Commitf86a71f

Felipe Zimmerle

committed

Adds SecStatusEngine On/Off switch

Add the possibility to turn the Status Engine On or Off using thedirective SecStatusEngine [On/Off]. By default it is On.

1 parent0c6a661 commitf86a71fCopy full SHA for f86a71f

File tree

+41

-2

lines changed

+41

-2

lines changed

Lines changed: 25 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2083,6 +2083,23 @@ static const char cmd_rule_engine(cmd_parms cmd, void _dcfg, const char p1)`
`2083`	`2083`	`returnNULL;`
`2084`	`2084`	`}`
`2085`	`2085`
	`2086`	`+staticconstcharcmd_STATUS_ENGINE(cmd_parmscmd,void_dcfg,constcharp1)`
	`2087`	`+{`
	`2088`	`+if (strcasecmp(p1,"on")==0) {`
	`2089`	`+status_engine_state=STATUS_ENGINE_ENABLED;`
	`2090`	`+ }`
	`2091`	`+elseif (strcasecmp(p1,"off")==0) {`
	`2092`	`+status_engine_state=STATUS_ENGINE_DISABLED;`
	`2093`	`+ }`
	`2094`	`+else {`
	`2095`	`+returnapr_psprintf(cmd->pool,"ModSecurity: Invalid value for " \`
	`2096`	`+"SecStatusEngine: %s",p1);`
	`2097`	`+ }`
	`2098`	`+`
	`2099`	`+returnNULL;`
	`2100`	`+}`
	`2101`	`+`
	`2102`	`+`
`2086`	`2103`	`staticconstcharcmd_rule_inheritance(cmd_parmscmd,void*_dcfg,intflag)`
`2087`	`2104`	`{`
`2088`	`2105`	`directory_configdcfg= (directory_config)_dcfg;`
`@@ -3297,6 +3314,14 @@ const command_rec module_directives[] = {`
`3297`	`3314`	`"On or Off"`
`3298`	`3315`	`),`
`3299`	`3316`
	`3317`	`+AP_INIT_TAKE1 (`
	`3318`	`+"SecStatusEngine",`
	`3319`	`+cmd_status_engine,`
	`3320`	`+NULL,`
	`3321`	`+CMD_SCOPE_ANY,`
	`3322`	`+"On or Off"`
	`3323`	`+ ),`
	`3324`	`+`
`3300`	`3325`	`AP_INIT_TAKE1 (`
`3301`	`3326`	`"SecXmlExternalEntity",`
`3302`	`3327`	`cmd_xml_external_entity,`

Lines changed: 10 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,8 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0;`
`61`	`61`
`62`	`62`	`unsigned longintDSOLOCALmsc_pcre_match_limit_recursion=0;`
`63`	`63`
	`64`	`+intDSOLOCALstatus_engine_state=STATUS_ENGINE_ENABLED;`
	`65`	`+`
`64`	`66`	`unsigned longintDSOLOCALconn_read_state_limit=0;`
`65`	`67`
`66`	`68`	`unsigned longintDSOLOCALconn_write_state_limit=0;`
`@@ -724,7 +726,14 @@ static int hook_post_config(apr_pool_t mp, apr_pool_t mp_log, apr_pool_t *mp_t`
`724`	`726`	`"Original server signature: %s",real_server_signature);`
`725`	`727`	`}`
`726`	`728`
`727`		`-msc_status_engine_call();`
	`729`	`+if (status_engine_state!=STATUS_ENGINE_DISABLED) {`
	`730`	`+msc_status_engine_call();`
	`731`	`+ }`
	`732`	`+else {`
	`733`	`+ap_log_error(APLOG_MARK,APLOG_NOTICE,0,NULL,`
	`734`	`+"Status engine is currently disabled, enable it by set " \`
	`735`	`+"SecStatusEngine to On.");`
	`736`	`+ }`
`728`	`737`	`}`
`729`	`738`
`730`	`739`	`srand((unsignedint)(time(NULL)*getpid()));`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -142,6 +142,8 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit;`
`142`	`142`
`143`	`143`	`externDSOLOCAL unsigned longintmsc_pcre_match_limit_recursion;`
`144`	`144`
	`145`	`+externDSOLOCALintstatus_engine_state;`
	`146`	`+`
`145`	`147`	`externDSOLOCAL unsigned longintconn_read_state_limit;`
`146`	`148`
`147`	`149`	`externDSOLOCAL unsigned longintconn_write_state_limit;`
`@@ -182,6 +184,9 @@ extern DSOLOCAL int *unicode_map_table;`
`182`	`184`	`#defineMODSEC_DETECTION_ONLY 1`
`183`	`185`	`#defineMODSEC_ENABLED 2`
`184`	`186`
	`187`	`+#defineSTATUS_ENGINE_ENABLED 1`
	`188`	`+#defineSTATUS_ENGINE_DISABLED 0`
	`189`	`+`
`185`	`190`	`#defineHASH_DISABLED 0`
`186`	`191`	`#defineHASH_ENABLED 1`
`187`	`192`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`#include"apr_optional.h"`
`22`	`22`	`#include"msc_pcre.h"`
`23`	`23`
`24`		`-#defineSTATUS_ENGINE_DNS_IN_BETWEEN_DOTS13`
	`24`	`+#defineSTATUS_ENGINE_DNS_IN_BETWEEN_DOTS32`
`25`	`25`
`26`	`26`	`#defineSTATUS_ENGINE_DNS_SUFFIX "status.modsecurity.org"`
`27`	`27`

Comments

(0)