NotificationsYou must be signed in to change notification settings
Fork0
Star0

Commit48d85c7

Felipe Zimmerle

committed

Places connection filter engine in a separated configuration

Different from the Rules or other options, the connections filters are appliedto entire server, not to a single vhost, or so. In order to keep it clear tothe user this patches adds "SecConnectionEngine" which works in the same waythat SecRuleEngine does.

1 parenta15f881 commit48d85c7Copy full SHA for 48d85c7

File tree

2 files changed

+37

-3

lines changed

apache2
- apache2_config.c
- mod_security2.c

2 files changed

+37

-3

lines changed

`‎apache2/apache2_config.c‎`

Lines changed: 36 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -2141,6 +2141,34 @@ static const char cmd_rule(cmd_parms cmd, void *_dcfg,`
`2141`	`2141`	`returnadd_rule(cmd, (directory_config*)_dcfg,RULE_TYPE_NORMAL,p1,p2,p3);`
`2142`	`2142`	`}`
`2143`	`2143`
	`2144`	`+staticconstcharcmd_sever_conn_filters_engine(cmd_parmscmd,void*_dcfg,`
	`2145`	`+constchar*p1)`
	`2146`	`+{`
	`2147`	`+directory_configdcfg= (directory_config)_dcfg;`
	`2148`	`+`
	`2149`	`+if (dcfg==NULL)returnNULL;`
	`2150`	`+`
	`2151`	`+if (strcasecmp(p1,"on")==0)`
	`2152`	`+ {`
	`2153`	`+conn_limits_filter_state=MODSEC_ENABLED;`
	`2154`	`+ }`
	`2155`	`+elseif (strcasecmp(p1,"off")==0)`
	`2156`	`+ {`
	`2157`	`+conn_limits_filter_state=MODSEC_DISABLED;`
	`2158`	`+ }`
	`2159`	`+elseif (strcasecmp(p1,"detectiononly")==0)`
	`2160`	`+ {`
	`2161`	`+conn_limits_filter_state=MODSEC_DETECTION_ONLY;`
	`2162`	`+ }`
	`2163`	`+else`
	`2164`	`+ {`
	`2165`	`+returnapr_psprintf(cmd->pool,"ModSecurity: Invalid value for " \`
	`2166`	`+"SecConnectionEngine: %s",p1);`
	`2167`	`+ }`
	`2168`	`+`
	`2169`	`+returnNULL;`
	`2170`	`+}`
	`2171`	`+`
`2144`	`2172`	`staticconstcharcmd_rule_engine(cmd_parmscmd,void_dcfg,constcharp1)`
`2145`	`2173`	`{`
`2146`	`2174`	`directory_configdcfg= (directory_config)_dcfg;`
`@@ -2167,8 +2195,6 @@ static const char cmd_rule_engine(cmd_parms cmd, void _dcfg, const char p1)`
`2167`	`2195`	`"SecRuleEngine: %s",p1);`
`2168`	`2196`	`}`
`2169`	`2197`
`2170`		`-conn_limits_filter_state=dcfg->is_enabled;`
`2171`		`-`
`2172`	`2198`	`returnNULL;`
`2173`	`2199`	`}`
`2174`	`2200`
`@@ -3411,6 +3437,14 @@ const command_rec module_directives[] = {`
`3411`	`3437`	`"On or Off"`
`3412`	`3438`	`),`
`3413`	`3439`
	`3440`	`+AP_INIT_TAKE1 (`
	`3441`	`+"SecConnectionEngine",`
	`3442`	`+cmd_sever_conn_filters_engine,`
	`3443`	`+NULL,`
	`3444`	`+CMD_SCOPE_ANY,`
	`3445`	`+"On or Off"`
	`3446`	`+ ),`
	`3447`	`+`
`3414`	`3448`	`AP_INIT_TAKE1 (`
`3415`	`3449`	`"SecXmlExternalEntity",`
`3416`	`3450`	`cmd_xml_external_entity,`

`‎apache2/mod_security2.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;`
`63`	`63`
`64`	`64`	`intDSOLOCALstatus_engine_state=STATUS_ENGINE_DISABLED;`
`65`	`65`
`66`		`-intDSOLOCALconn_limits_filter_state=0;`
	`66`	`+intDSOLOCALconn_limits_filter_state=MODSEC_DISABLED;`
`67`	`67`
`68`	`68`	`unsigned longintDSOLOCALconn_read_state_limit=0;`
`69`	`69`	`TreeRootDSOLOCAL*conn_read_state_whitelist=0;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit48d85c7

File tree

2 files changed

2 files changed

`‎apache2/apache2_config.c‎`

`‎apache2/mod_security2.c‎`

0 commit comments