diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index ebc55e64..04527931 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -126,6 +126,9 @@ void *create_directory_config(apr_pool_t *mp, char *path) dcfg->request_encoding = NOT_SET_P; dcfg->disable_backend_compression = NOT_SET; + /* Collection timeout */ + dcfg->col_timeout = NOT_SET; + return dcfg; } @@ -515,6 +518,9 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) merged->disable_backend_compression = (child->disable_backend_compression == NOT_SET ? parent->disable_backend_compression : child->disable_backend_compression); + merged->col_timeout = (child->col_timeout == NOT_SET + ? parent->col_timeout : child->col_timeout); + return merged; } @@ -611,6 +617,8 @@ void init_directory_config(directory_config *dcfg) if (dcfg->request_encoding == NOT_SET_P) dcfg->request_encoding = NULL; if (dcfg->disable_backend_compression == NOT_SET) dcfg->disable_backend_compression = 0; + + if (dcfg->col_timeout == NOT_SET) dcfg->col_timeout = 3600; } /** @@ -1253,6 +1261,18 @@ static const char *cmd_debug_log(cmd_parms *cmd, void *_dcfg, const char *p1) return NULL; } +static const char *cmd_collection_timeout(cmd_parms *cmd, void *_dcfg, + const char *p1) +{ + directory_config *dcfg = (directory_config *)_dcfg; + + dcfg->col_timeout = atoi(p1); + /* max 30 days */ + if ((dcfg->col_timeout >= 0)&&(dcfg->col_timeout <= 2592000)) return NULL; + + return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecDefaultCollectionTimeout: %s", p1); +} + static const char *cmd_debug_log_level(cmd_parms *cmd, void *_dcfg, const char *p1) { @@ -2348,6 +2368,14 @@ const command_rec module_directives[] = { " Use values from 0 (no logging) to 9 (a *lot* of logging)." ), + AP_INIT_TAKE1 ( + "SecDefaultCollectionTimeout", + cmd_collection_timeout, + NULL, + CMD_SCOPE_ANY, + "set default collections timeout. default it 3600" + ), + AP_INIT_TAKE1 ( "SecDefaultAction", cmd_default_action, diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index d06ca3cc..11615c29 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -212,28 +212,30 @@ static void modsecurity_persist_data(modsec_rec *msr) { } time_after = apr_time_now(); - + msr->time_storage_write += time_after - time_before; - + if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Recording persistent data took %" APR_TIME_T_FMT " microseconds.", msr->time_gc); - } - + } + /* Remove stale collections. */ + srand(time(NULL)); + if (rand() < RAND_MAX/100) { arr = apr_table_elts(msr->collections); te = (apr_table_entry_t *)arr->elts; for (i = 0; i < arr->nelts; i++) { collections_remove_stale(msr, te[i].key); } - + msr->time_gc = apr_time_now() - time_after; - + if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Garbage collection took %" APR_TIME_T_FMT " microseconds.", msr->time_gc); - } + } } } diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 6db74202..86508d6e 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -518,8 +518,11 @@ struct directory_config { /* Request character encoding. */ const char *request_encoding; - + int disable_backend_compression; + + /* Collection timeout */ + int col_timeout; }; struct error_message { diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c index fd511e41..39982390 100644 --- a/apache2/persist_dbm.c +++ b/apache2/persist_dbm.c @@ -108,7 +108,10 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec goto cleanup; } - dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); + if(strstr(col_name,"USER") || strstr(col_name,"SESSION")) + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL); + else + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); key.dptr = (char *)col_key; key.dsize = col_key_len + 1; @@ -576,7 +579,10 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) { goto error; } - dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); + if(strstr(col_name,"USER") || strstr(col_name,"SESSION")) + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL); + else + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); rc = apr_sdbm_open(&dbm, dbm_filename, APR_CREATE | APR_WRITE | APR_SHARELOCK, CREATEMODE, msr->mp); diff --git a/apache2/re_actions.c b/apache2/re_actions.c index eaa69bde..0607fe23 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -1730,7 +1730,7 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name, if (table == NULL) { /* Does not exist yet - create new. */ - + if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Creating collection (name \"%s\", key \"%s\").", real_col_name, col_key); @@ -1741,6 +1741,10 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name, /* IMP1 Is the timeout hard-coded to 3600? */ + if(msr->txcfg->debuglog_level >= 4) { + msr_log(msr, 4, "Setting default timeout collection value %d.",msr->txcfg->col_timeout); + } + /* Add default timeout. */ var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); var->name = "__expire_KEY";