github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-160

Browse Source
This commit is contained in:
brenosilva 2011-10-14 13:32:30 +00:00
parent 1bf5f4532e
commit d4079971c6
5 changed files with 54 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apache2/apache2_config.c
View File

@ -126,6 +126,9 @@ void *create_directory_config(apr_pool_t *mp, char *path)
dcfg->request_encoding = NOT_SET_P; dcfg->request_encoding = NOT_SET_P;
dcfg->disable_backend_compression = NOT_SET; dcfg->disable_backend_compression = NOT_SET;
/* Collection timeout */
dcfg->col_timeout = NOT_SET;
return dcfg; return dcfg;
} }
@ -515,6 +518,9 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
merged->disable_backend_compression = (child->disable_backend_compression == NOT_SET merged->disable_backend_compression = (child->disable_backend_compression == NOT_SET
? parent->disable_backend_compression : child->disable_backend_compression); ? parent->disable_backend_compression : child->disable_backend_compression);
merged->col_timeout = (child->col_timeout == NOT_SET
? parent->col_timeout : child->col_timeout);
return merged; return merged;
} }
@ -611,6 +617,8 @@ void init_directory_config(directory_config *dcfg)
if (dcfg->request_encoding == NOT_SET_P) dcfg->request_encoding = NULL; if (dcfg->request_encoding == NOT_SET_P) dcfg->request_encoding = NULL;
if (dcfg->disable_backend_compression == NOT_SET) dcfg->disable_backend_compression = 0; if (dcfg->disable_backend_compression == NOT_SET) dcfg->disable_backend_compression = 0;
if (dcfg->col_timeout == NOT_SET) dcfg->col_timeout = 3600;
} }
/** /**
@ -1253,6 +1261,18 @@ static const char *cmd_debug_log(cmd_parms *cmd, void *_dcfg, const char *p1)
return NULL; return NULL;
} }
static const char *cmd_collection_timeout(cmd_parms *cmd, void *_dcfg,
const char *p1)
{
directory_config *dcfg = (directory_config *)_dcfg;
dcfg->col_timeout = atoi(p1);
/* max 30 days */
if ((dcfg->col_timeout >= 0)&&(dcfg->col_timeout <= 2592000)) return NULL;
return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecDefaultCollectionTimeout: %s", p1);
}
static const char *cmd_debug_log_level(cmd_parms *cmd, void *_dcfg, static const char *cmd_debug_log_level(cmd_parms *cmd, void *_dcfg,
const char *p1) const char *p1)
{ {
@ -2348,6 +2368,14 @@ const command_rec module_directives[] = {
" Use values from 0 (no logging) to 9 (a *lot* of logging)." " Use values from 0 (no logging) to 9 (a *lot* of logging)."
), ),
AP_INIT_TAKE1 (
"SecDefaultCollectionTimeout",
cmd_collection_timeout,
NULL,
CMD_SCOPE_ANY,
"set default collections timeout. default it 3600"
),
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecDefaultAction", "SecDefaultAction",
cmd_default_action, cmd_default_action,

16
apache2/modsecurity.c
View File

@ -212,28 +212,30 @@ static void modsecurity_persist_data(modsec_rec *msr) {
} }
time_after = apr_time_now(); time_after = apr_time_now();
msr->time_storage_write += time_after - time_before; msr->time_storage_write += time_after - time_before;
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Recording persistent data took %" APR_TIME_T_FMT msr_log(msr, 4, "Recording persistent data took %" APR_TIME_T_FMT
" microseconds.", msr->time_gc); " microseconds.", msr->time_gc);
} }
/* Remove stale collections. */ /* Remove stale collections. */
srand(time(NULL));
if (rand() < RAND_MAX/100) { if (rand() < RAND_MAX/100) {
arr = apr_table_elts(msr->collections); arr = apr_table_elts(msr->collections);
te = (apr_table_entry_t *)arr->elts; te = (apr_table_entry_t *)arr->elts;
for (i = 0; i < arr->nelts; i++) { for (i = 0; i < arr->nelts; i++) {
collections_remove_stale(msr, te[i].key); collections_remove_stale(msr, te[i].key);
} }
msr->time_gc = apr_time_now() - time_after; msr->time_gc = apr_time_now() - time_after;
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Garbage collection took %" APR_TIME_T_FMT msr_log(msr, 4, "Garbage collection took %" APR_TIME_T_FMT
" microseconds.", msr->time_gc); " microseconds.", msr->time_gc);
} }
} }
} }

5
apache2/modsecurity.h
View File

@ -518,8 +518,11 @@ struct directory_config {
/* Request character encoding. */ /* Request character encoding. */
const char *request_encoding; const char *request_encoding;
int disable_backend_compression; int disable_backend_compression;
/* Collection timeout */
int col_timeout;
}; };
struct error_message { struct error_message {

10
apache2/persist_dbm.c
View File

@ -108,7 +108,10 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
goto cleanup; goto cleanup;
} }
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); if(strstr(col_name,"USER") || strstr(col_name,"SESSION"))
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL);
else
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL);
key.dptr = (char *)col_key; key.dptr = (char *)col_key;
key.dsize = col_key_len + 1; key.dsize = col_key_len + 1;
@ -576,7 +579,10 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
goto error; goto error;
} }
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); if(strstr(col_name,"USER") || strstr(col_name,"SESSION"))
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL);
else
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL);
rc = apr_sdbm_open(&dbm, dbm_filename, APR_CREATE | APR_WRITE | APR_SHARELOCK, rc = apr_sdbm_open(&dbm, dbm_filename, APR_CREATE | APR_WRITE | APR_SHARELOCK,
CREATEMODE, msr->mp); CREATEMODE, msr->mp);

6
apache2/re_actions.c
View File

@ -1730,7 +1730,7 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
if (table == NULL) { if (table == NULL) {
/* Does not exist yet - create new. */ /* Does not exist yet - create new. */
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Creating collection (name \"%s\", key \"%s\").", msr_log(msr, 4, "Creating collection (name \"%s\", key \"%s\").",
real_col_name, col_key); real_col_name, col_key);
@ -1741,6 +1741,10 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
/* IMP1 Is the timeout hard-coded to 3600? */ /* IMP1 Is the timeout hard-coded to 3600? */
if(msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Setting default timeout collection value %d.",msr->txcfg->col_timeout);
}
/* Add default timeout. */ /* Add default timeout. */
var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
var->name = "__expire_KEY"; var->name = "__expire_KEY";