diff --git a/CHANGES b/CHANGES
index b77312c3..43909417 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
?? ??? 2007 - 2.5.0-trunk
-------------------------
+ * Added MODSEC_BUILD variable that contains the numeric build value based
+ on the ModSecurity version.
+
* Enhanced debug logging.
* Cleaned up and clarified some documentation.
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index 667936bc..720f337f 100644
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -24,6 +24,14 @@
msc_engine DSOLOCAL *modsecurity = NULL;
+modsec_build_type_rec DSOLOCAL modsec_build_type[] = {
+ { "dev", 1 }, /* Development build */
+ { "rc", 3 }, /* Release Candidate build */
+ { "", 9 }, /* Production build */
+ { "breach", 9 }, /* Breach build */
+ { "trunk", 9 }, /* Trunk build */
+ { NULL, -1 } /* terminator */
+};
/* Global module variables; these are used for the Apache-specific functionality */
@@ -495,11 +503,11 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
if (first_time) {
if (new_server_signature != NULL) {
ap_log_error(APLOG_MARK, APLOG_NOTICE | APLOG_NOERRNO, 0, s,
- "ModSecurity for Apache %s configured - %s", MODULE_RELEASE, real_server_signature);
+ "ModSecurity for Apache %s (build %s) configured - %s", MODULE_RELEASE, modsec_build(mp_temp), real_server_signature);
}
else {
ap_log_error(APLOG_MARK, APLOG_NOTICE | APLOG_NOERRNO, 0, s,
- "ModSecurity for Apache %s configured", MODULE_RELEASE);
+ "ModSecurity for Apache %s (build %s) configured", MODULE_RELEASE, modsec_build(mp_temp));
}
}
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index f9d157c1..a04cfa3e 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -49,9 +49,23 @@ typedef struct msc_string msc_string;
#include "http_log.h"
#include "http_protocol.h"
+typedef struct modsec_build_type_rec {
+ const char * name;
+ int val;
+} modsec_build_type_rec;
+extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
+
+#define MODSEC_VERSION_MAJOR "2"
+#define MODSEC_VERSION_MINOR "5"
+#define MODSEC_VERSION_MAINT "0"
+#define MODSEC_VERSION_TYPE "trunk"
+#define MODSEC_VERSION_RELEASE "99"
+
#define MODULE_NAME "ModSecurity"
-#define MODULE_RELEASE "2.5.0-trunk"
-#define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)")
+#define MODULE_RELEASE \
+ MODSEC_VERSION_MAJOR "." MODSEC_VERSION_MINOR "." MODSEC_VERSION_MAINT \
+ "-" MODSEC_VERSION_TYPE MODSEC_VERSION_RELEASE
+#define MODULE_NAME_FULL MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)"
#define PHASE_REQUEST_HEADERS 1
#define PHASE_REQUEST_BODY 2
@@ -61,8 +75,8 @@ typedef struct msc_string msc_string;
#define PHASE_FIRST PHASE_REQUEST_HEADERS
#define PHASE_LAST PHASE_LOGGING
-#define NOT_SET -1
-#define NOT_SET_P (void *)-1
+#define NOT_SET -1
+#define NOT_SET_P (void *)-1
#define CREATEMODE ( APR_UREAD | APR_UWRITE | APR_GREAD )
#define CREATEMODE_DIR ( APR_UREAD | APR_UWRITE | APR_UEXECUTE | APR_GREAD | APR_GEXECUTE )
diff --git a/apache2/msc_util.c b/apache2/msc_util.c
index e4ac75a0..9d96c178 100644
--- a/apache2/msc_util.c
+++ b/apache2/msc_util.c
@@ -999,3 +999,22 @@ int normalise_path_inplace(unsigned char *input, int input_len, int win) {
return count;
}
+
+char *modsec_build(apr_pool_t *mp) {
+ int build_type = 0;
+ int i;
+
+ for (i = 0; modsec_build_type[i].name != NULL; i++) {
+ if (strcmp(MODSEC_VERSION_TYPE, modsec_build_type[i].name) == 0) {
+ build_type = modsec_build_type[i].val;
+ break;
+ }
+ }
+
+ return apr_psprintf(mp, "%02i%02i%02i%1i%02i",
+ atoi(MODSEC_VERSION_MAJOR),
+ atoi(MODSEC_VERSION_MINOR),
+ atoi(MODSEC_VERSION_MAINT),
+ build_type,
+ atoi(MODSEC_VERSION_RELEASE));
+}
diff --git a/apache2/msc_util.h b/apache2/msc_util.h
index 9a5548ae..5dc3b7e8 100644
--- a/apache2/msc_util.h
+++ b/apache2/msc_util.h
@@ -72,4 +72,6 @@ int DSOLOCAL html_entities_decode_inplace(apr_pool_t *mp, unsigned char *input,
int DSOLOCAL ansi_c_sequences_decode_inplace(unsigned char *input, int len);
+char DSOLOCAL *modsec_build(apr_pool_t *mp);
+
#endif
diff --git a/apache2/re_variables.c b/apache2/re_variables.c
index 53cb35b7..ba30d0cd 100644
--- a/apache2/re_variables.c
+++ b/apache2/re_variables.c
@@ -1020,6 +1020,14 @@ static int var_files_combined_size_generate(modsec_rec *msr, msre_var *var, msre
return 1;
}
+/* MODSEC_BUILD */
+
+static int var_modsec_build_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+ apr_table_t *vartab, apr_pool_t *mptmp)
+{
+ return var_simple_generate(var, vartab, mptmp, modsec_build(mptmp));
+}
+
/* TIME */
static int var_time_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -2020,6 +2028,17 @@ void msre_engine_register_default_variables(msre_engine *engine) {
PHASE_REQUEST_BODY
);
+ /* MODSEC_BUILD */
+ msre_engine_variable_register(engine,
+ "MODSEC_BUILD",
+ VAR_SIMPLE,
+ 0, 0,
+ NULL,
+ var_modsec_build_generate,
+ VAR_CACHE,
+ PHASE_REQUEST_HEADERS
+ );
+
/* TIME */
msre_engine_variable_register(engine,
"TIME",
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 68af551e..66be3535 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -3,7 +3,7 @@
ModSecurity Reference Manual
- Version 2.5.0-trunk / (July 27, 2007)
+ Version 2.5.0-trunk / (Aug 8, 2007)
2004-2007
@@ -2188,6 +2188,17 @@ SecRule ENV:tag "suspicious"
SecRule GEO:COUNTRY_CODE "!@streq UK"
+
+ <literal moreinfo="none">MODSEC_BUILD</literal>
+
+ This variable holds the ModSecurity build number. This variable is
+ intended to be used to check the build number prior to using a feature
+ that is available only in a certain build. Example:
+
+ SecRule MODSEC_BUILD "!@ge 02050102" skip:1
+SecRule ARGS "@pm some key words" deny,status:500
+
+
<literal moreinfo="none">PATH_INFO</literal>