From 5c3522fe89bb9795cc7fea0b338a2ba9a08e92e6 Mon Sep 17 00:00:00 2001 From: wiaamm Date: Sun, 14 Dec 2025 10:56:58 +0200 Subject: [PATCH] use right content-length --- .../open-appsec-waf-kong-plugin/handler.lua | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua index 8ad7d95..cd06a06 100755 --- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua +++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua @@ -249,7 +249,11 @@ function NanoHandler.body_filter(conf) kong.log.warn("Body filter timeout after ", elapsed_time, " seconds - failing open") ctx.cleanup_needed = true if ctx.response_buffer and #ctx.response_buffer > 0 then - ngx.arg[1] = table.concat(ctx.response_buffer) + local buffered_data = table.concat(ctx.response_buffer) + local original_content_length = tonumber(ngx.header["Content-Length"]) or #buffered_data + local total_diff = ctx.content_length_diff or 0 + ngx.header["Content-Length"] = original_content_length + total_diff + ngx.arg[1] = buffered_data end return end @@ -260,6 +264,7 @@ function NanoHandler.body_filter(conf) if chunk and #chunk > 0 then ctx.body_buffer_chunk = ctx.body_buffer_chunk or 0 + ctx.content_length_diff = ctx.content_length_diff or 0 ctx.body_seen = true table.insert(ctx.response_buffer, chunk) @@ -267,7 +272,10 @@ function NanoHandler.body_filter(conf) local verdict, response, modifications = nano.send_body(session_id, session_data, chunk, nano.HttpChunkType.HTTP_RESPONSE_BODY) if modifications then + local original_length = #chunk chunk = nano.handle_body_modifications(chunk, modifications, ctx.body_buffer_chunk) + local modified_length = #chunk + ctx.content_length_diff = ctx.content_length_diff + (modified_length - original_length) ctx.response_buffer[#ctx.response_buffer] = chunk end @@ -329,7 +337,9 @@ function NanoHandler.body_filter(conf) if ctx.response_buffer and #ctx.response_buffer > 0 then local buffered_data = table.concat(ctx.response_buffer) - ngx.header["Content-Length"] = #buffered_data + local original_content_length = tonumber(ngx.header["Content-Length"]) or #buffered_data + local total_diff = ctx.content_length_diff or 0 + ngx.header["Content-Length"] = original_content_length + total_diff ngx.arg[1] = buffered_data else kong.log.debug("No buffered chunks to flush (empty response)")