}
void
ngx_http_modsecurity_request_read(ngx_http_request_t *r)
{
}
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSec: returning NGX_DECLINED." );
@@ -1435,7 +1444,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
}
return ngx_http_next_body_filter(r, out);
#endif
return NGX_OK;
}
#endif