From a45fe95ed59cd4c46b10a8ebdcb2e4e98d7083e6 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 22 Sep 2014 14:47:43 -0700 Subject: [PATCH] FuzzyHash: if disable giving an run time error instead of config FuzzyHash operator is optional and only installed if the headers for libfuzzy was found in the system. Otherwise, the FuzzyHash operator is disable during the compilation. After this commit, if some rules tries to use it, ModSecurity will produce an runtime error not a config time error, allowing the web server to procede normal with its operations. --- apache2/re_operators.c | 11 +++++++---- tests/regression/misc/30-fuzzyHash.t | 6 +++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 72c994b7..ad4d2b30 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -3789,12 +3789,9 @@ static int msre_op_fuzzy_hash_init(msre_rule *rule, char **error_msg) rule->op_param_data = param_data; #else - *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \ - "compiled with ssdeep support."); - rule->op_param_data = NULL; - return -1; + return 1; #endif return 1; @@ -3852,6 +3849,12 @@ static int msre_op_fuzzy_hash_execute(modsec_rec *msr, msre_rule *rule, } fclose(fp); +#else + *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \ + "compiled with ssdeep support."); + + return -1; + #endif /* No match. */ diff --git a/tests/regression/misc/30-fuzzyHash.t b/tests/regression/misc/30-fuzzyHash.t index 0a96da77..8201ca28 100644 --- a/tests/regression/misc/30-fuzzyHash.t +++ b/tests/regression/misc/30-fuzzyHash.t @@ -12,11 +12,11 @@ SecRule REQUEST_BODY "\@fuzzyHash $ENV{CONF_DIR}/ssdeep.txt 1" "id:192372,log,deny" ), match_log => { - error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"/, 1], - debug => [ qr/Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"/, 1], + error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"|ModSecurity was not compiled with ssdeep support./, 1], + debug => [ qr/Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"|ModSecurity was not compiled with ssdeep support./, 1], }, match_response => { - status => qr/^403$/, + status => qr/^403|200$/, }, request => new HTTP::Request( POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",