Adds SecStatusEngine On/Off switch

Add the possibility to turn the Status Engine On or Off using the
directive SecStatusEngine [On/Off]. By default it is On.

apache2/apache2_config.c

@@ -2083,6 +2083,23 @@ static const char *cmd_rule_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
     return NULL;
 }
 
+static const char *cmd_STATUS_ENGINE(cmd_parms *cmd, void *_dcfg, const char *p1)
+{
+    if (strcasecmp(p1, "on") == 0) {
+        status_engine_state = STATUS_ENGINE_ENABLED;
+    }
+    else if (strcasecmp(p1, "off") == 0) {
+        status_engine_state = STATUS_ENGINE_DISABLED;
+    }
+    else {
+        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for " \
+                "SecStatusEngine: %s", p1);
+    }
+
+    return NULL;
+}
+
+
 static const char *cmd_rule_inheritance(cmd_parms *cmd, void *_dcfg, int flag)
 {
     directory_config *dcfg = (directory_config *)_dcfg;
@@ -3297,6 +3314,14 @@ const command_rec module_directives[] = {
         "On or Off"
     ),
 
+    AP_INIT_TAKE1 (
+        "SecStatusEngine",
+        cmd_status_engine,
+        NULL,
+        CMD_SCOPE_ANY,
+        "On or Off"
+    ),
+
     AP_INIT_TAKE1 (
         "SecXmlExternalEntity",
         cmd_xml_external_entity,

apache2/mod_security2.c

@@ -61,6 +61,8 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0;
 
 unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;
 
+int DSOLOCAL status_engine_state = STATUS_ENGINE_ENABLED;
+
 unsigned long int DSOLOCAL conn_read_state_limit = 0;
 
 unsigned long int DSOLOCAL conn_write_state_limit = 0;
@@ -724,8 +726,15 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
                     "Original server signature: %s", real_server_signature);
         }
 
+        if (status_engine_state != STATUS_ENGINE_DISABLED) {
             msc_status_engine_call();
         }
+        else {
+            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+                    "Status engine is currently disabled, enable it by set " \
+                    "SecStatusEngine to On.");
+        }
+    }
 
     srand((unsigned int)(time(NULL) * getpid()));
 

apache2/modsecurity.h

@@ -142,6 +142,8 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit;
 
 extern DSOLOCAL unsigned long int msc_pcre_match_limit_recursion;
 
+extern DSOLOCAL int status_engine_state;
+
 extern DSOLOCAL unsigned long int conn_read_state_limit;
 
 extern DSOLOCAL unsigned long int conn_write_state_limit;
@@ -182,6 +184,9 @@ extern DSOLOCAL int *unicode_map_table;
 #define MODSEC_DETECTION_ONLY           1
 #define MODSEC_ENABLED                  2
 
+#define STATUS_ENGINE_ENABLED           1
+#define STATUS_ENGINE_DISABLED          0
+
 #define HASH_DISABLED             0
 #define HASH_ENABLED              1
 

apache2/msc_status_engine.h

@@ -21,7 +21,7 @@
 #include "apr_optional.h"
 #include "msc_pcre.h"
 
-#define STATUS_ENGINE_DNS_IN_BETWEEN_DOTS 13
+#define STATUS_ENGINE_DNS_IN_BETWEEN_DOTS 32
 
 #define STATUS_ENGINE_DNS_SUFFIX "status.modsecurity.org"