Mark any error conditions/alerts as 'relevant'.

Clean up/add error messages where this can happen.

apache2/apache2_util.c

@@ -13,6 +13,46 @@
 #include "http_core.h"
 #include "util_script.h"
 
+/**
+ * Sends a brigade with an error bucket down the filter chain.
+ */
+apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
+    apr_bucket_brigade *brigade = NULL;
+    apr_bucket *bucket = NULL;
+
+    /* Force relevancy for all errors */
+    if (msr != NULL) {
+        msr->is_relevant++;
+    }
+
+    /* Set the status line explicitly for the error document */
+    f->r->status_line = ap_get_status_line(status);
+
+    brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
+    if (brigade == NULL) return APR_EGENERAL;
+
+    bucket = ap_bucket_error_create(status, NULL, f->r->pool, f->r->connection->bucket_alloc);
+    if (bucket == NULL) return APR_EGENERAL;
+
+    APR_BRIGADE_INSERT_TAIL(brigade, bucket);
+
+    bucket = apr_bucket_eos_create(f->r->connection->bucket_alloc);
+    if (bucket == NULL) return APR_EGENERAL;
+
+    APR_BRIGADE_INSERT_TAIL(brigade, bucket);
+
+    ap_pass_brigade(f->next, brigade);
+
+    /* NOTE:
+     * It may not matter what we do from the filter as it may be too
+     * late to even generate an error (already sent to client).  Nick Kew
+     * recommends to return APR_EGENERAL in hopes that the handler in control
+     * will notice and do The Right Thing.  So, that is what we do now.
+     */
+
+    return APR_EGENERAL;
+}
+
 /**
  * Execute system command. First line of the output will be returned in
  * the "output" parameter.
@@ -234,6 +274,9 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
 
         /* Add this message to the list. */
         if (msr != NULL) {
+            /* Force relevency if this is an alert */
+            msr->is_relevant++;
+
             *(const char **)apr_array_push(msr->alerts) = apr_pstrdup(msr->mp, str1);
         }
     }