From e3b3721ee379dd8251cec97f5e588456cf5ee420 Mon Sep 17 00:00:00 2001
From: "Mario D. Santana" <mds@mariosantana.net>
Date: Tue, 15 Dec 2015 16:04:20 -0700
Subject: [PATCH] Allow mod_proxy's "nocanon" behavior to be specified in proxy
 actions.

---
 apache2/re_actions.c                          |  7 ++++-
 .../regression/action/00-disruptive-actions.t | 31 +++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/apache2/re_actions.c b/apache2/re_actions.c
index e06ebe65..aaf33817 100644
--- a/apache2/re_actions.c
+++ b/apache2/re_actions.c
@@ -664,7 +664,12 @@ static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp
 
     var = apr_pcalloc(mptmp, sizeof(msc_string));
     if (var == NULL) return -1;
-    var->value = (char *)action->param;
+    if (!strncmp(action->param,"[nocanon]",9)) {
+        apr_table_setn(msr->r->notes,"proxy-nocanon",1);
+        var->value = (char *)action->param+9;
+    } else {
+        var->value = (char *)action->param;
+    }
     var->value_len = strlen(var->value);
     expand_macros(msr, var, rule, mptmp);
 
diff --git a/tests/regression/action/00-disruptive-actions.t b/tests/regression/action/00-disruptive-actions.t
index 15c9836d..f682396e 100644
--- a/tests/regression/action/00-disruptive-actions.t
+++ b/tests/regression/action/00-disruptive-actions.t
@@ -474,6 +474,37 @@
 		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 	),
 },
+{
+	type => "action",
+	comment => "nocanon proxy in phase:1 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'[nocanon]http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005"
+	),
+	match_log => {
+		error => {
+			apache => [qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1],
+			nginx => [qr/ModSecurity: Access denied with code 500 \(phase 1\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
+		},
+	},
+	match_response => {
+		status => {
+			apache => qr/^200$/,
+			nginx => qr/^500$/,
+		},
+		content => {
+			apache => qr/^TEST$/,
+			nginx => qr/^*$/,
+		},
+	},
+
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
 {
 	type => "action",
 	comment => "proxy in phase:2 (get)",