From b304ab1aa2a221cc78bf53cc8972e6e1f7ca16da Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Thu, 12 Feb 2015 05:29:45 -0800 Subject: [PATCH] Improves SecRemoteRules messages on IIS IIS was not displaying correctly the error messages and the amount of loaded rules while the operator SecRemoteRules was used. --- apache2/mod_security2.c | 13 ++++--------- iis/mymodule.cpp | 10 ++++++++-- iis/mymodule.h | 1 + standalone/api.c | 32 +++++++++++++++++++++++++++++++- standalone/api.h | 3 ++- 5 files changed, 46 insertions(+), 13 deletions(-) diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index b048343f..519f2cc8 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -752,7 +752,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t real_server_signature); } -#ifndef WIN32 +#ifndef VERSION_IIS if (status_engine_state != STATUS_ENGINE_DISABLED) { msc_status_engine_call(); } @@ -767,18 +767,12 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t /** * Checking if it is not the first time that we are in this very function. * We want to show the messages below during the start and the reload. - * - * Turns out that IIS version does not hit it twice, thus, we have to show - * the message in the first (and unique) opportunity. */ -#ifdef VERSION_IIS - if (first_time == 1) - { -#else +#ifndef VERSION_IIS if (first_time != 1) { -#endif #ifdef WITH_REMOTE_RULES + if (remote_rules_server != NULL) { if (remote_rules_server->amount_of_rules == 1) @@ -804,6 +798,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t remote_rules_fail_message); } } +#endif srand((unsigned int)(time(NULL) * getpid())); diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index 04b1438c..464968cb 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -797,8 +797,12 @@ CMyHttpModule::OnBeginRequest( goto Finished; } - modsecStatusEngineCall(); - + modsecReportRemoteLoadedRules(); + if (this->status_call_already_sent == false) + { + this->status_call_already_sent = true; + modsecStatusEngineCall(); + } } delete apppath; } @@ -1254,6 +1258,8 @@ CMyHttpModule::CMyHttpModule() GetSystemInfo(&sysInfo); m_dwPageSize = sysInfo.dwPageSize; + this->status_call_already_sent = false; + InitializeCriticalSection(&m_csLock); modsecSetLogHook(this, Log); diff --git a/iis/mymodule.h b/iis/mymodule.h index efc11f98..732c2725 100644 --- a/iis/mymodule.h +++ b/iis/mymodule.h @@ -52,6 +52,7 @@ public: void Dispose(); BOOL WriteEventViewerLog(LPCSTR szNotification, WORD category = EVENTLOG_INFORMATION_TYPE); + BOOL status_call_already_sent; }; #endif diff --git a/standalone/api.c b/standalone/api.c index 55055609..438e98df 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -705,7 +705,7 @@ const char *modsecIsServerSignatureAvailale(void) { return new_server_signature; } -#ifdef WIN32 +#ifdef VERSION_IIS void modsecStatusEngineCall() { if (status_engine_state != STATUS_ENGINE_DISABLED) { @@ -717,4 +717,34 @@ void modsecStatusEngineCall() "SecStatusEngine to On.\n"); } } + +void modsecReportRemoteLoadedRules() +{ +#ifdef WITH_REMOTE_RULES + if (remote_rules_server != NULL) + { + if (remote_rules_server->amount_of_rules == 1) + { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "ModSecurity: Loaded %d rule from: '%s'.", + remote_rules_server->amount_of_rules, + remote_rules_server->uri); + } + else + { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "ModSecurity: Loaded %d rules from: '%s'.", + remote_rules_server->amount_of_rules, + remote_rules_server->uri); + } + } +#endif + if (remote_rules_fail_message != NULL) + { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \ + "Problems loading external resources: %s", + remote_rules_fail_message); + } + +} #endif diff --git a/standalone/api.h b/standalone/api.h index fa3fa476..ea4e6881 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -119,8 +119,9 @@ void modsecSetConfigForIISRequestBody(request_rec *r); const char *modsecIsServerSignatureAvailale(void); -#ifdef WIN32 +#ifdef VERSION_IIS void modsecStatusEngineCall(void); +void modsecReportRemoteLoadedRules(void); #endif #ifdef __cplusplus