From d7383c39dd46cf5b5682e487eed1a3c48da8532d Mon Sep 17 00:00:00 2001
From: Marc Stern <marc.stern@approach.be>
Date: Tue, 2 May 2017 11:09:10 -0300
Subject: [PATCH] Option to disable logging of dechunking

---
 CHANGES               |  2 ++
 apache2/msc_logging.c |  6 ++++++
 configure.ac          | 17 ++++++++++++++++-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index b1a148e9..4e47d3df 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 DD MMM YYYY - 2.9.2 - To be released
 ------------------------------------
 
+ * {dis|en}able-dechunk-logging: Option to disable logging of
+   dechunking in audit log when log level < 9.
  * Updates libinjection to: da027ab52f9cf14401dd92e34e6683d183bdb3b4
    [ModSecurity team]
  * {dis|en}able-handler-logging: Option to disable logging of Apache handler
diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
index 39fcdd71..ac4f3d49 100644
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@@ -1170,6 +1170,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
         /* Our response body does not contain chunks */
         /* ENH Only write this when the output was chunked. */
         /* ENH Add info when request body was decompressed, dechunked too. */
+#ifdef LOG_NO_DECHUNK
+        if (msr->txcfg->debuglog_level >= 9)
+#endif
         if (wrote_response_body) {
             yajl_kv_bool(g, "response_body_dechunked", 1);
         }
@@ -2002,6 +2005,9 @@ void sec_audit_logger_native(modsec_rec *msr) {
         /* Our response body does not contain chunks */
         /* ENH Only write this when the output was chunked. */
         /* ENH Add info when request body was decompressed, dechunked too. */
+#ifdef LOG_NO_DECHUNK
+	if (msr->txcfg->debuglog_level >= 9)
+#endif
         if (wrote_response_body) {
             text = apr_psprintf(msr->mp, "Response-Body-Transformed: Dechunked\n");
             sec_auditlog_write(msr, text, strlen(text));
diff --git a/configure.ac b/configure.ac
index fb0fa5d9..4b1656a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -487,6 +487,21 @@ AC_ARG_ENABLE(handler-logging,
   log_handler=''
 ])
 
+# Disable logging of dechunking
+AC_ARG_ENABLE(dechunk-logging,
+              AS_HELP_STRING([--enable-dechunk-logging],
+                             [Enable logging of dechunking in audit log when log level < 9. This is the default]),
+[
+  if test "$enableval" != "no"; then
+    log_dechunk=
+  else
+    log_dechunk="-DLOG_NO_DECHUNK"
+  fi
+],
+[
+  log_dechunk=''
+])
+
 # Ignore configure errors
 AC_ARG_ENABLE(errors,
               AS_HELP_STRING([--disable-errors],
@@ -737,7 +752,7 @@ else
   fi
 fi
 
-MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem"
+MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk"
 
 APXS_WRAPPER=build/apxs-wrapper
 APXS_EXTRA_CFLAGS=""