github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds SecRemoteRules as an build option

Browse Source 
SecRemoteRules adds a new dependency to libcurl. Before only mlogc was
depending on libcurl. SecRemoteRules also depends on the apr-tools with
crypto support, which (as reported by our buildbots) is not default in
some environments such as: MacOS X. This commit disable SecRemoteRules
support if apr-tools was not compiled with crypto support.
This commit is contained in:
Felipe Zimmerle 2014-11-12 11:44:45 -03:00
parent 38b9924705
commit c54bb746c6
5 changed files with 41 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apache2/apache2_config.c
View File

@ -2217,7 +2217,7 @@ static const char *cmd_remote_rules_fail(cmd_parms *cmd, void *_dcfg, const char
{ {
directory_config *dcfg = (directory_config *)_dcfg; directory_config *dcfg = (directory_config *)_dcfg;
if (dcfg == NULL) return NULL; if (dcfg == NULL) return NULL;
#ifdef WITH_REMOTE_RULES_SUPPORT
if (strncasecmp(p1, "warn", 4) == 0) if (strncasecmp(p1, "warn", 4) == 0)
{ {
remote_rules_fail_action = REMOTE_RULES_WARN_ON_FAIL; remote_rules_fail_action = REMOTE_RULES_WARN_ON_FAIL;
@ -2231,6 +2231,10 @@ static const char *cmd_remote_rules_fail(cmd_parms *cmd, void *_dcfg, const char
return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \ return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
"SecRemoteRulesFailAction, expected: Abort or Warn."); "SecRemoteRulesFailAction, expected: Abort or Warn.");
} }
#else
return apr_psprintf(cmd->pool, "ModSecurity: " \
"SecRemoteRules: ModSecurity was not compiled with such functionality.");
#endif
return NULL; return NULL;
} }
@ -2242,6 +2246,7 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
directory_config *dcfg = (directory_config *)_dcfg; directory_config *dcfg = (directory_config *)_dcfg;
if (dcfg == NULL) return NULL; if (dcfg == NULL) return NULL;
#ifdef WITH_REMOTE_RULES_SUPPORT
// FIXME: make it https only. // FIXME: make it https only.
// if (strncasecmp(p1, "https", 5) != 0) { // if (strncasecmp(p1, "https", 5) != 0) {
if (strncasecmp(p2, "http", 4) != 0) { if (strncasecmp(p2, "http", 4) != 0) {
@ -2274,6 +2279,10 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
{ {
return error_msg; return error_msg;
} }
#else
return apr_psprintf(cmd->pool, "ModSecurity: " \
"SecRemoteRules: ModSecurity was not compiled with such functionality.");
#endif
return NULL; return NULL;
} }

4
apache2/mod_security2.c
View File

@ -68,8 +68,10 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0;
unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0; unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;
#ifdef WITH_REMOTE_RULES_SUPPORT
msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL; msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL; int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
#endif
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED; int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
@ -759,6 +761,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
} }
#endif #endif
#ifdef WITH_REMOTE_RULES_SUPPORT
if (remote_rules_server != NULL) if (remote_rules_server != NULL)
{ {
if (remote_rules_server->amount_of_rules == 1) if (remote_rules_server->amount_of_rules == 1)
@ -776,6 +779,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
remote_rules_server->uri); remote_rules_server->uri);
} }
} }
#endif
} }
srand((unsigned int)(time(NULL) * getpid())); srand((unsigned int)(time(NULL) * getpid()));

5
apache2/modsecurity.h
View File

@ -33,7 +33,6 @@ typedef struct msc_arg msc_arg;
typedef struct msc_string msc_string; typedef struct msc_string msc_string;
typedef struct msc_parm msc_parm; typedef struct msc_parm msc_parm;
#include "msc_remote_rules.h"
#include "msc_release.h" #include "msc_release.h"
#include "msc_logging.h" #include "msc_logging.h"
#include "msc_multipart.h" #include "msc_multipart.h"
@ -47,11 +46,13 @@ typedef struct msc_parm msc_parm;
#include "msc_unicode.h" #include "msc_unicode.h"
#include "re.h" #include "re.h"
#include "msc_crypt.h" #include "msc_crypt.h"
#include "msc_remote_rules.h"
#include "ap_config.h" #include "ap_config.h"
#include "apr_md5.h" #include "apr_md5.h"
#include "apr_strings.h" #include "apr_strings.h"
#include "apr_hash.h" #include "apr_hash.h"
#include "apr_crypto.h"
#include "httpd.h" #include "httpd.h"
#include "http_config.h" #include "http_config.h"
#include "http_log.h" #include "http_log.h"
@ -145,8 +146,10 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit;
extern DSOLOCAL unsigned long int msc_pcre_match_limit_recursion; extern DSOLOCAL unsigned long int msc_pcre_match_limit_recursion;
#ifdef WITH_REMOTE_RULES_SUPPORT
extern DSOLOCAL msc_remote_rules_server *remote_rules_server; extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
extern DSOLOCAL int remote_rules_fail_action; extern DSOLOCAL int remote_rules_fail_action;
#endif
extern DSOLOCAL int status_engine_state; extern DSOLOCAL int status_engine_state;

5
apache2/msc_remote_rules.c
View File

@ -26,9 +26,7 @@
#define AP_MAX_ARGC 64 #define AP_MAX_ARGC 64
#endif #endif
#ifndef APU_HAVE_CRYPTO #ifdef WITH_REMOTE_RULES_SUPPORT
#error Missing apu crypto module
#endif
/** /**
* @brief Insert a new SecRule to be processed by ModSecurity * @brief Insert a new SecRule to be processed by ModSecurity
@ -716,3 +714,4 @@ end:
return 0; return 0;
} }
#endif

31
apache2/msc_remote_rules.h
View File

@ -12,23 +12,33 @@
* directly using the email address security@modsecurity.org. * directly using the email address security@modsecurity.org.
*/ */
#if APU_HAVE_CRYPTO
#define WITH_REMOTE_RULES_SUPPORT
#endif
#ifdef WITH_REMOTE_RULES_SUPPORT
#ifndef MSC_REMOTE_RULES_H #ifndef MSC_REMOTE_RULES_H
#define MSC_REMOTE_RULES_H #define MSC_REMOTE_RULES_H
#include <apr_general.h> /* forward declarations */
#include <apr_optional.h>
#include <apr_thread_pool.h>
#include <curl/curl.h>
#include <apr_sha1.h>
#include <apr_crypto.h>
#include "http_core.h"
typedef struct msc_remote_rules_server msc_remote_rules_server; typedef struct msc_remote_rules_server msc_remote_rules_server;
struct msc_curl_memory_buffer_t; struct msc_curl_memory_buffer_t;
#include "modsecurity.h" #include "modsecurity.h"
#include <apr_general.h>
#include <apr_optional.h>
#include <apr_thread_pool.h>
#include <apr_sha1.h>
#include "http_core.h"
#include "http_config.h"
#include <curl/curl.h>
#include <apr_crypto.h>
struct msc_remote_rules_server { struct msc_remote_rules_server {
directory_config *context; directory_config *context;
const char *context_label; const char *context_label;
@ -38,7 +48,7 @@ struct msc_remote_rules_server {
}; };
const char *msc_remote_invoke_cmd(const command_rec *cmd, cmd_parms *parms, const char *msc_remote_invoke_cmd(const command_rec *cmd, cmd_parms *parms,
void *mconfig, const char *args); void *mconfig, const char *args);
int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key, int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
struct msc_curl_memory_buffer_t *chunk, char **error_msg); struct msc_curl_memory_buffer_t *chunk, char **error_msg);
@ -64,4 +74,5 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
int msc_remote_clean_chunk(struct msc_curl_memory_buffer_t *chunk); int msc_remote_clean_chunk(struct msc_curl_memory_buffer_t *chunk);
#endif #endif
#endif