|
Packit Service |
384592 |
/*
|
|
Packit Service |
384592 |
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
|
Packit Service |
384592 |
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* You may not use this file except in compliance with
|
|
Packit Service |
384592 |
* the License. You may obtain a copy of the License at
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* If any of the files related to licensing are missing or if you have any
|
|
Packit Service |
384592 |
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
Packit Service |
384592 |
* directly using the email address security@modsecurity.org.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include <limits.h>
|
|
Packit Service |
384592 |
#include <stdio.h>
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "http_core.h"
|
|
Packit Service |
384592 |
#include "http_request.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "modsecurity.h"
|
|
Packit Service |
384592 |
#include "apache2.h"
|
|
Packit Service |
384592 |
#include "http_main.h"
|
|
Packit Service |
384592 |
#include "http_connection.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "apr_optional.h"
|
|
Packit Service |
384592 |
#include "mod_log_config.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "msc_logging.h"
|
|
Packit Service |
384592 |
#include "msc_util.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "ap_mpm.h"
|
|
Packit Service |
384592 |
#include "scoreboard.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "apr_version.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "apr_lib.h"
|
|
Packit Service |
384592 |
#include "ap_config.h"
|
|
Packit Service |
384592 |
#include "http_config.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "api.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#ifdef WIN32
|
|
Packit Service |
384592 |
#include "msc_status_engine.h"
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
extern void *modsecLogObj;
|
|
Packit Service |
384592 |
extern void (*modsecLogHook)(void *obj, int level, char *str);
|
|
Packit Service |
384592 |
extern int (*modsecDropAction)(request_rec *r);
|
|
Packit Service |
384592 |
apr_status_t (*modsecReadBody)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos);
|
|
Packit Service |
384592 |
apr_status_t (*modsecReadResponse)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos);
|
|
Packit Service |
384592 |
apr_status_t (*modsecWriteBody)(request_rec *r, char *buf, unsigned int length);
|
|
Packit Service |
384592 |
apr_status_t (*modsecWriteResponse)(request_rec *r, char *buf, unsigned int length);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
extern const char *process_command_config(server_rec *s,
|
|
Packit Service |
384592 |
void *mconfig,
|
|
Packit Service |
384592 |
apr_pool_t *p,
|
|
Packit Service |
384592 |
apr_pool_t *ptemp,
|
|
Packit Service |
384592 |
const char *filename);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#define DECLARE_EXTERNAL_HOOK(ns,link,ret,name,args) \
|
|
Packit Service |
384592 |
extern ns##_HOOK_##name##_t *hookfn_##name;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#define DECLARE_HOOK(ret,name,args) \
|
|
Packit Service |
384592 |
DECLARE_EXTERNAL_HOOK(ap,AP,ret,name,args)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
DECLARE_HOOK(int,pre_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp))
|
|
Packit Service |
384592 |
DECLARE_HOOK(int,post_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp,server_rec *s))
|
|
Packit Service |
384592 |
DECLARE_HOOK(void,child_init,(apr_pool_t *pchild, server_rec *s))
|
|
Packit Service |
384592 |
DECLARE_HOOK(int,process_connection,(conn_rec *c))
|
|
Packit Service |
384592 |
DECLARE_HOOK(int,post_read_request,(request_rec *r))
|
|
Packit Service |
384592 |
DECLARE_HOOK(int,fixups,(request_rec *r))
|
|
Packit Service |
384592 |
DECLARE_HOOK(void, error_log, (const char *file, int line, int level,
|
|
Packit Service |
384592 |
apr_status_t status, const server_rec *s,
|
|
Packit Service |
384592 |
const request_rec *r, apr_pool_t *pool,
|
|
Packit Service |
384592 |
const char *errstr))
|
|
Packit Service |
384592 |
DECLARE_HOOK(int,log_transaction,(request_rec *r))
|
|
Packit Service |
384592 |
DECLARE_HOOK(void,insert_filter,(request_rec *r))
|
|
Packit Service |
384592 |
DECLARE_HOOK(void,insert_error_filter,(request_rec *r))
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
char *sa_name = "standalone";
|
|
Packit Service |
384592 |
const char *sa_name_argv[] = { "standalone", NULL };
|
|
Packit Service |
384592 |
server_rec *server;
|
|
Packit Service |
384592 |
apr_pool_t *pool = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *b,
|
|
Packit Service |
384592 |
ap_input_mode_t mode, apr_read_type_e block,
|
|
Packit Service |
384592 |
apr_off_t readbytes);
|
|
Packit Service |
384592 |
apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
server_rec *modsecInit() {
|
|
Packit Service |
384592 |
apr_initialize();
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_create(&pool, NULL);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_hook_global_pool = pool;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
server = apr_palloc(pool, sizeof(server_rec));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
server->addrs = apr_palloc(pool, sizeof(server_addr_rec));
|
|
Packit Service |
384592 |
server->addrs->host_addr = apr_palloc(pool, sizeof(apr_sockaddr_t));
|
|
Packit Service |
384592 |
server->addrs->host_addr->addr_str_len = 16;
|
|
Packit Service |
384592 |
server->addrs->host_addr->family = AF_INET;
|
|
Packit Service |
384592 |
server->addrs->host_addr->hostname = sa_name;
|
|
Packit Service |
384592 |
#ifdef WIN32
|
|
Packit Service |
384592 |
server->addrs->host_addr->ipaddr_len = sizeof(IN_ADDR);
|
|
Packit Service |
384592 |
#else
|
|
Packit Service |
384592 |
server->addrs->host_addr->ipaddr_len = sizeof(struct in_addr);
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
server->addrs->host_addr->ipaddr_ptr = &server->addrs->host_addr->sa.sin.sin_addr;
|
|
Packit Service |
384592 |
server->addrs->host_addr->pool = pool;
|
|
Packit Service |
384592 |
server->addrs->host_addr->port = 80;
|
|
Packit Service |
384592 |
#ifdef WIN32
|
|
Packit Service |
384592 |
server->addrs->host_addr->sa.sin.sin_addr.S_un.S_addr = 0x0100007f;
|
|
Packit Service |
384592 |
#else
|
|
Packit Service |
384592 |
server->addrs->host_addr->sa.sin.sin_addr.s_addr = 0x0100007f;
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
server->addrs->host_addr->sa.sin.sin_family = AF_INET;
|
|
Packit Service |
384592 |
server->addrs->host_addr->sa.sin.sin_port = 80;
|
|
Packit Service |
384592 |
server->addrs->host_addr->salen = sizeof(server->addrs->host_addr->sa);
|
|
Packit Service |
384592 |
server->addrs->host_addr->servname = sa_name;
|
|
Packit Service |
384592 |
server->addrs->host_port = 80;
|
|
Packit Service |
384592 |
server->error_fname = "error.log";
|
|
Packit Service |
384592 |
server->error_log = NULL;
|
|
Packit Service |
384592 |
server->limit_req_fields = 1024;
|
|
Packit Service |
384592 |
server->limit_req_fieldsize = 1024;
|
|
Packit Service |
384592 |
server->limit_req_line = 1024;
|
|
Packit Service |
384592 |
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3
|
|
Packit Service |
384592 |
server->loglevel = APLOG_DEBUG;
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
server->lookup_defaults = NULL;
|
|
Packit Service |
384592 |
server->module_config = NULL;
|
|
Packit Service |
384592 |
server->names = NULL;
|
|
Packit Service |
384592 |
#ifdef WIN32
|
|
Packit Service |
384592 |
server->path = "c:\\inetpub\\wwwroot";
|
|
Packit Service |
384592 |
#else
|
|
Packit Service |
384592 |
server->path = "/var/www";
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
server->pathlen = strlen(server->path);
|
|
Packit Service |
384592 |
server->port = 80;
|
|
Packit Service |
384592 |
server->process = apr_palloc(pool, sizeof(process_rec));
|
|
Packit Service |
384592 |
server->process->argc = 1;
|
|
Packit Service |
384592 |
server->process->argv = sa_name_argv;
|
|
Packit Service |
384592 |
server->process->pconf = pool;
|
|
Packit Service |
384592 |
server->process->pool = pool;
|
|
Packit Service |
384592 |
server->process->short_name = sa_name;
|
|
Packit Service |
384592 |
server->server_admin = sa_name;
|
|
Packit Service |
384592 |
server->server_hostname = sa_name;
|
|
Packit Service |
384592 |
server->server_scheme = "";
|
|
Packit Service |
384592 |
server->timeout = 60 * 1000000;// 60 seconds
|
|
Packit Service |
384592 |
server->wild_names = NULL;
|
|
Packit Service |
384592 |
server->is_virtual = 0;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_server_config_defines = apr_array_make(pool, 1, sizeof(char *));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
// here we should add scoreboard handling for multiple processes and threads
|
|
Packit Service |
384592 |
//
|
|
Packit Service |
384592 |
ap_scoreboard_image = (scoreboard *)apr_palloc(pool, sizeof(scoreboard));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
memset(ap_scoreboard_image, 0, sizeof(scoreboard));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
// ----------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
security2_module.module_index = 0;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
security2_module.register_hooks(pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_register_input_filter("HTTP_IN", ap_http_in_filter, NULL, AP_FTYPE_RESOURCE);
|
|
Packit Service |
384592 |
ap_register_output_filter("HTTP_OUT", ap_http_out_filter, NULL, AP_FTYPE_CONTENT_SET);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return server;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
|
|
Packit Service |
384592 |
ap_input_mode_t mode, apr_read_type_e block,
|
|
Packit Service |
384592 |
apr_off_t readbytes) {
|
|
Packit Service |
384592 |
char *tmp = NULL;
|
|
Packit Service |
384592 |
apr_bucket *e = NULL;
|
|
Packit Service |
384592 |
unsigned int readcnt = 0;
|
|
Packit Service |
384592 |
int is_eos = 0;
|
|
Packit Service |
384592 |
apr_bucket_brigade *bb_in;
|
|
Packit Service |
384592 |
apr_bucket *after;
|
|
Packit Service |
384592 |
apr_status_t rv;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
bb_in = modsecGetBodyBrigade(f->r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* use request brigade */
|
|
Packit Service |
384592 |
if (bb_in != NULL) {
|
|
Packit Service |
384592 |
if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb_in))) {
|
|
Packit Service |
384592 |
e = apr_bucket_eos_create(f->c->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_in, e);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
rv = apr_brigade_partition(bb_in, readbytes, &after);
|
|
Packit Service |
384592 |
if (rv != APR_SUCCESS && rv != APR_INCOMPLETE) {
|
|
Packit Service |
384592 |
return rv;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
for (e = APR_BRIGADE_FIRST(bb_in); e != after; e = APR_BRIGADE_FIRST(bb_in)) {
|
|
Packit Service |
384592 |
APR_BUCKET_REMOVE(e);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_out, e);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return APR_SUCCESS;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* call the callback */
|
|
Packit Service |
384592 |
if(modsecReadBody != NULL) {
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
tmp = (char *)apr_palloc(f->r->pool, readbytes);
|
|
Packit Service |
384592 |
modsecReadBody(f->r, tmp, readbytes, &readcnt, &is_eos);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
e = apr_bucket_pool_create(tmp, readcnt, f->r->pool, f->c->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_out, e);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(is_eos) {
|
|
Packit Service |
384592 |
e = apr_bucket_eos_create(f->c->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_out, e);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
return APR_SUCCESS;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* cannot read request body */
|
|
Packit Service |
384592 |
e = apr_bucket_eos_create(f->c->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_out, e);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return APR_SUCCESS;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) {
|
|
Packit Service |
384592 |
apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
APR_BRIGADE_CONCAT(bb_out, b);
|
|
Packit Service |
384592 |
return APR_SUCCESS;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecTerminate() {
|
|
Packit Service |
384592 |
apr_pool_destroy(pool);
|
|
Packit Service |
384592 |
pool = NULL;
|
|
Packit Service |
384592 |
apr_terminate();
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecStartConfig() {
|
|
Packit Service |
384592 |
apr_pool_t *ptemp = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_create(&ptemp, pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
hookfn_pre_config(pool, pool, ptemp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_destroy(ptemp);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
directory_config *modsecGetDefaultConfig() {
|
|
Packit Service |
384592 |
return (directory_config *)security2_module.create_dir_config(pool, NULL);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
const char *modsecProcessConfig(directory_config *config, const char *file, const char *dir) {
|
|
Packit Service |
384592 |
apr_pool_t *ptemp = NULL;
|
|
Packit Service |
384592 |
const char *err;
|
|
Packit Service |
384592 |
apr_status_t status;
|
|
Packit Service |
384592 |
const char *rootpath, *incpath;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(dir == NULL || strlen(dir) == 0)
|
|
Packit Service |
384592 |
#ifdef WIN32
|
|
Packit Service |
384592 |
dir = "\\";
|
|
Packit Service |
384592 |
#else
|
|
Packit Service |
384592 |
dir = "/";
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
incpath = file;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* locate the start of the directories proper */
|
|
Packit Service |
384592 |
status = apr_filepath_root(&rootpath, &incpath, APR_FILEPATH_TRUENAME | APR_FILEPATH_NATIVE, config->mp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* we allow APR_SUCCESS and APR_EINCOMPLETE */
|
|
Packit Service |
384592 |
if (APR_ERELATIVE == status) {
|
|
Packit Service |
384592 |
int li = strlen(dir) - 1;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(dir[li] != '/' && dir[li] != '\\')
|
|
Packit Service |
384592 |
#ifdef WIN32
|
|
Packit Service |
384592 |
file = apr_pstrcat(config->mp, dir, "\\", file, NULL);
|
|
Packit Service |
384592 |
#else
|
|
Packit Service |
384592 |
file = apr_pstrcat(config->mp, dir, "/", file, NULL);
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
else
|
|
Packit Service |
384592 |
file = apr_pstrcat(config->mp, dir, file, NULL);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
else if (APR_EBADPATH == status) {
|
|
Packit Service |
384592 |
return apr_pstrcat(config->mp, "Config file has a bad path, ", file, NULL);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_create(&ptemp, config->mp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
err = process_command_config(server, config, config->mp, ptemp, file);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_destroy(ptemp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return err;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecFinalizeConfig() {
|
|
Packit Service |
384592 |
apr_pool_t *ptemp = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_create(&ptemp, pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
hookfn_post_config(pool, pool, ptemp, server);
|
|
Packit Service |
384592 |
hookfn_post_config(pool, pool, ptemp, server);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_destroy(ptemp);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecInitProcess() {
|
|
Packit Service |
384592 |
hookfn_child_init(pool, server);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
conn_rec *modsecNewConnection() {
|
|
Packit Service |
384592 |
conn_rec *c;
|
|
Packit Service |
384592 |
apr_pool_t *pc = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_create(&pc, pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
c = apr_pcalloc(pc, sizeof(conn_rec));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
c->base_server = server;
|
|
Packit Service |
384592 |
c->id = 1;
|
|
Packit Service |
384592 |
c->local_addr = server->addrs->host_addr;
|
|
Packit Service |
384592 |
c->local_host = sa_name;
|
|
Packit Service |
384592 |
c->local_ip = "127.0.0.1";
|
|
Packit Service |
384592 |
c->pool = pc;
|
|
Packit Service |
384592 |
c->remote_host = sa_name;
|
|
Packit Service |
384592 |
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3
|
|
Packit Service |
384592 |
c->remote_ip = "127.0.0.1";
|
|
Packit Service |
384592 |
c->remote_addr = server->addrs->host_addr;
|
|
Packit Service |
384592 |
#else
|
|
Packit Service |
384592 |
c->client_ip = "127.0.0.1";
|
|
Packit Service |
384592 |
c->client_addr = server->addrs->host_addr;
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
c->input_filters = NULL;
|
|
Packit Service |
384592 |
c->output_filters = NULL;
|
|
Packit Service |
384592 |
c->bucket_alloc = apr_bucket_alloc_create(pc);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return c;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecProcessConnection(conn_rec *c) {
|
|
Packit Service |
384592 |
hookfn_process_connection(c);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
request_rec *modsecNewRequest(conn_rec *connection, directory_config *config) {
|
|
Packit Service |
384592 |
request_rec *r;
|
|
Packit Service |
384592 |
apr_pool_t *pr = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
apr_pool_create(&pr, connection->pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
r = apr_pcalloc(pr, sizeof(request_rec));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
r->connection = connection;
|
|
Packit Service |
384592 |
r->server = server;
|
|
Packit Service |
384592 |
r->pool = pr;
|
|
Packit Service |
384592 |
r->main = NULL;
|
|
Packit Service |
384592 |
r->next = NULL;
|
|
Packit Service |
384592 |
r->notes = apr_table_make(pr, 10);
|
|
Packit Service |
384592 |
r->per_dir_config = apr_palloc(pr, sizeof(void *));
|
|
Packit Service |
384592 |
((void **)r->per_dir_config)[0] = config;
|
|
Packit Service |
384592 |
r->prev = NULL;
|
|
Packit Service |
384592 |
r->subprocess_env = apr_table_make(pr, 10);
|
|
Packit Service |
384592 |
apr_table_setn(r->subprocess_env, "UNIQUE_ID", "unique_id");
|
|
Packit Service |
384592 |
r->user = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
r->headers_in = apr_table_make(pr, 10);
|
|
Packit Service |
384592 |
r->headers_out = apr_table_make(pr, 10);
|
|
Packit Service |
384592 |
r->err_headers_out = apr_table_make(pr, 10);
|
|
Packit Service |
384592 |
//apr_table_setn(r->headers_in, "Host", "www.google.com");
|
|
Packit Service |
384592 |
//apr_table_setn(r->headers_in, "", "");
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
r->the_request = "GET /../../index.html HTTP/1.1";
|
|
Packit Service |
384592 |
r->method = "GET";
|
|
Packit Service |
384592 |
r->method_number = M_GET;
|
|
Packit Service |
384592 |
r->protocol = "HTTP/1.1";
|
|
Packit Service |
384592 |
r->uri = "http://www.google.com/../../index.html";
|
|
Packit Service |
384592 |
r->args = "";
|
|
Packit Service |
384592 |
r->filename = "/../../index.html";
|
|
Packit Service |
384592 |
r->handler = "IIS";
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
r->parsed_uri.scheme = "http";
|
|
Packit Service |
384592 |
r->parsed_uri.path = "/../../index.html";
|
|
Packit Service |
384592 |
r->parsed_uri.hostname = "www.google.com";
|
|
Packit Service |
384592 |
r->parsed_uri.is_initialized = 1;
|
|
Packit Service |
384592 |
r->parsed_uri.port = 1234;
|
|
Packit Service |
384592 |
r->parsed_uri.port_str = "1234";
|
|
Packit Service |
384592 |
r->parsed_uri.query = "";
|
|
Packit Service |
384592 |
r->parsed_uri.dns_looked_up = 0;
|
|
Packit Service |
384592 |
r->parsed_uri.dns_resolved = 0;
|
|
Packit Service |
384592 |
r->parsed_uri.password = NULL;
|
|
Packit Service |
384592 |
r->parsed_uri.user = NULL;
|
|
Packit Service |
384592 |
r->parsed_uri.fragment = "";
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
r->input_filters = NULL;
|
|
Packit Service |
384592 |
r->output_filters = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return r;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
static modsec_rec *retrieve_msr(request_rec *r) {
|
|
Packit Service |
384592 |
modsec_rec *msr = NULL;
|
|
Packit Service |
384592 |
request_rec *rx = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Look in the current request first. */
|
|
Packit Service |
384592 |
msr = (modsec_rec *)apr_table_get(r->notes, NOTE_MSR);
|
|
Packit Service |
384592 |
if (msr != NULL) {
|
|
Packit Service |
384592 |
msr->r = r;
|
|
Packit Service |
384592 |
return msr;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* If this is a subrequest then look in the main request. */
|
|
Packit Service |
384592 |
if (r->main != NULL) {
|
|
Packit Service |
384592 |
msr = (modsec_rec *)apr_table_get(r->main->notes, NOTE_MSR);
|
|
Packit Service |
384592 |
if (msr != NULL) {
|
|
Packit Service |
384592 |
msr->r = r;
|
|
Packit Service |
384592 |
return msr;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* If the request was redirected then look in the previous requests. */
|
|
Packit Service |
384592 |
rx = r->prev;
|
|
Packit Service |
384592 |
while(rx != NULL) {
|
|
Packit Service |
384592 |
msr = (modsec_rec *)apr_table_get(rx->notes, NOTE_MSR);
|
|
Packit Service |
384592 |
if (msr != NULL) {
|
|
Packit Service |
384592 |
msr->r = r;
|
|
Packit Service |
384592 |
return msr;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
rx = rx->prev;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return NULL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecProcessRequestHeaders(request_rec *r) {
|
|
Packit Service |
384592 |
return hookfn_post_read_request(r);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecProcessRequestBody(request_rec *r) {
|
|
Packit Service |
384592 |
int status = DECLINED;
|
|
Packit Service |
384592 |
modsec_rec *msr = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_filter_t *f = ap_add_input_filter("HTTP_IN", NULL, r, r->connection);
|
|
Packit Service |
384592 |
apr_bucket_brigade* bb_out;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
status = hookfn_fixups(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_remove_input_filter(f);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (status != DECLINED) {
|
|
Packit Service |
384592 |
return status;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
hookfn_insert_filter(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Find the transaction context first. */
|
|
Packit Service |
384592 |
msr = retrieve_msr(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (msr == NULL)
|
|
Packit Service |
384592 |
return status;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
bb_out = modsecGetBodyBrigade(r);
|
|
Packit Service |
384592 |
if (bb_out) {
|
|
Packit Service |
384592 |
(void) apr_brigade_cleanup(bb_out);
|
|
Packit Service |
384592 |
status = ap_get_brigade(r->input_filters, bb_out, AP_MODE_READBYTES, APR_BLOCK_READ, -1);
|
|
Packit Service |
384592 |
if (status == APR_SUCCESS) {
|
|
Packit Service |
384592 |
return DECLINED;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
return status;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(msr->stream_input_data != NULL && modsecWriteBody != NULL)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
// target is responsible for copying the data into correctly managed buffer
|
|
Packit Service |
384592 |
//
|
|
Packit Service |
384592 |
modsecWriteBody(r, msr->stream_input_data, msr->stream_input_length);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
free(msr->stream_input_data);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
msr->stream_input_data = NULL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
// leftover code possibly for future use
|
|
Packit Service |
384592 |
//
|
|
Packit Service |
384592 |
//if(r->input_filters != NULL && r->input_filters->frec->filter_init_func != NULL)
|
|
Packit Service |
384592 |
//r->input_filters->frec->filter_init_func(r->input_filters);
|
|
Packit Service |
384592 |
//if(r->input_filters != NULL && r->input_filters->frec->filter_func.in_func != NULL)
|
|
Packit Service |
384592 |
//r->input_filters->frec->filter_func.in_func(r->input_filters, NULL, 0, 0, 0);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return status;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetConfigForIISRequestBody(request_rec *r)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
modsec_rec *msr = retrieve_msr(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(msr == NULL || msr->txcfg == NULL)
|
|
Packit Service |
384592 |
return;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(msr->txcfg->reqbody_access)
|
|
Packit Service |
384592 |
msr->txcfg->stream_inbody_inspection = 1;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecContextState(request_rec *r)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
modsec_rec *msr = retrieve_msr(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(msr == NULL || msr->txcfg == NULL)
|
|
Packit Service |
384592 |
return NOT_SET;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return msr->txcfg->is_enabled;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecIsRequestBodyAccessEnabled(request_rec *r)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
modsec_rec *msr = retrieve_msr(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(msr == NULL || msr->txcfg == NULL)
|
|
Packit Service |
384592 |
return 0;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return msr->txcfg->reqbody_access;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecIsResponseBodyAccessEnabled(request_rec *r)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
modsec_rec *msr = retrieve_msr(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(msr == NULL || msr->txcfg == NULL)
|
|
Packit Service |
384592 |
return 0;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return msr->txcfg->resbody_access;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecProcessResponse(request_rec *r) {
|
|
Packit Service |
384592 |
int status;
|
|
Packit Service |
384592 |
modsec_rec *msr;
|
|
Packit Service |
384592 |
apr_bucket *e;
|
|
Packit Service |
384592 |
ap_filter_t *f;
|
|
Packit Service |
384592 |
apr_bucket_brigade *bb_in, *bb_out, *bb;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(r->output_filters == NULL) {
|
|
Packit Service |
384592 |
return DECLINED;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
msr = (modsec_rec *)r->output_filters->ctx;
|
|
Packit Service |
384592 |
if (msr == NULL) {
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
|
|
Packit Service |
384592 |
"ModSecurity: Internal Error: msr is null in output filter.");
|
|
Packit Service |
384592 |
ap_remove_output_filter(r->output_filters);
|
|
Packit Service |
384592 |
return APR_EGENERAL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
msr->r = r;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* create input response brigade */
|
|
Packit Service |
384592 |
bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (bb_in == NULL) {
|
|
Packit Service |
384592 |
msr_log(msr, 1, "Process response: Failed to create brigade.");
|
|
Packit Service |
384592 |
return APR_EGENERAL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* get input response brigade */
|
|
Packit Service |
384592 |
bb = modsecGetResponseBrigade(r);
|
|
Packit Service |
384592 |
if (bb != NULL) {
|
|
Packit Service |
384592 |
APR_BRIGADE_CONCAT(bb_in, bb);
|
|
Packit Service |
384592 |
if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb_in))) {
|
|
Packit Service |
384592 |
e = apr_bucket_eos_create(bb_in->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_in, e);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
} else if (modsecReadResponse != NULL) {
|
|
Packit Service |
384592 |
unsigned int readcnt = 0;
|
|
Packit Service |
384592 |
int is_eos = 0;
|
|
Packit Service |
384592 |
char buf[8192];
|
|
Packit Service |
384592 |
while(!is_eos) {
|
|
Packit Service |
384592 |
modsecReadResponse(r, buf, 8192, &readcnt, &is_eos);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if(readcnt > 0) {
|
|
Packit Service |
384592 |
char *tmp = (char *)apr_palloc(r->pool, readcnt);
|
|
Packit Service |
384592 |
memcpy(tmp, buf, readcnt);
|
|
Packit Service |
384592 |
e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_in, e);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
e = apr_bucket_eos_create(r->connection->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_in, e);
|
|
Packit Service |
384592 |
} else {
|
|
Packit Service |
384592 |
/* cannot read response body process header only */
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
e = apr_bucket_eos_create(r->connection->bucket_alloc);
|
|
Packit Service |
384592 |
APR_BRIGADE_INSERT_TAIL(bb_in, e);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
bb_out = bb ? bb : apr_brigade_create(msr->mp, r->connection->bucket_alloc);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (bb_out == NULL) {
|
|
Packit Service |
384592 |
msr_log(msr, 1, "Process response: Failed to create brigade.");
|
|
Packit Service |
384592 |
return APR_EGENERAL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* concat output bucket to bb_out */
|
|
Packit Service |
384592 |
f = ap_add_output_filter("HTTP_OUT", bb_out, r, r->connection);
|
|
Packit Service |
384592 |
status = ap_pass_brigade(r->output_filters, bb_in);
|
|
Packit Service |
384592 |
ap_remove_output_filter(f);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (status == APR_EGENERAL) {
|
|
Packit Service |
384592 |
/* retrive response status from bb_out */
|
|
Packit Service |
384592 |
for(e = APR_BRIGADE_FIRST(bb_out);
|
|
Packit Service |
384592 |
e != APR_BRIGADE_SENTINEL(bb_out);
|
|
Packit Service |
384592 |
e = APR_BUCKET_NEXT(e)) {
|
|
Packit Service |
384592 |
if (AP_BUCKET_IS_ERROR(e)) {
|
|
Packit Service |
384592 |
return ((ap_bucket_error*) e->data)->status;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
return APR_EGENERAL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (status != DECLINED) {
|
|
Packit Service |
384592 |
return status;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* copy bb_out */
|
|
Packit Service |
384592 |
// is there a way to tell whether the response body was modified or not?
|
|
Packit Service |
384592 |
if (modsecWriteResponse != NULL
|
|
Packit Service |
384592 |
&& (msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0)
|
|
Packit Service |
384592 |
&& msr->txcfg->resbody_access) {
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
char *data = NULL;
|
|
Packit Service |
384592 |
apr_size_t length;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
status = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (status != APR_SUCCESS) {
|
|
Packit Service |
384592 |
msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", status,
|
|
Packit Service |
384592 |
get_apr_error(msr->mp, status));
|
|
Packit Service |
384592 |
return APR_EGENERAL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if ( modsecWriteResponse(msr->r, data, msr->stream_output_length) != APR_SUCCESS) {
|
|
Packit Service |
384592 |
return APR_EGENERAL;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return DECLINED;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
int modsecFinishRequest(request_rec *r) {
|
|
Packit Service |
384592 |
// run output filter
|
|
Packit Service |
384592 |
//if(r->output_filters != NULL && r->output_filters->frec->filter_init_func != NULL)
|
|
Packit Service |
384592 |
//r->output_filters->frec->filter_init_func(r->output_filters);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
hookfn_log_transaction(r);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
// make sure you cleanup before calling apr_terminate()
|
|
Packit Service |
384592 |
// otherwise double-free might occur, because of the request body pool cleanup function
|
|
Packit Service |
384592 |
//
|
|
Packit Service |
384592 |
apr_pool_destroy(r->pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return DECLINED;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
// destroy only the connection pool
|
|
Packit Service |
384592 |
int modsecFinishConnection(conn_rec *c)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
apr_pool_destroy(c->pool);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return 0;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str)) {
|
|
Packit Service |
384592 |
modsecLogObj = obj;
|
|
Packit Service |
384592 |
modsecLogHook = hook;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetReadBody(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos)) {
|
|
Packit Service |
384592 |
modsecReadBody = func;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetReadResponse(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos)) {
|
|
Packit Service |
384592 |
modsecReadResponse = func;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetWriteBody(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length)) {
|
|
Packit Service |
384592 |
modsecWriteBody = func;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetWriteResponse(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length)) {
|
|
Packit Service |
384592 |
modsecWriteResponse = func;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecSetDropAction(int (*func)(request_rec *r)) {
|
|
Packit Service |
384592 |
modsecDropAction = func;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/*
|
|
Packit Service |
384592 |
* Case SecServerSignature was used, this function returns the banner that
|
|
Packit Service |
384592 |
* should be used, otherwise it returns NULL.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
const char *modsecIsServerSignatureAvailale(void) {
|
|
Packit Service |
384592 |
return new_server_signature;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#ifdef VERSION_IIS
|
|
Packit Service |
384592 |
void modsecStatusEngineCall()
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
if (status_engine_state != STATUS_ENGINE_DISABLED) {
|
|
Packit Service |
384592 |
msc_status_engine_call();
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
else {
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
|
Packit Service |
384592 |
"Status engine is currently disabled, enable it by set " \
|
|
Packit Service |
384592 |
"SecStatusEngine to On.\n");
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void modsecReportRemoteLoadedRules()
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
#ifdef WITH_REMOTE_RULES
|
|
Packit Service |
384592 |
if (remote_rules_server != NULL)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
if (remote_rules_server->amount_of_rules == 1)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
|
Packit Service |
384592 |
"ModSecurity: Loaded %d rule from: '%s'.",
|
|
Packit Service |
384592 |
remote_rules_server->amount_of_rules,
|
|
Packit Service |
384592 |
remote_rules_server->uri);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
else
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
|
Packit Service |
384592 |
"ModSecurity: Loaded %d rules from: '%s'.",
|
|
Packit Service |
384592 |
remote_rules_server->amount_of_rules,
|
|
Packit Service |
384592 |
remote_rules_server->uri);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
#endif
|
|
Packit Service |
384592 |
if (remote_rules_fail_message != NULL)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \
|
|
Packit Service |
384592 |
"Problems loading external resources: %s",
|
|
Packit Service |
384592 |
remote_rules_fail_message);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
#endif
|