Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitfe14d9d

Browse files
author
Felipe Zimmerle
committed
nginx: Considering modsec state before apply any rules
For some reason the state of modsec (enable, disable or detecting only) was notbeing checked under certain circumstances. For instance, while reading thebody. This was leading ModSecurity to fail and consequently nginx. This patchadded the to standalone implementation mechanism to verify the state that is nowverified under the nginx module.
1 parent9bf1f6a commitfe14d9d

File tree

3 files changed

+17
-0
lines changed

3 files changed

+17
-0
lines changed

‎nginx/modsecurity/ngx_http_modsecurity.c‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1027,6 +1027,10 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r)
10271027
returnrc;
10281028
}
10291029

1030+
if (modsecContextState(ctx->req)==MODSEC_DISABLED) {
1031+
returnNGX_DECLINED;
1032+
}
1033+
10301034
if (r->method==NGX_HTTP_POST
10311035
&&modsecIsRequestBodyAccessEnabled(ctx->req) ) {
10321036

‎standalone/api.c‎

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -500,6 +500,16 @@ void modsecSetConfigForIISRequestBody(request_rec *r)
500500
msr->txcfg->stream_inbody_inspection=1;
501501
}
502502

503+
intmodsecContextState(request_rec*r)
504+
{
505+
modsec_rec*msr=retrieve_msr(r);
506+
507+
if(msr==NULL||msr->txcfg==NULL)
508+
returnNOT_SET;
509+
510+
returnmsr->txcfg->is_enabled;
511+
}
512+
503513
intmodsecIsRequestBodyAccessEnabled(request_rec*r)
504514
{
505515
modsec_rec*msr=retrieve_msr(r);
@@ -681,3 +691,4 @@ void modsecSetDropAction(int (*func)(request_rec *r)) {
681691
constchar*modsecIsServerSignatureAvailale(void) {
682692
returnnew_server_signature;
683693
}
694+

‎standalone/api.h‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ void modsecSetDropAction(int (*func)(request_rec *r));
112112
intmodsecIsResponseBodyAccessEnabled(request_rec*r);
113113
intmodsecIsRequestBodyAccessEnabled(request_rec*r);
114114

115+
intmodsecContextState(request_rec*r);
116+
115117
voidmodsecSetConfigForIISRequestBody(request_rec*r);
116118

117119
constchar*modsecIsServerSignatureAvailale(void);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp