From efef989dddd0540ef9f95acad12db41a0ed7d668 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Fri, 1 Nov 2013 07:02:59 -0700
Subject: [PATCH] Renames Sec{Read|Write}StateLimits

The Sec{Read|Write}StateLimits are filters related to the connections, when the
server did not know yet which vhost the request goes to. This means that once
those configrations are set it will be applied to entire server. This patch
just renames the Sec{Read|Write}StateLimits to SecConn{Read|Write}StateLimits
to make it more clear to the user. SecConnectionEngine was also renamed to
SecConnEngine.
---
 apache2/apache2_config.c | 54 +++++++++++++++++++++++++++++++++-------
 1 file changed, 45 insertions(+), 9 deletions(-)

diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index 140401e2..1fa8669b 100644
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -1705,7 +1705,7 @@ char *parser_conn_limits_operator(apr_pool_t *mp, const char *p2,
     }
     else {
         return apr_psprintf(mp, "ModSecurity: Invalid operator for " \
-           "SecReadStateLimit: %s, expected operators: @ipMatch, @ipMatchF " \
+           "SecConnReadStateLimit: %s, expected operators: @ipMatch, @ipMatchF " \
            "or @ipMatchFromFile with or without !", p2);
     }
 
@@ -1726,7 +1726,7 @@ char *parser_conn_limits_operator(apr_pool_t *mp, const char *p2,
 
 
 /**
-* \brief Add SecReadStateLimit configuration option
+* \brief Add SecConnReadStateLimit configuration option
 *
 * \param cmd Pointer to configuration data
 * \param _dcfg Pointer to directory configuration
@@ -1747,7 +1747,7 @@ static const char *cmd_conn_read_state_limit(cmd_parms *cmd, void *_dcfg,
     limit = strtol(p1, NULL, 10);
     if ((limit == LONG_MAX) || (limit == LONG_MIN) || (limit <= 0)) {
         return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
-            "SecReadStateLimit: %s", p1);
+            "SecConnReadStateLimit: %s", p1);
     }
 
     if (p2 != NULL) {
@@ -1764,8 +1764,18 @@ static const char *cmd_conn_read_state_limit(cmd_parms *cmd, void *_dcfg,
     return NULL;
 }
 
+static const char *cmd_read_state_limit(cmd_parms *cmd, void *_dcfg,
+        const char *p1, const char *p2)
+{
+    ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
+            "SecReadStateLimit is depricated, use SecConnReadStateLimit " \
+            "instead.");
+
+    return cmd_conn_read_state_limit(cmd, _dcfg, p1, p2);
+}
+
 /**
-* \brief Add SecWriteStateLimit configuration option
+* \brief Add SecConnWriteStateLimit configuration option
 *
 * \param cmd Pointer to configuration data
 * \param _dcfg Pointer to directory configuration
@@ -1786,7 +1796,7 @@ static const char *cmd_conn_write_state_limit(cmd_parms *cmd, void *_dcfg,
     limit = strtol(p1, NULL, 10);
     if ((limit == LONG_MAX) || (limit == LONG_MIN) || (limit <= 0)) {
         return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
-            "SecWriteStateLimit: %s", p1);
+            "SecConnWriteStateLimit: %s", p1);
     }
 
     if (p2 != NULL) {
@@ -1802,6 +1812,16 @@ static const char *cmd_conn_write_state_limit(cmd_parms *cmd, void *_dcfg,
 
     return NULL;
 }
+static const char *cmd_write_state_limit(cmd_parms *cmd, void *_dcfg,
+        const char *p1, const char *p2)
+{
+    ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
+            "SecWriteStateLimit is depricated, use SecConnWriteStateLimit " \
+            "instead.");
+
+    return cmd_conn_write_state_limit(cmd, _dcfg, p1, p2);
+}
+
 
 
 static const char *cmd_request_body_inmemory_limit(cmd_parms *cmd, void *_dcfg,
@@ -2163,7 +2183,7 @@ static const char *cmd_sever_conn_filters_engine(cmd_parms *cmd, void *_dcfg,
     else
     {
         return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
-                "SecConnectionEngine: %s", p1);
+                "SecConnEngine: %s", p1);
     }
 
     return NULL;
@@ -3308,7 +3328,7 @@ const command_rec module_directives[] = {
     ),
 
     AP_INIT_TAKE12 (
-        "SecReadStateLimit",
+        "SecConnReadStateLimit",
         cmd_conn_read_state_limit,
         NULL,
         CMD_SCOPE_ANY,
@@ -3316,13 +3336,29 @@ const command_rec module_directives[] = {
     ),
 
     AP_INIT_TAKE12 (
-        "SecWriteStateLimit",
+        "SecReadStateLimit",
+        cmd_read_state_limit,
+        NULL,
+        CMD_SCOPE_ANY,
+        "maximum number of threads in READ_BUSY state per ip address"
+    ),
+
+    AP_INIT_TAKE12 (
+        "SecConnWriteStateLimit",
         cmd_conn_write_state_limit,
         NULL,
         CMD_SCOPE_ANY,
         "maximum number of threads in WRITE_BUSY state per ip address"
     ),
 
+    AP_INIT_TAKE12 (
+        "SecWriteStateLimit",
+        cmd_write_state_limit,
+        NULL,
+        CMD_SCOPE_ANY,
+        "maximum number of threads in WRITE_BUSY state per ip address"
+    ),
+
     AP_INIT_TAKE1 (
         "SecRequestBodyInMemoryLimit",
         cmd_request_body_inmemory_limit,
@@ -3438,7 +3474,7 @@ const command_rec module_directives[] = {
     ),
 
     AP_INIT_TAKE1 (
-        "SecConnectionEngine",
+        "SecConnEngine",
         cmd_sever_conn_filters_engine,
         NULL,
         CMD_SCOPE_ANY,