Renames Sec{Read|Write}StateLimits

The Sec{Read|Write}StateLimits are filters related to the connections, when the server did not know yet which vhost the request goes to. This means that once those configrations are set it will be applied to entire server. This patch just renames the Sec{Read|Write}StateLimits to SecConn{Read|Write}StateLimits to make it more clear to the user. SecConnectionEngine was also renamed to SecConnEngine.
2025-08-14 05:45:59 +03:00 · 2013-11-01 07:02:59 -07:00 · 2013-11-01 07:02:59 -07:00 · efef989ddd
commit efef989ddd
parent 48d85c7d6e
1 changed files with 45 additions and 9 deletions
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@ -1705,7 +1705,7 @@ char *parser_conn_limits_operator(apr_pool_t *mp, const char *p2,
    }
    else {
        return apr_psprintf(mp, "ModSecurity: Invalid operator for " \
-           "SecReadStateLimit: %s, expected operators: @ipMatch, @ipMatchF " \
+           "SecConnReadStateLimit: %s, expected operators: @ipMatch, @ipMatchF " \
           "or @ipMatchFromFile with or without !", p2);
    }

@ -1726,7 +1726,7 @@ char *parser_conn_limits_operator(apr_pool_t *mp, const char *p2,


 /**
-* \brief Add SecReadStateLimit configuration option
+* \brief Add SecConnReadStateLimit configuration option
 *
 * \param cmd Pointer to configuration data
 * \param _dcfg Pointer to directory configuration
@ -1747,7 +1747,7 @@ static const char *cmd_conn_read_state_limit(cmd_parms *cmd, void *_dcfg,
    limit = strtol(p1, NULL, 10);
    if ((limit == LONG_MAX) || (limit == LONG_MIN) || (limit <= 0)) {
        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
-            "SecReadStateLimit: %s", p1);
+            "SecConnReadStateLimit: %s", p1);
    }

    if (p2 != NULL) {
@ -1764,8 +1764,18 @@ static const char *cmd_conn_read_state_limit(cmd_parms *cmd, void *_dcfg,
    return NULL;
 }

+static const char *cmd_read_state_limit(cmd_parms *cmd, void *_dcfg,
+        const char *p1, const char *p2)
+{
+    ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
+            "SecReadStateLimit is depricated, use SecConnReadStateLimit " \
+            "instead.");
+
+    return cmd_conn_read_state_limit(cmd, _dcfg, p1, p2);
+}
+
 /**
-* \brief Add SecWriteStateLimit configuration option
+* \brief Add SecConnWriteStateLimit configuration option
 *
 * \param cmd Pointer to configuration data
 * \param _dcfg Pointer to directory configuration
@ -1786,7 +1796,7 @@ static const char *cmd_conn_write_state_limit(cmd_parms *cmd, void *_dcfg,
    limit = strtol(p1, NULL, 10);
    if ((limit == LONG_MAX) || (limit == LONG_MIN) || (limit <= 0)) {
        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
-            "SecWriteStateLimit: %s", p1);
+            "SecConnWriteStateLimit: %s", p1);
    }

    if (p2 != NULL) {
@ -1802,6 +1812,16 @@ static const char *cmd_conn_write_state_limit(cmd_parms *cmd, void *_dcfg,

    return NULL;
 }
+static const char *cmd_write_state_limit(cmd_parms *cmd, void *_dcfg,
+        const char *p1, const char *p2)
+{
+    ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
+            "SecWriteStateLimit is depricated, use SecConnWriteStateLimit " \
+            "instead.");
+
+    return cmd_conn_write_state_limit(cmd, _dcfg, p1, p2);
+}
+


 static const char *cmd_request_body_inmemory_limit(cmd_parms *cmd, void *_dcfg,
@ -2163,7 +2183,7 @@ static const char *cmd_sever_conn_filters_engine(cmd_parms *cmd, void *_dcfg,
    else
    {
        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
-                "SecConnectionEngine: %s", p1);
+                "SecConnEngine: %s", p1);
    }

    return NULL;
@ -3308,7 +3328,7 @@ const command_rec module_directives[] = {
    ),

    AP_INIT_TAKE12 (
-        "SecReadStateLimit",
+        "SecConnReadStateLimit",
        cmd_conn_read_state_limit,
        NULL,
        CMD_SCOPE_ANY,
@ -3316,13 +3336,29 @@ const command_rec module_directives[] = {
    ),

    AP_INIT_TAKE12 (
-        "SecWriteStateLimit",
+        "SecReadStateLimit",
+        cmd_read_state_limit,
+        NULL,
+        CMD_SCOPE_ANY,
+        "maximum number of threads in READ_BUSY state per ip address"
+    ),
+
+    AP_INIT_TAKE12 (
+        "SecConnWriteStateLimit",
        cmd_conn_write_state_limit,
        NULL,
        CMD_SCOPE_ANY,
        "maximum number of threads in WRITE_BUSY state per ip address"
    ),

+    AP_INIT_TAKE12 (
+        "SecWriteStateLimit",
+        cmd_write_state_limit,
+        NULL,
+        CMD_SCOPE_ANY,
+        "maximum number of threads in WRITE_BUSY state per ip address"
+    ),
+
    AP_INIT_TAKE1 (
        "SecRequestBodyInMemoryLimit",
        cmd_request_body_inmemory_limit,
@ -3438,7 +3474,7 @@ const command_rec module_directives[] = {
    ),

    AP_INIT_TAKE1 (
-        "SecConnectionEngine",
+        "SecConnEngine",
        cmd_sever_conn_filters_engine,
        NULL,
        CMD_SCOPE_ANY,