nginx: Considering modsec state before apply any rules

For some reason the state of modsec (enable, disable or detecting only) was not
being checked under certain circumstances. For instance, while reading the
body. This was leading ModSecurity to fail and consequently nginx. This patch
added the to standalone implementation mechanism to verify the state that is now
verified under the nginx module.

nginx/modsecurity/ngx_http_modsecurity.c

@@ -1027,6 +1027,10 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r)
         return rc;
     }
 
+    if (modsecContextState(ctx->req) == MODSEC_DISABLED) {
+        return NGX_DECLINED;
+    }
+
     if (r->method == NGX_HTTP_POST 
             && modsecIsRequestBodyAccessEnabled(ctx->req) ) {
 

standalone/api.c

@@ -500,6 +500,16 @@ void modsecSetConfigForIISRequestBody(request_rec *r)
         msr->txcfg->stream_inbody_inspection = 1;
 }
 
+int modsecContextState(request_rec *r)
+{
+    modsec_rec *msr = retrieve_msr(r);
+
+    if(msr == NULL || msr->txcfg == NULL)
+        return NOT_SET;
+
+    return msr->txcfg->is_enabled;
+}
+
 int modsecIsRequestBodyAccessEnabled(request_rec *r)
 {
     modsec_rec *msr = retrieve_msr(r);
@@ -681,3 +691,4 @@ void modsecSetDropAction(int (*func)(request_rec *r)) {
 const char *modsecIsServerSignatureAvailale(void) {
     return new_server_signature;
 }
+

standalone/api.h

@@ -112,6 +112,8 @@ void modsecSetDropAction(int (*func)(request_rec *r));
 int modsecIsResponseBodyAccessEnabled(request_rec *r);
 int modsecIsRequestBodyAccessEnabled(request_rec *r);
 
+int modsecContextState(request_rec *r);
+
 void modsecSetConfigForIISRequestBody(request_rec *r);
 
 const char *modsecIsServerSignatureAvailale(void);