NotificationsYou must be signed in to change notification settings
Fork0
Star0

Commit2a43589

Felipe Zimmerle

committed

nginx: Removes problematic performance improvement

In an attempt to boost the performance the headers were being checked in twodifferent situations, the first if SecResponseBodyAccess was Off and in asecond situation if SecResponseBodyAccess was set to On. This makes sensehowever functionalities such as content injection demands the body even ifSecResponseBodyAccess was not enabled. This patch removes the first scenario,leaving just the second one. After this modification the following regressiontests started to pass:from: regression/action/10-append-prepend.t 1) action - append content: passed 2) action - prepend content: passed

1 parent21e25c5 commit2a43589Copy full SHA for 2a43589

File tree

1 file changed

-29

lines changed

nginx/modsecurity
- ngx_http_modsecurity.c

1 file changed

-29

lines changed

`‎nginx/modsecurity/ngx_http_modsecurity.c‎`

Lines changed: 0 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -1074,8 +1074,6 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) {`
`1074`	`1074`	`ngx_http_modsecurity_ctx_t*ctx;`
`1075`	`1075`	`constchar*location;`
`1076`	`1076`	`ngx_table_elt_t*h;`
`1077`		`-ngx_int_trc;`
`1078`		`-`
`1079`	`1077`
`1080`	`1078`	`cf=ngx_http_get_module_loc_conf(r,ngx_http_modsecurity);`
`1081`	`1079`	`ctx=ngx_http_get_module_ctx(r,ngx_http_modsecurity);`
`@@ -1112,33 +1110,6 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) {`
`1112`	`1110`
`1113`	`1111`	`ngx_log_debug0(NGX_LOG_DEBUG_HTTP,r->connection->log,0,"modSecurity: header filter");`
`1114`	`1112`
`1115`		`-/* header only or SecResponseBodyAccess off */`
`1116`		`-if (r->header_only\|\| (!modsecIsResponseBodyAccessEnabled(ctx->req)) ) {`
`1117`		`-`
`1118`		`-ctx->complete=1;`
`1119`		`-`
`1120`		`-if (ngx_http_modsecurity_load_headers_in(r)!=NGX_OK`
`1121`		`-\|\|ngx_http_modsecurity_load_headers_out(r)!=NGX_OK) {`
`1122`		`-`
`1123`		`-returnNGX_HTTP_INTERNAL_SERVER_ERROR;`
`1124`		`- }`
`1125`		`-`
`1126`		`-rc=ngx_http_modsecurity_status(r,modsecProcessResponse(ctx->req));`
`1127`		`-`
`1128`		`-if (rc!=NGX_DECLINED) {`
`1129`		`-returnngx_http_filter_finalize_request(r,&ngx_http_modsecurity,rc);`
`1130`		`- }`
`1131`		`-`
`1132`		`-if (ngx_http_modsecurity_save_headers_in(r)!=NGX_OK`
`1133`		`-\|\|ngx_http_modsecurity_save_headers_out(r)!=NGX_OK) {`
`1134`		`-returnngx_http_filter_finalize_request(r,&ngx_http_modsecurity,NGX_HTTP_INTERNAL_SERVER_ERROR);`
`1135`		`- }`
`1136`		`-`
`1137`		`-returnngx_http_next_header_filter(r);`
`1138`		`- }`
`1139`		`-`
`1140`		`-/* SecResponseBodyAccess on, process rules in body filter */`
`1141`		`-`
`1142`	`1113`	`r->filter_need_in_memory=1;`
`1143`	`1114`	`returnNGX_OK;`
`1144`	`1115`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2a43589

File tree

1 file changed

1 file changed

`‎nginx/modsecurity/ngx_http_modsecurity.c‎`

0 commit comments