2525#include "apr_optional.h"
2626#include "mod_log_config.h"
2727
28+ #ifdef APLOG_USE_MODULE
29+ APLOG_USE_MODULE (security2 );
30+ #endif
31+
2832#include "msc_logging.h"
2933#include "msc_util.h"
3034
@@ -1451,6 +1455,9 @@ static int hook_connection_early(conn_rec *conn)
14511455
14521456apr_cpystrn (ws_record -> client ,client_ip ,sizeof (ws_record -> client ));
14531457
1458+ ap_log_cerror (APLOG_MARK ,APLOG_TRACE3 ,0 ,conn ,
1459+ "ModSecurity: going to loop through %d servers with %d threads" ,
1460+ server_limit ,thread_limit );
14541461for (i = 0 ;i < server_limit ;++ i ) {
14551462for (j = 0 ;j < thread_limit ;++ j ) {
14561463
@@ -1485,14 +1492,18 @@ static int hook_connection_early(conn_rec *conn)
14851492 }
14861493 }
14871494
1495+ ap_log_cerror (APLOG_MARK ,APLOG_TRACE3 ,0 ,conn ,
1496+ "ModSecurity: threads in READ: %ld of %ld, WRITE: %ld of %ld, IP: %s" ,
1497+ ip_count_r ,conn_read_state_limit ,ip_count_w ,conn_write_state_limit ,client_ip );
1498+
14881499if (conn_read_state_limit > 0 && ip_count_r > conn_read_state_limit )
14891500 {
14901501if (conn_read_state_suspicious_list &&
14911502 (tree_contains_ip (conn -> pool ,
14921503conn_read_state_suspicious_list ,client_ip ,NULL ,& error_msg ) <=0 ))
14931504 {
14941505if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1495- ap_log_error (APLOG_MARK ,APLOG_WARNING ,0 ,NULL ,
1506+ ap_log_cerror (APLOG_MARK ,APLOG_WARNING ,0 ,conn ,
14961507"ModSecurity: Too many threads [%ld] of %ld allowed " \
14971508"in READ state from %s - There is a suspission list " \
14981509"but that IP is not part of it, access granted" ,
@@ -1502,15 +1513,15 @@ static int hook_connection_early(conn_rec *conn)
15021513conn_read_state_whitelist ,client_ip ,NULL ,& error_msg )> 0 )
15031514 {
15041515if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1505- ap_log_error (APLOG_MARK ,APLOG_WARNING ,0 ,NULL ,
1516+ ap_log_cerror (APLOG_MARK ,APLOG_WARNING ,0 ,conn ,
15061517"ModSecurity: Too many threads [%ld] of %ld allowed " \
15071518"in READ state from %s - Ip is on whitelist, access " \
15081519"granted" ,ip_count_r ,conn_read_state_limit ,
15091520client_ip );
15101521 }
15111522else
15121523 {
1513- ap_log_error (APLOG_MARK ,APLOG_WARNING ,0 ,NULL ,
1524+ ap_log_cerror (APLOG_MARK ,APLOG_WARNING ,0 ,conn ,
15141525"ModSecurity: Access denied with code 400. Too many " \
15151526"threads [%ld] of %ld allowed in READ state from %s - " \
15161527"Possible DoS Consumption Attack [Rejected]" ,ip_count_r ,
@@ -1528,7 +1539,7 @@ static int hook_connection_early(conn_rec *conn)
15281539conn_write_state_suspicious_list ,client_ip ,NULL ,& error_msg ) <=0 ))
15291540 {
15301541if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1531- ap_log_error (APLOG_MARK ,APLOG_WARNING ,0 ,NULL ,
1542+ ap_log_cerror (APLOG_MARK ,APLOG_WARNING ,0 ,conn ,
15321543"ModSecurity: Too many threads [%ld] of %ld allowed " \
15331544"in WRITE state from %s - There is a suspission list " \
15341545"but that IP is not part of it, access granted" ,
@@ -1538,15 +1549,15 @@ static int hook_connection_early(conn_rec *conn)
15381549conn_write_state_whitelist ,client_ip ,NULL ,& error_msg )> 0 )
15391550 {
15401551if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1541- ap_log_error (APLOG_MARK ,APLOG_WARNING ,0 ,NULL ,
1552+ ap_log_cerror (APLOG_MARK ,APLOG_WARNING ,0 ,conn ,
15421553"ModSecurity: Too many threads [%ld] of %ld allowed " \
15431554"in WRITE state from %s - Ip is on whitelist, " \
15441555"access granted" ,ip_count_w ,conn_read_state_limit ,
15451556client_ip );
15461557 }
15471558else
15481559 {
1549- ap_log_error (APLOG_MARK ,APLOG_WARNING ,0 ,NULL ,
1560+ ap_log_cerror (APLOG_MARK ,APLOG_WARNING ,0 ,conn ,
15501561"ModSecurity: Access denied with code 400. Too many " \
15511562"threads [%ld] of %ld allowed in WRITE state from %s - " \
15521563"Possible DoS Consumption Attack [Rejected]" ,ip_count_w ,
