Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit795d6a6

Browse files
author
Felipe Zimmerle
committed
nginx: Warn about not workable 'proxy'
Proxy is not yet ready for nginx. Instead of give a generic error, this patchadds a clean message explains that such functionality is not available on thenginx port. This patch also modifies the test cases to reflect this changes.
1 parent7478faa commit795d6a6

File tree

2 files changed

+51
-10
lines changed

2 files changed

+51
-10
lines changed

‎apache2/mod_security2.c‎

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,7 @@ int perform_interception(modsec_rec *msr) {
195195
break;
196196

197197
caseACTION_PROXY :
198+
#if !(defined(VERSION_IIS))&& !(defined(VERSION_NGINX))&& !(defined(VERSION_STANDALONE))
198199
if (msr->phase<3) {
199200
if (ap_find_linked_module("mod_proxy.c")==NULL) {
200201
log_level=1;
@@ -219,6 +220,15 @@ int perform_interception(modsec_rec *msr) {
219220
"(Configuration Error: Proxy action requested but it does not work in output phases).",
220221
phase_text);
221222
}
223+
#else
224+
log_level=1;
225+
status=HTTP_INTERNAL_SERVER_ERROR;
226+
message=apr_psprintf(msr->mp,"Access denied with code 500%s "
227+
"(Configuration Error: Proxy action to %s requested but "
228+
"proxy is only available in Apache version).",
229+
phase_text,
230+
log_escape_nq(msr->mp,actionset->intercept_uri));
231+
#endif
222232
break;
223233

224234
caseACTION_DROP :

‎tests/regression/action/00-disruptive-actions.t‎

Lines changed: 41 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -454,12 +454,22 @@
454454
SecRule REQUEST_URI"\@streq /test2.txt""phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005"
455455
),
456456
match_log=> {
457-
error=> [ qr/ModSecurity: Access denied using proxyto \(phase1\)/,1 ],
457+
error=> {
458+
apache=> [qr/ModSecurity: Access denied using proxyto \(phase1\)/,1],
459+
nginx=> [qr/ModSecurity: Access deniedwith code500 \(phase1\) \(Configuration Error:Proxy actionto.* requestedbut proxyisonlyavailable in Apache version\)./,1],
460+
},
458461
},
459462
match_response=> {
460-
status=> qr/^200$/,
461-
content=> qr/^TEST$/,
463+
status=> {
464+
apache=> qr/^200$/,
465+
nginx=> qr/^500$/,
466+
},
467+
content=> {
468+
apache=> qr/^TEST$/,
469+
nginx=> qr/^*$/,
470+
},
462471
},
472+
463473
request=>new HTTP::Request(
464474
GET=>"http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
465475
),
@@ -475,11 +485,20 @@
475485
SecRule REQUEST_URI"\@streq /test2.txt""phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500006"
476486
),
477487
match_log=> {
478-
error=> [ qr/ModSecurity: Access denied using proxyto \(phase2\)/,1 ],
488+
error=> {
489+
apache=> [qr/ModSecurity: Access denied using proxyto \(phase2\)/,1],
490+
nginx=> [qr/ModSecurity: Access deniedwith code500 \(phase2\) \(Configuration Error:Proxy actionto.* requestedbut proxyisonlyavailable in Apache version\)./,1],
491+
},
479492
},
480493
match_response=> {
481-
status=> qr/^200$/,
482-
content=> qr/^TEST$/,
494+
status=> {
495+
apache=> qr/^200$/,
496+
nginx=> qr/^500$/,
497+
},
498+
content=> {
499+
apache=> qr/^TEST$/,
500+
nginx=> qr/^*$/,
501+
},
483502
},
484503
request=>new HTTP::Request(
485504
GET=>"http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
@@ -498,10 +517,16 @@
498517
SecRule REQUEST_URI"\@streq /test2.txt""phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500007"
499518
),
500519
match_log=> {
501-
error=> [ qr/ModSecurity: Access deniedwith code500 \(phase3\) \(Configuration Error:Proxy action requestedbut itdoesnot work in output phases\)./,1 ],
520+
error=> {
521+
apache=> [qr/ModSecurity: Access deniedwith code500 \(phase3\) \(Configuration Error:Proxy action requestedbut itdoesnot work in output phases\)./,1],
522+
nginx=> [qr/ModSecurity: Access deniedwith code500 \(phase3\) \(Configuration Error:Proxy actionto.* requestedbut proxyisonlyavailable in Apache version\)./,1],
523+
}
502524
},
503525
match_response=> {
504-
status=> qr/^500$/,
526+
status=> {
527+
apache=> qr/^500$/,
528+
nginx=> qr/^500$/,
529+
},
505530
},
506531
request=>new HTTP::Request(
507532
GET=>"http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
@@ -520,10 +545,16 @@
520545
SecRule REQUEST_URI"\@streq /test2.txt""phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500008"
521546
),
522547
match_log=> {
523-
error=> [ qr/ModSecurity: Access deniedwith code500 \(phase4\) \(Configuration Error:Proxy action requestedbut itdoesnot work in output phases\)./,1 ],
548+
error=> {
549+
apache=> [qr/ModSecurity: Access deniedwith code500 \(phase4\) \(Configuration Error:Proxy action requestedbut itdoesnot work in output phases\)./,1],
550+
nginx=> [qr/ModSecurity: Access deniedwith code500 \(phase4\) \(Configuration Error:Proxy actionto.* requestedbut proxyisonlyavailable in Apache version\)./,1],
551+
}
524552
},
525553
match_response=> {
526-
status=> qr/^500$/,
554+
status=> {
555+
apache=> qr/^500$/,
556+
nginx=> qr/^500$/,
557+
},
527558
},
528559
request=>new HTTP::Request(
529560
GET=>"http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp