Improvements in detection only

apache2/apache2_config.c

@@ -1750,12 +1750,7 @@ static const char *cmd_resquest_body_limit_action(cmd_parms *cmd, void *_dcfg,
     directory_config *dcfg = (directory_config *)_dcfg;
     if (dcfg == NULL) return NULL;
 
-    if (dcfg->is_enabled == MODSEC_DETECTION_ONLY)  {
-        dcfg->if_limit_action = REQUEST_BODY_LIMIT_ACTION_PARTIAL;
-        return NULL;
-    }
-
-    if (strcasecmp(p1, "ProcessPartial") == 0) dcfg->if_limit_action = RESPONSE_BODY_LIMIT_ACTION_PARTIAL;
+    if (strcasecmp(p1, "ProcessPartial") == 0) dcfg->if_limit_action = REQUEST_BODY_LIMIT_ACTION_PARTIAL;
     else
     if (strcasecmp(p1, "Reject") == 0) dcfg->if_limit_action = REQUEST_BODY_LIMIT_ACTION_REJECT;
     else

apache2/apache2_io.c

@@ -236,27 +236,57 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
 
             /* Check request body limit (should only trigger on chunked requests). */
             if (msr->reqbody_length + buflen > (apr_size_t)msr->txcfg->reqbody_limit) {
-                *error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
-                        "configured limit (%ld).", msr->txcfg->reqbody_limit);
-                if(msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)
+                if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
+                    *error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
+                            "configured limit (%ld).", msr->txcfg->reqbody_limit);
                     return -5;
+                } else if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {
 
-                seen_eos = 1;
+                    *error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
+                            "configured limit (%ld).", msr->txcfg->reqbody_limit);
 
-                buflen = (msr->txcfg->reqbody_limit - msr->reqbody_length);
+                    seen_eos = 1;
+                    buflen = (msr->txcfg->reqbody_limit - msr->reqbody_length);
+
+                } else if ((msr->txcfg->is_enabled == MODSEC_DETECTION_ONLY) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)){
+
+                    seen_eos = 1;
+                    buflen = (msr->txcfg->reqbody_limit - msr->reqbody_length);
+
+                } else  {
+
+                    *error_msg = apr_psprintf(msr->mp, "A Request body is larger than the "
+                            "configured limit (%ld).", msr->txcfg->reqbody_limit);
+
+                    return -5;
+                }
             }
 
             if (buflen != 0) {
                 int rcbs = modsecurity_request_body_store(msr, buf, buflen, error_msg);
                 if (rcbs < 0) {
                     if (rcbs == -5) {
-                        *error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
-                                "configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
-                        if(msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)
+                        if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
+                            *error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
+                                    "configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
                             return -5;
+                        } else if ((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {
+                            *error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
+                                    "configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
+
+                        } else if ((msr->txcfg->is_enabled == MODSEC_DETECTION_ONLY) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {
+                            *error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
+                                    "configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
+                        } else {
+                            *error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
+                                    "configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
+                            return -5;
+                        }
                     }
 
-                    if(msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)
+                    if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT))
+                        return -1;
+                    if((msr->txcfg->is_enabled == MODSEC_DETECTION_ONLY) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT))
                         return -1;
                 }
 

apache2/mod_security2.c

@@ -732,22 +732,28 @@ static int hook_request_late(request_rec *r) {
         /* Check request body limit (non-chunked requests only). */
         if (msr->request_content_length > msr->txcfg->reqbody_limit) {
 
-            msr->inbound_error = 1;
-
-            if(msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT) {
+            if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
+                msr->inbound_error = 1;
                 msr_log(msr, 1, "Request body (Content-Length) is larger than the "
-                         "configured limit (%ld). Deny with status (%d)", msr->txcfg->reqbody_limit, HTTP_REQUEST_ENTITY_TOO_LARGE);
+                        "configured limit (%ld). Deny with status (%d)", msr->txcfg->reqbody_limit, HTTP_REQUEST_ENTITY_TOO_LARGE);
                 return HTTP_REQUEST_ENTITY_TOO_LARGE;
-            } else {
+            } else if ((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)){
+                msr->inbound_error = 1;
                 msr_log(msr, 1, "Request body (Content-Length) is larger than the "
-                         "configured limit (%ld).", msr->txcfg->reqbody_limit);
+                        "configured limit (%ld).", msr->txcfg->reqbody_limit);
+            } else if ((msr->txcfg->is_enabled == MODSEC_DETECTION_ONLY) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)){
+                msr->inbound_error = 1;
+            } else  {
+                msr_log(msr, 1, "A Request body (Content-Length) is larger than the "
+                        "configured limit (%ld).", msr->txcfg->reqbody_limit);
+                msr->inbound_error = 1;
             }
         }
     }
 
     /* Figure out whether to extract multipart files. */
     if ((msr->txcfg->upload_keep_files != KEEP_FILES_OFF) /* user might want to keep them */
-        || (msr->txcfg->upload_validates_files)) /* user might want to validate them */
+            || (msr->txcfg->upload_validates_files)) /* user might want to validate them */
     {
         msr->upload_extract_files = 1;
         msr->upload_remove_files = 1;
@@ -771,7 +777,7 @@ static int hook_request_late(request_rec *r) {
                 break;
             case -5 : /* Request body limit reached. */
                 msr->inbound_error = 1;
-                if(msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)    {
+                if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT))    {
                     r->connection->keepalive = AP_CONN_CLOSE;
                     if (my_error_msg != NULL) {
                         msr_log(msr, 1, "%s. Deny with code (%d)", my_error_msg, HTTP_REQUEST_ENTITY_TOO_LARGE);