mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 13:56:01 +03:00
Merge 2.5.9 changes into trunk.
This commit is contained in:
b1v1r
parent
fa96c349e5
commit
dc0a2161ac
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -17,41 +17,56 @@ AC_DEFUN([CHECK_APR],
|
||||
|
||||
AC_ARG_WITH(
|
||||
apr,
|
||||
[AC_HELP_STRING([--with-apr=PATH],[Path to the apr prefix])],
|
||||
apr_path="$withval",
|
||||
[AC_HELP_STRING([--with-apr=PATH],[Path to apr prefix or config script])],
|
||||
apr_path="${withval}",
|
||||
:)
|
||||
|
||||
dnl # Determine apr lib directory
|
||||
if test -z "${apr_path}"; then
|
||||
test_paths="/usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apr_path}"
|
||||
AC_MSG_CHECKING([for libapr config script])
|
||||
|
||||
dnl # Determine if the script was specified and use it directly
|
||||
if test ! -d "${withval}" -a -e "${withval}"; then
|
||||
APR_CONFIG="`basename $withval`"
|
||||
with_apr=`echo ${withval} | sed "s/\/\?${APR_CONFIG}\$//"`
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING([for libapr config script])
|
||||
for x in ${test_paths}; do
|
||||
for APR_CONFIG in apr-1-config apr-config; do
|
||||
if test -e "${x}/bin/${APR_CONFIG}"; then
|
||||
with_apr="${x}/bin"
|
||||
dnl # Look for the config script
|
||||
if test -z "${with_apr}"; then
|
||||
dnl # Determine apr lib directory
|
||||
if test -z "${apr_path}"; then
|
||||
test_paths="/usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apr_path}"
|
||||
fi
|
||||
|
||||
for x in ${test_paths}; do
|
||||
for APR_CONFIG in apr-1-mt-config apr-1-config apr-mt-config apr-config; do
|
||||
if test -e "${x}/bin/${APR_CONFIG}"; then
|
||||
with_apr="${x}/bin"
|
||||
break
|
||||
elif test -e "${x}/${APR_CONFIG}"; then
|
||||
with_apr="${x}"
|
||||
break
|
||||
else
|
||||
with_apr=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apr"; then
|
||||
break
|
||||
elif test -e "${x}/${APR_CONFIG}"; then
|
||||
with_apr="${x}"
|
||||
break
|
||||
else
|
||||
with_apr=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apr"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if test -n "${with_apr}"; then
|
||||
APR_CONFIG="${with_apr}/${APR_CONFIG}"
|
||||
AC_MSG_RESULT([${APR_CONFIG}])
|
||||
APR_CFLAGS="`${APR_CONFIG} --includes --cppflags --cflags`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr CFLAGS: $APR_CFLAGS); fi
|
||||
APR_LDFLAGS="`${APR_CONFIG} --ldflags`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDFLAGS: $APR_LDFLAGS); fi
|
||||
APR_LIBS="`${APR_CONFIG} --libs`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LIBS: $APR_LIBS); fi
|
||||
APR_LINK_LD="`${APR_CONFIG} --link-ld`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LINK_LD: $APR_LINK_LD); fi
|
||||
CFLAGS=$save_CFLAGS
|
||||
LDFLAGS=$save_LDFLAGS
|
||||
else
|
||||
@ -64,10 +79,10 @@ AC_SUBST(APR_LDFLAGS)
|
||||
AC_SUBST(APR_LINK_LD)
|
||||
|
||||
if test -z "${APR_LIBS}"; then
|
||||
AC_MSG_NOTICE([*** apr library not found.])
|
||||
ifelse([$2], , AC_MSG_ERROR([apr library is required]), $2)
|
||||
AC_MSG_NOTICE([*** apr library not found.])
|
||||
ifelse([$2], , AC_MSG_ERROR([apr library is required]), $2)
|
||||
else
|
||||
AC_MSG_NOTICE([using '${APR_LIBS}' for apr Library])
|
||||
ifelse([$1], , , $1)
|
||||
AC_MSG_NOTICE([using '${APR_LIBS}' for apr Library])
|
||||
ifelse([$1], , , $1)
|
||||
fi
|
||||
])
|
||||
|
||||
@ -17,41 +17,56 @@ AC_DEFUN([CHECK_APU],
|
||||
|
||||
AC_ARG_WITH(
|
||||
apu,
|
||||
[AC_HELP_STRING([--with-apu=PATH],[Path to the apu prefix])],
|
||||
[AC_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])],
|
||||
apu_path="$withval",
|
||||
:)
|
||||
|
||||
dnl # Determine apu lib directory
|
||||
if test -z "${apu_path}"; then
|
||||
test_paths="/usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apu_path}"
|
||||
AC_MSG_CHECKING([for libapr-util config script])
|
||||
|
||||
dnl # Determine if the script was specified and use it directly
|
||||
if test ! -d "${withval}" -a -e "${withval}"; then
|
||||
APU_CONFIG="`basename $withval`"
|
||||
with_apu=`echo ${withval} | sed "s/\/\?${APU_CONFIG}\$//"`
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING([for libapr-util config script])
|
||||
for x in ${test_paths}; do
|
||||
for APU_CONFIG in apu-1-config apu-config; do
|
||||
if test -e "${x}/bin/${APU_CONFIG}"; then
|
||||
with_apu="${x}/bin"
|
||||
dnl # Look for the config script
|
||||
if test -z "${with_apu}"; then
|
||||
dnl # Determine apu lib directory
|
||||
if test -z "${apu_path}"; then
|
||||
test_paths="/usr/local/apr-util /usr/local/apu /usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apu_path}"
|
||||
fi
|
||||
|
||||
for x in ${test_paths}; do
|
||||
for APU_CONFIG in apu-1-mt-config apu-1-config apu-mt-config apu-config; do
|
||||
if test -e "${x}/bin/${APU_CONFIG}"; then
|
||||
with_apu="${x}/bin"
|
||||
break
|
||||
elif test -e "${x}/${APU_CONFIG}"; then
|
||||
with_apu="${x}"
|
||||
break
|
||||
else
|
||||
with_apu=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apu"; then
|
||||
break
|
||||
elif test -e "${x}/${APU_CONFIG}"; then
|
||||
with_apu="${x}"
|
||||
break
|
||||
else
|
||||
with_apu=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apu"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if test -n "${with_apu}"; then
|
||||
APU_CONFIG="${with_apu}/${APU_CONFIG}"
|
||||
AC_MSG_RESULT([${APU_CONFIG}])
|
||||
APU_CFLAGS="`${APU_CONFIG} --includes`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
|
||||
APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
|
||||
APU_LIBS="`${APU_CONFIG} --libs`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LIBS: $APU_LIBS); fi
|
||||
APU_LINK_LD="`${APU_CONFIG} --link-ld`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LINK_LD: $APU_LINK_LD); fi
|
||||
CFLAGS=$save_CFLAGS
|
||||
LDFLAGS=$save_LDFLAGS
|
||||
else
|
||||
|
||||
122
apache2/configure
vendored
122
apache2/configure
vendored
@ -1315,8 +1315,8 @@ Optional Packages:
|
||||
will be used as a base for pcre, apr and apu config
|
||||
scripts.
|
||||
--with-pcre=PATH Path to the pcre prefix
|
||||
--with-apr=PATH Path to the apr prefix
|
||||
--with-apu=PATH Path to the apu prefix
|
||||
--with-apr=PATH Path to apr prefix or config script
|
||||
--with-apu=PATH Path to apu prefix or config script
|
||||
--with-libxml=PATH Path to the libxml2 prefix
|
||||
--with-lua=PATH Path to the lua prefix
|
||||
--with-curl=PATH Path to the curl prefix
|
||||
@ -5463,44 +5463,61 @@ fi
|
||||
|
||||
# Check whether --with-apr was given.
|
||||
if test "${with_apr+set}" = set; then
|
||||
withval=$with_apr; apr_path="$withval"
|
||||
withval=$with_apr; apr_path="${withval}"
|
||||
else
|
||||
:
|
||||
fi
|
||||
|
||||
|
||||
if test -z "${apr_path}"; then
|
||||
test_paths="/usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apr_path}"
|
||||
fi
|
||||
|
||||
{ echo "$as_me:$LINENO: checking for libapr config script" >&5
|
||||
echo $ECHO_N "checking for libapr config script... $ECHO_C" >&6; }
|
||||
for x in ${test_paths}; do
|
||||
for APR_CONFIG in apr-1-config apr-config; do
|
||||
if test -e "${x}/bin/${APR_CONFIG}"; then
|
||||
with_apr="${x}/bin"
|
||||
|
||||
if test ! -d "${withval}" -a -e "${withval}"; then
|
||||
APR_CONFIG="`basename $withval`"
|
||||
with_apr=`echo ${withval} | sed "s/\/\?${APR_CONFIG}\$//"`
|
||||
fi
|
||||
|
||||
if test -z "${with_apr}"; then
|
||||
if test -z "${apr_path}"; then
|
||||
test_paths="/usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apr_path}"
|
||||
fi
|
||||
|
||||
for x in ${test_paths}; do
|
||||
for APR_CONFIG in apr-1-mt-config apr-1-config apr-mt-config apr-config; do
|
||||
if test -e "${x}/bin/${APR_CONFIG}"; then
|
||||
with_apr="${x}/bin"
|
||||
break
|
||||
elif test -e "${x}/${APR_CONFIG}"; then
|
||||
with_apr="${x}"
|
||||
break
|
||||
else
|
||||
with_apr=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apr"; then
|
||||
break
|
||||
elif test -e "${x}/${APR_CONFIG}"; then
|
||||
with_apr="${x}"
|
||||
break
|
||||
else
|
||||
with_apr=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apr"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if test -n "${with_apr}"; then
|
||||
APR_CONFIG="${with_apr}/${APR_CONFIG}"
|
||||
{ echo "$as_me:$LINENO: result: ${APR_CONFIG}" >&5
|
||||
echo "${ECHO_T}${APR_CONFIG}" >&6; }
|
||||
APR_CFLAGS="`${APR_CONFIG} --includes --cppflags --cflags`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apr CFLAGS: $APR_CFLAGS" >&5
|
||||
echo "$as_me: apr CFLAGS: $APR_CFLAGS" >&6;}; fi
|
||||
APR_LDFLAGS="`${APR_CONFIG} --ldflags`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apr LDFLAGS: $APR_LDFLAGS" >&5
|
||||
echo "$as_me: apr LDFLAGS: $APR_LDFLAGS" >&6;}; fi
|
||||
APR_LIBS="`${APR_CONFIG} --libs`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apr LIBS: $APR_LIBS" >&5
|
||||
echo "$as_me: apr LIBS: $APR_LIBS" >&6;}; fi
|
||||
APR_LINK_LD="`${APR_CONFIG} --link-ld`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apr LINK_LD: $APR_LINK_LD" >&5
|
||||
echo "$as_me: apr LINK_LD: $APR_LINK_LD" >&6;}; fi
|
||||
CFLAGS=$save_CFLAGS
|
||||
LDFLAGS=$save_LDFLAGS
|
||||
else
|
||||
@ -5514,13 +5531,13 @@ fi
|
||||
|
||||
|
||||
if test -z "${APR_LIBS}"; then
|
||||
{ echo "$as_me:$LINENO: *** apr library not found." >&5
|
||||
{ echo "$as_me:$LINENO: *** apr library not found." >&5
|
||||
echo "$as_me: *** apr library not found." >&6;}
|
||||
{ { echo "$as_me:$LINENO: error: apr library is required" >&5
|
||||
{ { echo "$as_me:$LINENO: error: apr library is required" >&5
|
||||
echo "$as_me: error: apr library is required" >&2;}
|
||||
{ (exit 1); exit 1; }; }
|
||||
else
|
||||
{ echo "$as_me:$LINENO: using '${APR_LIBS}' for apr Library" >&5
|
||||
{ echo "$as_me:$LINENO: using '${APR_LIBS}' for apr Library" >&5
|
||||
echo "$as_me: using '${APR_LIBS}' for apr Library" >&6;}
|
||||
|
||||
fi
|
||||
@ -5535,38 +5552,55 @@ else
|
||||
fi
|
||||
|
||||
|
||||
if test -z "${apu_path}"; then
|
||||
test_paths="/usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apu_path}"
|
||||
fi
|
||||
|
||||
{ echo "$as_me:$LINENO: checking for libapr-util config script" >&5
|
||||
echo $ECHO_N "checking for libapr-util config script... $ECHO_C" >&6; }
|
||||
for x in ${test_paths}; do
|
||||
for APU_CONFIG in apu-1-config apu-config; do
|
||||
if test -e "${x}/bin/${APU_CONFIG}"; then
|
||||
with_apu="${x}/bin"
|
||||
|
||||
if test ! -d "${withval}" -a -e "${withval}"; then
|
||||
APU_CONFIG="`basename $withval`"
|
||||
with_apu=`echo ${withval} | sed "s/\/\?${APU_CONFIG}\$//"`
|
||||
fi
|
||||
|
||||
if test -z "${with_apu}"; then
|
||||
if test -z "${apu_path}"; then
|
||||
test_paths="/usr/local/apr-util /usr/local/apu /usr/local/apr /usr/local /usr"
|
||||
else
|
||||
test_paths="${apu_path}"
|
||||
fi
|
||||
|
||||
for x in ${test_paths}; do
|
||||
for APU_CONFIG in apu-1-mt-config apu-1-config apu-mt-config apu-config; do
|
||||
if test -e "${x}/bin/${APU_CONFIG}"; then
|
||||
with_apu="${x}/bin"
|
||||
break
|
||||
elif test -e "${x}/${APU_CONFIG}"; then
|
||||
with_apu="${x}"
|
||||
break
|
||||
else
|
||||
with_apu=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apu"; then
|
||||
break
|
||||
elif test -e "${x}/${APU_CONFIG}"; then
|
||||
with_apu="${x}"
|
||||
break
|
||||
else
|
||||
with_apu=""
|
||||
fi
|
||||
done
|
||||
if test -n "$with_apu"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if test -n "${with_apu}"; then
|
||||
APU_CONFIG="${with_apu}/${APU_CONFIG}"
|
||||
{ echo "$as_me:$LINENO: result: ${APU_CONFIG}" >&5
|
||||
echo "${ECHO_T}${APU_CONFIG}" >&6; }
|
||||
APU_CFLAGS="`${APU_CONFIG} --includes`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apu CFLAGS: $APU_CFLAGS" >&5
|
||||
echo "$as_me: apu CFLAGS: $APU_CFLAGS" >&6;}; fi
|
||||
APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apu LDFLAGS: $APU_LDFLAGS" >&5
|
||||
echo "$as_me: apu LDFLAGS: $APU_LDFLAGS" >&6;}; fi
|
||||
APU_LIBS="`${APU_CONFIG} --libs`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apu LIBS: $APU_LIBS" >&5
|
||||
echo "$as_me: apu LIBS: $APU_LIBS" >&6;}; fi
|
||||
APU_LINK_LD="`${APU_CONFIG} --link-ld`"
|
||||
if test "$verbose_output" -eq 1; then { echo "$as_me:$LINENO: apu LINK_LD: $APU_LINK_LD" >&5
|
||||
echo "$as_me: apu LINK_LD: $APU_LINK_LD" >&6;}; fi
|
||||
CFLAGS=$save_CFLAGS
|
||||
LDFLAGS=$save_LDFLAGS
|
||||
else
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!@PERL@
|
||||
#
|
||||
# ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
# Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
# Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
#
|
||||
# This product is released under the terms of the General Public Licence,
|
||||
# version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
@ -569,10 +569,7 @@ apr_status_t modsecurity_process_phase(modsec_rec *msr, unsigned int phase) {
|
||||
|
||||
msr->tcache_items = 0;
|
||||
msr->tcache = apr_hash_make(msr->mp);
|
||||
if (msr->tcache == NULL) {
|
||||
msr_log(msr, 1, "Internal error: Failed to allocate transformation cache for phase %d", msr->phase);
|
||||
return -1;
|
||||
}
|
||||
if (msr->tcache == NULL) return -1;
|
||||
}
|
||||
|
||||
switch(phase) {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
@ -310,7 +310,13 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* extract header name */
|
||||
header_name = apr_pstrmemdup(msr->mp, msr->mpd->buf, (data - msr->mpd->buf));
|
||||
if (data == msr->mpd->buf) {
|
||||
*error_msg = apr_psprintf(msr->mp, "Multipart: Invalid part header (header name missing).");
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* extract the value value */
|
||||
data++;
|
||||
@ -548,23 +554,30 @@ static int multipart_process_boundary(modsec_rec *msr, int last_part, char **err
|
||||
if (msr->mpd->mpp->value == NULL) return -1;
|
||||
}
|
||||
|
||||
/* add the part to the list of parts */
|
||||
*(multipart_part **)apr_array_push(msr->mpd->parts) = msr->mpd->mpp;
|
||||
if (msr->mpd->mpp->type == MULTIPART_FILE) {
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "Multipart: Added file part %pp to the list: name \"%s\" "
|
||||
"file name \"%s\" (offset %u, length %u)",
|
||||
msr->mpd->mpp, log_escape(msr->mp, msr->mpd->mpp->name),
|
||||
log_escape(msr->mp, msr->mpd->mpp->filename),
|
||||
msr->mpd->mpp->offset, msr->mpd->mpp->length);
|
||||
if (msr->mpd->mpp->name) {
|
||||
/* add the part to the list of parts */
|
||||
*(multipart_part **)apr_array_push(msr->mpd->parts) = msr->mpd->mpp;
|
||||
if (msr->mpd->mpp->type == MULTIPART_FILE) {
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "Multipart: Added file part %pp to the list: name \"%s\" "
|
||||
"file name \"%s\" (offset %u, length %u)",
|
||||
msr->mpd->mpp, log_escape(msr->mp, msr->mpd->mpp->name),
|
||||
log_escape(msr->mp, msr->mpd->mpp->filename),
|
||||
msr->mpd->mpp->offset, msr->mpd->mpp->length);
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "Multipart: Added part %pp to the list: name \"%s\" "
|
||||
"(offset %u, length %u)", msr->mpd->mpp, log_escape(msr->mp, msr->mpd->mpp->name),
|
||||
msr->mpd->mpp->offset, msr->mpd->mpp->length);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "Multipart: Added part %pp to the list: name \"%s\" "
|
||||
"(offset %u, length %u)", msr->mpd->mpp, log_escape(msr->mp, msr->mpd->mpp->name),
|
||||
msr->mpd->mpp->offset, msr->mpd->mpp->length);
|
||||
}
|
||||
msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
|
||||
"(offset %u, length %u)", msr->mpd->mpp,
|
||||
msr->mpd->mpp->offset, msr->mpd->mpp->length);
|
||||
}
|
||||
|
||||
msr->mpd->mpp = NULL;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
@ -141,7 +141,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
|
||||
}
|
||||
|
||||
/* ENH Need expiration (and perhaps other metadata) accessible in blob
|
||||
* form so we can determine if we need to convert to a table. This will
|
||||
* form to determine if converting to a table is needed. This will
|
||||
* save some cycles.
|
||||
*/
|
||||
|
||||
@ -149,8 +149,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
|
||||
col = collection_unpack(msr, (const unsigned char *)value->dptr, value->dsize, 1);
|
||||
if (col == NULL) return NULL;
|
||||
|
||||
/* We have to close *after* we use "value" from the fetch or the memory
|
||||
* may be overwritten. */
|
||||
/* Close after "value" used from fetch or memory may be overwritten. */
|
||||
if (existing_dbm == NULL) {
|
||||
apr_sdbm_close(dbm);
|
||||
}
|
||||
@ -189,7 +188,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
|
||||
/* Delete the collection if the variable "KEY" does not exist.
|
||||
*
|
||||
* ENH It would probably be more efficient to hold the DBM
|
||||
* open until we determine if it needs deleted than to open a second
|
||||
* open until determined if it needs deleted than to open a second
|
||||
* time.
|
||||
*/
|
||||
if (apr_table_get(col, "KEY") == NULL) {
|
||||
@ -246,7 +245,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
|
||||
apr_time_t td;
|
||||
counter = atoi(var->value);
|
||||
|
||||
/* UPDATE_RATE is removed on store, so we add it back here */
|
||||
/* UPDATE_RATE is removed on store, so add it back here */
|
||||
var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
|
||||
var->name = "UPDATE_RATE";
|
||||
var->name_len = strlen(var->name);
|
||||
@ -381,7 +380,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* We only need to lock so we can pull in the stored data again. */
|
||||
/* Only need to lock to pull in the stored data again. */
|
||||
rc = apr_sdbm_lock(dbm, APR_FLOCK_EXCLUSIVE);
|
||||
if (rc != APR_SUCCESS) {
|
||||
msr_log(msr, 1, "Failed to exclusivly lock DBM file \"%s\": %s", log_escape(msr->mp, dbm_filename),
|
||||
@ -390,7 +389,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* If there is an original value, then we need to create a delta and
|
||||
/* If there is an original value, then create a delta and
|
||||
* apply the delta to the current value */
|
||||
orig_col = (const apr_table_t *)apr_table_get(msr->collections_original, var_name->value);
|
||||
if (orig_col != NULL) {
|
||||
@ -409,7 +408,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
|
||||
msc_string *var = (msc_string *)te[i].val;
|
||||
int len;
|
||||
|
||||
/* If there is an original value, then we need to apply the delta
|
||||
/* If there is an original value, then apply the delta
|
||||
* to the latest stored value */
|
||||
if (stored_col != NULL) {
|
||||
const msc_string *orig_var = (const msc_string *)apr_table_get(orig_col, var->name);
|
||||
@ -559,8 +558,8 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* No one can write to the file while we're
|
||||
* doing this so let's do it as fast as we can.
|
||||
/* No one can write to the file while doing this so
|
||||
* do it as fast as possible.
|
||||
*/
|
||||
rc = apr_sdbm_firstkey(dbm, &key);
|
||||
while(rc == APR_SUCCESS) {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1565,16 +1565,12 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
|
||||
table = collection_retrieve(msr, real_col_name, col_key, col_key_len);
|
||||
|
||||
if (table == NULL) {
|
||||
|
||||
/* Does not exist yet - create new. */
|
||||
msr_log(msr, 4, "Creating collection (name \"%s\", key \"%s\").",
|
||||
real_col_name, col_key);
|
||||
|
||||
table = apr_table_make(msr->mp, 24);
|
||||
if (table == NULL) {
|
||||
msr_log(msr, 1, "Failed to allocate space for collection.");
|
||||
return -1;
|
||||
}
|
||||
if (table == NULL) return -1;
|
||||
|
||||
/* IMP1 Is the timeout hard-coded to 3600? */
|
||||
|
||||
@ -1807,8 +1803,18 @@ static apr_status_t msre_action_exec_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
msre_rule *rule, msre_action *action)
|
||||
{
|
||||
msr->content_prepend = action->param;
|
||||
msr->content_prepend_len = strlen(action->param);
|
||||
msc_string *var = NULL;
|
||||
|
||||
/* Expand any macros in the text */
|
||||
var = apr_pcalloc(mptmp, sizeof(msc_string));
|
||||
if (var == NULL) return -1;
|
||||
var->value = (char *)action->param;
|
||||
var->value_len = strlen(var->value);
|
||||
expand_macros(msr, var, rule, mptmp);
|
||||
|
||||
/* ENH: Verify we really have to dup the data here. */
|
||||
msr->content_prepend = apr_pstrndup(msr->mp, var->value, var->value_len);
|
||||
msr->content_prepend_len = var->value_len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -1817,8 +1823,18 @@ static apr_status_t msre_action_prepend_execute(modsec_rec *msr, apr_pool_t *mpt
|
||||
static apr_status_t msre_action_append_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
||||
msre_rule *rule, msre_action *action)
|
||||
{
|
||||
msr->content_append = action->param;
|
||||
msr->content_append_len = strlen(action->param);
|
||||
msc_string *var = NULL;
|
||||
|
||||
/* Expand any macros in the text */
|
||||
var = apr_pcalloc(mptmp, sizeof(msc_string));
|
||||
if (var == NULL) return -1;
|
||||
var->value = (char *)action->param;
|
||||
var->value_len = strlen(var->value);
|
||||
expand_macros(msr, var, rule, mptmp);
|
||||
|
||||
/* ENH: Verify we really have to dup the data here. */
|
||||
msr->content_append = apr_pstrndup(msr->mp, var->value, var->value_len);
|
||||
msr->content_append_len = var->value_len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
### Test misc actions
|
||||
|
||||
# TODO: append
|
||||
# TODO: block
|
||||
# TODO: capture
|
||||
# TODO: chain
|
||||
@ -10,7 +9,6 @@
|
||||
# TODO: initcol
|
||||
# TODO: multiMatch
|
||||
# TODO: pause
|
||||
# TODO: prepend
|
||||
# TODO: sanitiseArg
|
||||
# TODO: sanitiseMatched
|
||||
# TODO: sanitiseRequestHeader
|
||||
|
||||
49
apache2/t/regression/action/10-append-prepend.t
Normal file
49
apache2/t/regression/action/10-append-prepend.t
Normal file
@ -0,0 +1,49 @@
|
||||
# TODO: Need more tests here
|
||||
|
||||
### append
|
||||
{
|
||||
type => "action",
|
||||
comment => "append content",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecContentInjection On
|
||||
SecDebugLog "$ENV{DEBUG_LOG}"
|
||||
SecDebugLogLevel 9
|
||||
SecAction "phase:1,setvar:tx.test=test"
|
||||
SecAction "phase:2,append:'APPEND: \%{tx.test}'"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ "Added content to bottom: APPEND: test", 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
content => qr/APPEND: test$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
### prepend
|
||||
{
|
||||
type => "action",
|
||||
comment => "prepend content",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecContentInjection On
|
||||
SecDebugLog "$ENV{DEBUG_LOG}"
|
||||
SecDebugLogLevel 9
|
||||
SecAction "phase:1,setvar:tx.test=test"
|
||||
SecAction "phase:2,prepend:'PREPEND: \%{tx.test}'"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ "Added content to top: PREPEND: test", 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
content => qr/^PREPEND: test/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
||||
* Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
|
||||
* Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
|
||||
*
|
||||
* This product is released under the terms of the General Public Licence,
|
||||
* version 2 (GPLv2). Please refer to the file LICENSE (included with this
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user