From 75f543f971382367be1bbdb44578e4effb521e1d Mon Sep 17 00:00:00 2001 From: wiaamm Date: Sun, 7 Dec 2025 15:07:23 +0200 Subject: [PATCH] check why data session is nil in header but availablein body --- .../plugins/open-appsec-waf-kong-plugin/handler.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua index 9d18346..be2f2eb 100755 --- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua +++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua @@ -161,6 +161,8 @@ end function NanoHandler.header_filter(conf) local ctx = kong.ctx.plugin + kong.log.err("header_filter: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL") + if ctx.blocked or ctx.cleanup_needed then return end @@ -169,7 +171,7 @@ function NanoHandler.header_filter(conf) local session_data = ctx.session_data if not session_id or not session_data then - kong.log.err("No session data found in header_filter") + kong.log.err("No session data found in header_filter - session_id:", session_id, " session_data:", session_data) return end @@ -199,8 +201,10 @@ function NanoHandler.body_filter(conf) local chunk = ngx.arg[1] local eof = ngx.arg[2] + kong.log.err("body_filter START: ctx.blocked=", ctx.blocked, " ctx.cleanup_needed=", ctx.cleanup_needed, " ctx.session_id=", ctx.session_id, " ctx.session_data=", ctx.session_data and "EXISTS" or "NIL") + if ctx.blocked or ctx.cleanup_needed then - kong.log.err("Fail-open mode - blocked chunk without inspection, chunk size: ", chunk and #chunk or 0) + kong.log.err("Fail-open mode - blocked/cleanup chunk without inspection, chunk size: ", chunk and #chunk or 0) if chunk then ngx.arg[1] = chunk @@ -211,7 +215,7 @@ function NanoHandler.body_filter(conf) kong.log.err("In body_filter phase") local session_id = ctx.session_id local session_data = ctx.session_data - kong.log.err("Session id after") + kong.log.err("Session id after: ", session_id, " session_data: ", session_data and "EXISTS" or "NIL") if not session_id or not session_data or ctx.session_finalized then kong.log.err("Fail-open mode - consuming chunk without inspection, chunk size: ", chunk and #chunk or 0) -- In fail-open, we need to consume the chunk to prevent buffering