From f6d6cea015597d666ffb05e71f487631e64630a3 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 5 Dec 2014 05:50:27 -0800 Subject: [PATCH] IIS: Creates IIS_VERSION definition This definition is currently used in two different circumstances: Report with accuracy that the server is an IIS (status call), and also show the amount of loaded remote rules on the windows logs. Different from Apache which loads the rules twice, IIS just do it once. --- apache2/Makefile.win | 5 +++++ apache2/mod_security2.c | 7 +++++++ apache2/msc_status_engine.c | 4 ++++ iis/build_modsecurity.bat | 2 +- 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/apache2/Makefile.win b/apache2/Makefile.win index 05410b87..ed4bfc9e 100644 --- a/apache2/Makefile.win +++ b/apache2/Makefile.win @@ -19,6 +19,11 @@ LIBS = $(APACHE)\lib\libhttpd.lib \ ########################################################################### ########################################################################### + +!IF "$(IIS_BUILD)" == "yes" +DEFS=$(DEFS) -DVERSION_IIS +!ENDIF + CC = CL MT = mt diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index 7f69b8fc..b048343f 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -768,9 +768,16 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t * Checking if it is not the first time that we are in this very function. * We want to show the messages below during the start and the reload. * + * Turns out that IIS version does not hit it twice, thus, we have to show + * the message in the first (and unique) opportunity. */ +#ifdef VERSION_IIS + if (first_time == 1) + { +#else if (first_time != 1) { +#endif #ifdef WITH_REMOTE_RULES if (remote_rules_server != NULL) { diff --git a/apache2/msc_status_engine.c b/apache2/msc_status_engine.c index dfd4f90c..27202b63 100644 --- a/apache2/msc_status_engine.c +++ b/apache2/msc_status_engine.c @@ -349,7 +349,11 @@ int DSOLOCAL msc_beacon_string (char *beacon_string, int beacon_string_max_len) #endif libxml = LIBXML_DOTTED_VERSION; modsec = MODSEC_VERSION; +#ifdef IIS_VERSION + apache = "IIS"; +#else apache = real_server_signature; +#endif /* 6 represents: strlen("(null)") */ beacon_string_len = (modsec ? strlen(modsec) : 6) + diff --git a/iis/build_modsecurity.bat b/iis/build_modsecurity.bat index 809130ee..680c05e8 100644 --- a/iis/build_modsecurity.bat +++ b/iis/build_modsecurity.bat @@ -15,7 +15,7 @@ set CURRENT_DIR=%cd% cd ..\apache2 del *.obj *.dll *.lib del libinjection\*.obj libinjection\*.dll libinjection\*.lib -NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl +NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl IIS_BUILD=yes @if NOT (%ERRORLEVEL%) == (0) goto build_failed @echo mlogc...