diff --git a/CHANGES b/CHANGES index 39b655b3..901b124f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ DD mmm YYYY - 2.9.????? (To be released) ----------------------- + * Informs about external resources loaded/failed while reloading Apache. + [ModSecurity team] * Adds missing 'ModSecurity:' prefix in some warnings messages. [Walter Hop and ModSecurity team] * Refactoring external resources download warn messages. Holding the message diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index fa5e05ec..7f69b8fc 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -762,14 +762,15 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t "it by set SecStatusEngine to On."); } #endif + } - if (remote_rules_fail_message != NULL) - { - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \ - "Problems loading external resources: %s", - remote_rules_fail_message); - } - + /** + * Checking if it is not the first time that we are in this very function. + * We want to show the messages below during the start and the reload. + * + */ + if (first_time != 1) + { #ifdef WITH_REMOTE_RULES if (remote_rules_server != NULL) { @@ -789,6 +790,12 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t } } #endif + if (remote_rules_fail_message != NULL) + { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \ + "Problems loading external resources: %s", + remote_rules_fail_message); + } } srand((unsigned int)(time(NULL) * getpid())); diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 33ce83cf..5040176f 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -1293,7 +1293,12 @@ static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) { res = msc_remote_download_content(rule->ruleset->mp, fn, NULL, &chunk, error_msg); - if (res == -1) + if (res == -2) + { + /* If download failed but SecRemoteRulesFailAction is set to Warn. */ + return 1; + } + else if (res < 0) { return 0; }