Do not intercept internal redirect error documents.

2026-01-10 02:04:36 +03:00 · 2007-08-10 15:50:11 +00:00
parent a9703a0559
commit af5c895d53
2 changed files with 9 additions and 0 deletions
--- a/2
+++ b/2
@@ -1,6 +1,8 @@
 ?? ???? ???? - 2.1.3-rc1
 ------------------------

+ * Do not block internal ErrorDocument requests.
+
 * Added ability to compile without an external API (-DNO_MODSEC_API).


--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -583,6 +583,13 @@ static int hook_request_late(request_rec *r) {

    /* Has this phase been completed already? */
    if (msr->phase_request_body_complete) {
+        /* If we are redirecting and there was no previous response it is
+         * an error page request and we ignore it.
+         */
+        if ((msr->r->prev != NULL) && (msr->r->prev->headers_out == NULL || apr_is_empty_table(msr->r->prev->headers_out))) {
+            msr_log(msr, 9, "Allowing internally redirected error document: %s", msr->r->uri);
+            return DECLINED;
+        }
        if (msr->was_intercepted) {
            msr_log(msr, 4, "Phase REQUEST_BODY request already intercepted. Intercepting additional request.");
            return perform_interception(msr);