github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

nginx: Considering modsec state before apply any rules

Browse Source 
For some reason the state of modsec (enable, disable or detecting only) was not
being checked under certain circumstances. For instance, while reading the
body. This was leading ModSecurity to fail and consequently nginx. This patch
added the to standalone implementation mechanism to verify the state that is now
verified under the nginx module.
This commit is contained in:
Felipe Zimmerle
2014-01-13 14:07:18 -08:00
parent 9bf1f6a2b3
commit fe14d9df4d
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
standalone/api.c
View File

@@ -500,6 +500,16 @@ void modsecSetConfigForIISRequestBody(request_rec *r)
msr->txcfg->stream_inbody_inspection = 1;
}
int modsecContextState(request_rec *r)
{
modsec_rec *msr = retrieve_msr(r);
if(msr == NULL || msr->txcfg == NULL)
return NOT_SET;
return msr->txcfg->is_enabled;
}
int modsecIsRequestBodyAccessEnabled(request_rec *r)
{
modsec_rec *msr = retrieve_msr(r);
@@ -681,3 +691,4 @@ void modsecSetDropAction(int (*func)(request_rec *r)) {
const char *modsecIsServerSignatureAvailale(void) {
return new_server_signature;
}