github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 06:57:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Always log the message in the auditlog if "auditlog" is used (MODSEC-78).

Browse Source
This commit is contained in:
b1v1r
2009-07-23 21:26:19 +00:00
parent 6ee2c6e5f8
commit b77784c3ee
4 changed files with 44 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -1,6 +1,10 @@
22 July 2009 - 2.5.10-dev1
23 July 2009 - 2.5.10-dev1
--------------------------
* Using nolog,auditlog will now log the "Message:" line to the auditlog, but
nothing to the error log. Prior versions dropped the "Message:" line from
both logs. To do this now, just use "nolog" or "nolog,noauditlog".
* Forced mlogc to use SSLv3 to avoid some potential auto negotiation
issues with some libcurl versions.

25
apache2/modsecurity.c
View File

@@ -26,17 +26,34 @@
#include "msc_xml.h"
/**
* Log an alert message to the log, adding the rule metadata at the end.
* Format an alert message.
*/
void msc_alert(modsec_rec *msr, int level, msre_actionset *actionset, const char *action_message,
const char * msc_alert_message(modsec_rec *msr, msre_actionset *actionset, const char *action_message,
const char *rule_message)
{
const char *message = NULL;
if (rule_message == NULL) rule_message = "Unknown error.";
message = apr_psprintf(msr->mp, "%s %s%s", action_message,
rule_message, msre_format_metadata(msr, actionset));
if (action_message == NULL) {
message = apr_psprintf(msr->mp, "%s%s",
rule_message, msre_format_metadata(msr, actionset));
}
else {
message = apr_psprintf(msr->mp, "%s %s%s", action_message,
rule_message, msre_format_metadata(msr, actionset));
}
return message;
}
/**
* Log an alert message to the log, adding the rule metadata at the end.
*/
void msc_alert(modsec_rec *msr, int level, msre_actionset *actionset, const char *action_message,
const char *rule_message)
{
const char *message = msc_alert_message(msr, actionset, action_message, rule_message);
msr_log(msr, level, "%s", message);
}

3
apache2/modsecurity.h
View File

@@ -545,6 +545,9 @@ apr_status_t DSOLOCAL modsecurity_request_body_retrieve(modsec_rec *msr, msc_dat
void DSOLOCAL msc_add(modsec_rec *msr, int level, msre_actionset *actionset,
const char *action_message, const char *rule_message);
const char DSOLOCAL *msc_alert_message(modsec_rec *msr, msre_actionset *actionset, const char *action_message,
const char *rule_message);
void DSOLOCAL msc_alert(modsec_rec *msr, int level, msre_actionset *actionset, const char *action_message,
const char *rule_message);

16
apache2/re.c
View File

@@ -1660,8 +1660,22 @@ static void msre_perform_disruptive_actions(modsec_rec *msr, msre_rule *rule,
|| (msr->modsecurity->processing_mode == MODSEC_OFFLINE)
|| (actionset->intercept_action == ACTION_NONE))
{
int log_level;
/* If "nolog" was used log at a higher level to prevent an "alert". */
int log_level = (actionset->log == 0 ? 4 : 2);
if (actionset->log == 0) {
log_level = 4;
/* But, if "auditlog" is enabled, then still add the message. */
if (actionset->auditlog != 0) {
*(const char **)apr_array_push(msr->alerts) = msc_alert_message(msr, actionset, NULL, message);
}
}
else {
log_level = 2;
}
msc_alert(msr, log_level, actionset, "Warning.", message);
/* However, this will mark the txn relevant again if it is <= 3,