This definition is currently used in two different circumstances: Report with
accuracy that the server is an IIS (status call), and also show the amount of
loaded remote rules on the windows logs. Different from Apache which loads the
rules twice, IIS just do it once.
On Apache platform the server signature can be replaced using the
SecServerSignature directive. Status call was using the signature informed by
this directive instead of using the original one. As reported at #702.
As reported at #714 status calls with long `apache version' name was broken.
DNS queries cannot be so long. This field is now limited to 25 characters
which is a valid size when encoded into base32
The status string was too long. By removing meaningless stuff, such as: runtime
version of Lua, we have reduced the length of the status string. Limitations
were also placed regarding the size of the ModSecurity version. Big queries may
lead to failure, due to restrictions of "gethostbyname". There is also a bit of
code cosmetics in this patch: big functions were broken into smaller.
In ModSecurityIIS the configuration is loaded upon the first request
is received. In other words, SecStatusEngine value can be only
loaded once the first request hit the server, and so, the status
function was moved to proceed just after the configuration got loaded.
This update is IIS only.
The Status Engine allow the measurements of how many ModSecurity
instances are running around the world, as long as information
on how many times it had been restarted and so on. Everytime that
the server is started it perform a DNS query that is redirected
to our servers, that query constains information about the
ModSecurity version and it dependencies versions. It also sends a
unique indetification generate locally for the server, avoiding
counting the same server twice while generating the statistics.
This id is a sha-1 hash of the machine name + mac address of the
first network adapter. In this commit it is enabled by default,
in the release will be a configuration option to disable this
functionality. It also important to cite that the information
gather by this query will be also available in ModSecurity website
public open via a JSON stateless API. There will be an fancy
heatmap as well.
