From b6e061ed94c28d288cd4aaa29707df6ee447e4ea Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 22 Sep 2014 14:47:43 -0700 Subject: [PATCH] FuzzyHash: if disable giving an run time error instead of config FuzzyHash operator is optional and only installed if the headers for libfuzzy was found in the system. Otherwise, the FuzzyHash operator is disable during the compilation. After this commit, if some rules tries to use it, ModSecurity will produce an runtime error not a config time error, allowing the web server to procede normal with its operations. --- apache2/re_operators.c | 11 +++++++---- tests/regression/misc/30-fuzzyHash.t | 6 +++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 72c994b7..ad4d2b30 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -3789,12 +3789,9 @@ static int msre_op_fuzzy_hash_init(msre_rule *rule, char **error_msg) rule->op_param_data = param_data; #else - *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \ - "compiled with ssdeep support."); - rule->op_param_data = NULL; - return -1; + return 1; #endif return 1; @@ -3852,6 +3849,12 @@ static int msre_op_fuzzy_hash_execute(modsec_rec *msr, msre_rule *rule, } fclose(fp); +#else + *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \ + "compiled with ssdeep support."); + + return -1; + #endif /* No match. */ diff --git a/tests/regression/misc/30-fuzzyHash.t b/tests/regression/misc/30-fuzzyHash.t index 0a96da77..8201ca28 100644 --- a/tests/regression/misc/30-fuzzyHash.t +++ b/tests/regression/misc/30-fuzzyHash.t @@ -12,11 +12,11 @@ SecRule REQUEST_BODY "\@fuzzyHash $ENV{CONF_DIR}/ssdeep.txt 1" "id:192372,log,deny" ), match_log => { - error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"/, 1], - debug => [ qr/Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"/, 1], + error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"|ModSecurity was not compiled with ssdeep support./, 1], + debug => [ qr/Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"|ModSecurity was not compiled with ssdeep support./, 1], }, match_response => { - status => qr/^403$/, + status => qr/^403|200$/, }, request => new HTTP::Request( POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",