github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Process phase 1 in the same Apache hook as phase 2 (MODSEC-98)

Browse Source
This commit is contained in:
ivanr 2009-11-07 10:14:40 +00:00
parent 3b12989683
commit cb8b76f4ef
1 changed files with 54 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
apache2/mod_security2.c
View File

@ -544,11 +544,12 @@ static void hook_child_init(apr_pool_t *mp, server_rec *s) {
/** /**
* Initial request processing, executed immediatelly after * Initial request processing, executed immediatelly after
* Apache receives the request headers. * Apache receives the request headers. This function wil create
* a transaction context.
*/ */
static int hook_request_early(request_rec *r) { static int hook_request_early(request_rec *r) {
modsec_rec *msr = NULL; modsec_rec *msr = NULL;
int rc; int rc = DECLINED;
/* This function needs to run only once per transaction /* This function needs to run only once per transaction
* (i.e. subrequests and redirects are excluded). * (i.e. subrequests and redirects are excluded).
@ -563,6 +564,11 @@ static int hook_request_early(request_rec *r) {
msr = create_tx_context(r); msr = create_tx_context(r);
if (msr == NULL) return DECLINED; if (msr == NULL) return DECLINED;
#if 0
/* NOTE This check is not currently needed, but it may be needed in the
* future when we add another early phase.
*/
/* Are we allowed to continue? */ /* Are we allowed to continue? */
if (msr->txcfg->is_enabled == MODSEC_DISABLED) { if (msr->txcfg->is_enabled == MODSEC_DISABLED) {
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
@ -570,24 +576,7 @@ static int hook_request_early(request_rec *r) {
} }
return DECLINED; return DECLINED;
} }
#endif
/* Process phase REQUEST_HEADERS */
rc = DECLINED;
if (modsecurity_process_phase(msr, PHASE_REQUEST_HEADERS) > 0) {
rc = perform_interception(msr);
}
if ( (msr->txcfg->is_enabled != MODSEC_DISABLED)
&& (msr->txcfg->reqbody_access == 1)
&& (rc == DECLINED))
{
/* Check request body limit (non-chunked requests only). */
if (msr->request_content_length > msr->txcfg->reqbody_limit) {
msr_log(msr, 1, "Request body (Content-Length) is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_limit);
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
}
return rc; return rc;
} }
@ -658,13 +647,51 @@ static int hook_request_late(request_rec *r) {
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Processing disabled, skipping (hook request_late)."); msr_log(msr, 4, "Processing disabled, skipping (hook request_late).");
} }
return DECLINED; return DECLINED;
} }
/* Phase 1 */
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "First phase starting (dcfg %pp).", msr->dcfg2);
}
/* Process phase REQUEST_HEADERS */
if (modsecurity_process_phase(msr, PHASE_REQUEST_HEADERS) > 0) {
/* There was a match; see if we need to intercept. */
rc = perform_interception(msr);
if (rc != DECLINED) {
/* Intercepted */
return rc;
}
}
/* The rule engine could have been disabled in phase 1. */
if (msr->txcfg->is_enabled == MODSEC_DISABLED) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Skipping phase 2 as the rule engine was disabled by a rule in phase 1.");
}
return DECLINED;
}
/* Phase 2 */
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Second phase starting (dcfg %pp).", msr->dcfg2); msr_log(msr, 4, "Second phase starting (dcfg %pp).", msr->dcfg2);
} }
/* Check that the request body is not too long, but only
* if configuration allows for request body access.
*/
if (msr->txcfg->reqbody_access == 1) {
/* Check request body limit (non-chunked requests only). */
if (msr->request_content_length > msr->txcfg->reqbody_limit) {
msr_log(msr, 1, "Request body (Content-Length) is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_limit);
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
}
/* Figure out whether or not to extract multipart files. */ /* Figure out whether or not to extract multipart files. */
if ((msr->txcfg->upload_keep_files != KEEP_FILES_OFF) /* user might want to keep them */ if ((msr->txcfg->upload_keep_files != KEEP_FILES_OFF) /* user might want to keep them */
|| (msr->txcfg->upload_validates_files)) /* user might want to validate them */ || (msr->txcfg->upload_validates_files)) /* user might want to validate them */
@ -707,9 +734,12 @@ static int hook_request_late(request_rec *r) {
/* Update the request headers. They might have changed after /* Update the request headers. They might have changed after
* the body was read (trailers). * the body was read (trailers).
*/ *
/* NOTE We still need to keep a copy of the original headers * TODO We might still want to hold onto the original headers
* to log in the audit log. * so that we can log them. Keeping them is probably not
* going to increase our memory requirements (because all
* headers are allocated from the request memory pool
* anyway).
*/ */
msr->request_headers = apr_table_copy(msr->mp, r->headers_in); msr->request_headers = apr_table_copy(msr->mp, r->headers_in);