Changes - j0ke.net Open Build Service

Changes of Revision 16

[-] [+]	Changed	nginx-1.2.changes
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Sat Oct 20 18:03:39 UTC 2012 - cs@linux-administrator.com + +- update modsecurity to 2.7.0 + * http://www.modsecurity.org/projects/modsecurity/nginx/index.html + +------------------------------------------------------------------- Sun Oct 7 14:07:47 UTC 2012 - cs@linux-administrator.com - added dav_ext_module
[-] [+]	Changed	nginx-1.2.spec ^
@@ -15,7 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define modsec_name modsecurity-apache -%define modsec_version 2.7.0-rc3 +%define modsec_version 2.7.0 %define modsec %{modsec_name}_%{modsec_version} %define ajp_name yaoweibin-nginx_ajp_module @@ -133,7 +133,6 @@ # Patch10: modsec-config.patch -Patch11: modsecurity-ngx_http_preaccess_phase.patch Summary: A HTTP server and IMAP/POP3 proxy server %description nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev. @@ -152,7 +151,6 @@ %if 0%{?with_modsec} cd %{modsec} %patch10 -%patch11 cd .. %endif %if 0%{?with_ajp}
[-] [+]	Deleted	modsecurity-ngx_http_preaccess_phase.patch ^
@@ -1,11 +0,0 @@ ---- nginx/modsecurity/ngx_http_modsecurity_module.c.orig 2012-09-24 22:17:34.271614389 +0200 -+++ nginx/modsecurity/ngx_http_modsecurity_module.c 2012-09-24 22:17:48.251615273 +0200 -@@ -175,7 +175,7 @@ - } - - /* Register for pre access phase */ -- h = ngx_array_push(&cmcf->phases[NGX_HTTP_PRE_ACCESS_PHASE].handlers); -+ h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers); - if (h == NULL) { - return NGX_ERROR; - }
[-] [+]	Deleted	modsecurity-apache_2.7.0-rc3.tar.bz2/nginx/modsecurity/ngx_http_modsecurity_module.c ^
@@ -1,438 +0,0 @@ -/* -* ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) -* -* You may not use this file except in compliance with -* the License. You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* If any of the files related to licensing are missing or if you have any -* other questions related to licensing please contact Trustwave Holdings, Inc. -* directly using the email address security@modsecurity.org. -/ - -#include <nginx.h> -#include <ngx_config.h> -#include <ngx_core.h> -#include <ngx_http.h> -#include <ngx_event.h> -#include <ngx_http_core_module.h> -#include <ctype.h> -#include <sys/times.h> - -#undef CR -#undef LF -#undef CRLF - -#include "api.h" - -extern ngx_module_t ngx_http_modsecurity_module; - -typedef struct { - ngx_flag_t enabled; - char config_path; - directory_config config; -} ngx_http_modsecurity_loc_conf_t; - -typedef struct { - conn_rec connection; -} ngx_http_modsecurity_ctx_t; - - -/* -** Module's registred function/handlers. -/ -static ngx_int_t ngx_http_modsecurity_handler(ngx_http_request_t r); -static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t cf); -static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t cycle); -static void ngx_http_modsecurity_exit_process(ngx_cycle_t cycle); -static void ngx_http_modsecurity_create_loc_conf(ngx_conf_t cf); -static char ngx_http_modsecurity_merge_loc_conf(ngx_conf_t cf, void parent, void child); -//static ngx_int_t ngx_http_read_request_body(ngx_http_request_t req, ngx_http_client_body_handler_pt handler); -static char ngx_http_modsecurity_set_config(ngx_conf_t cf, ngx_command_t cmd, void conf); - - -/* command handled by the module / -static ngx_command_t ngx_http_modsecurity_commands[] = { - { ngx_string("ModSecurityConfig"), - NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_HTTP_LOC_CONF\|NGX_CONF_TAKE1, -#ifdef zzz_ - ngx_http_modsecurity_set_config, - NGX_HTTP_LOC_CONF_OFFSET, - 0, -#else - ngx_conf_set_str_slot, - NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_modsecurity_loc_conf_t, config_path), -#endif - NULL }, - { ngx_string("ModSecurityEnabled"), - NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_HTTP_SIF_CONF - \|NGX_HTTP_LOC_CONF\|NGX_HTTP_LIF_CONF\|NGX_CONF_TAKE1, - ngx_conf_set_flag_slot, - NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_modsecurity_loc_conf_t, enabled), - NULL }, - ngx_null_command -}; - -/ -** handlers for configuration phases of the module -/ - -static ngx_http_module_t ngx_http_modsecurity_module_ctx = { - NULL, / preconfiguration / - ngx_http_modsecurity_init, / postconfiguration / - - NULL, / create main configuration / - NULL, / init main configuration / - - NULL, / create server configuration / - NULL, / merge server configuration / - - ngx_http_modsecurity_create_loc_conf, / create location configuration / - ngx_http_modsecurity_merge_loc_conf / merge location configuration / -}; - - -ngx_module_t ngx_http_modsecurity_module = { - NGX_MODULE_V1, - &ngx_http_modsecurity_module_ctx, / module context / - ngx_http_modsecurity_commands, / module directives / - NGX_HTTP_MODULE, / module type / - NULL, / init master / - NULL, / init module / - ngx_http_modsecurity_init_process, / init process / - NULL, / init thread / - NULL, / exit thread / - ngx_http_modsecurity_exit_process, / exit process / - NULL, / exit master / - NGX_MODULE_V1_PADDING -}; - -/ create loc conf struct / -static void -ngx_http_modsecurity_create_loc_conf(ngx_conf_t cf) -{ - ngx_http_modsecurity_loc_conf_t conf; - - conf = (ngx_http_modsecurity_loc_conf_t ) ngx_pcalloc(cf->pool, sizeof(ngx_http_modsecurity_loc_conf_t)); - if (conf == NULL) - return NULL; - - conf->enabled = NGX_CONF_UNSET; - conf->config_path = NULL; - conf->config = NULL; - - return conf; -} - -/ merge loc conf / -static char -ngx_http_modsecurity_merge_loc_conf(ngx_conf_t cf, void parent, - void child) -{ - ngx_http_modsecurity_loc_conf_t prev = parent; - ngx_http_modsecurity_loc_conf_t conf = child; - - ngx_conf_merge_value(conf->enabled, prev->enabled, 0); - - if (conf->config == NULL) { - conf->config = prev->config; - } - - if (conf->config_path == NULL) { - conf->config_path = prev->config_path; - } - - -// ngx_conf_log_error(NGX_LOG_DEBUG_HTTP, cf, 0, -// "merging loc conf: %s", conf->config_path); - - return NGX_CONF_OK; -} - -void -modsecLog(void obj, int level, char str) -{ - if (obj != NULL) - ngx_log_error(NGX_LOG_INFO, (ngx_log_t )obj, 0, "%s", str); -} - -/* -** This function sets up handlers for PRE_ACCESS_PHASE, -/ -static ngx_int_t -ngx_http_modsecurity_init(ngx_conf_t cf) -{ - ngx_http_handler_pt h; - ngx_http_core_main_conf_t cmcf; - - cmcf = (ngx_http_core_main_conf_t ) ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); - if (cmcf == NULL) { - return NGX_ERROR; - } - - / Register for pre access phase / - h = ngx_array_push(&cmcf->phases[NGX_HTTP_PRE_ACCESS_PHASE].handlers); - if (h == NULL) { - return NGX_ERROR; - } - h = ngx_http_modsecurity_handler; - - return NGX_OK; -} - -static ngx_int_t -ngx_http_modsecurity_init_process(ngx_cycle_t cycle) -{ - cycle->log->log_level = NGX_LOG_INFO; - - modsecSetLogHook(cycle->log, modsecLog); - - modsecInit(); - modsecStartConfig(); - modsecFinalizeConfig(); - modsecInitProcess(); - - return NGX_OK; -} - -static void -ngx_http_modsecurity_exit_process(ngx_cycle_t cycle) -{ - // we are exiting process anyway and if the request was not finished properly - // the pool cleanup function for ModSecurity might break the termination process - // - //modsecTerminate(); -} - -/* This is a temporary hack to make PCRE work with ModSecurity -** nginx hijacks pcre_malloc and pcre_free, so we have to re-hijack them -/ -extern apr_pool_t pool; - -void * -modsec_pcre_malloc(size_t size) -{ - return apr_palloc(pool, size); -} - -void -modsec_pcre_free(void ptr) -{ -} - -char -ConvertNgxStringToUTF8(ngx_str_t str, apr_pool_t pool) -{ - char t = (char ) apr_palloc(pool, str.len + 1); - - ngx_memcpy(t, str.data, str.len); - t[str.len] = 0; - - return t; -} - -/ - ** Create payload handler for calling request body function - / -void -ngx_http_dummy_payload_handler(ngx_http_request_t req) -{ - ngx_http_finalize_request(req, NGX_DONE); -} - - -/* - * XXX: needs rewrite and testing - ** If method is POST or PUT, read request body and put in req->request_body->bufs - / -#ifdef zz -static ngx_int_t -ngx_http_read_request_body(ngx_http_request_t req, - ngx_http_client_body_handler_pt handler) -{ - // If has body request treat it - ngx_int_t rc = 0; - - if (req->method == NGX_HTTP_POST \|\| req->method==NGX_HTTP_PUT) { - //calling request body function - rc = ngx_http_read_client_request_body(req, ngx_http_dummy_payload_handler); - } - //If some error, returns rc - if (rc == NGX_ERROR \|\| rc >= NGX_HTTP_SPECIAL_RESPONSE) { - return rc; - } - //Has the end of request body? - if (rc == NGX_AGAIN) { - return NGX_DONE; - } - - return NGX_DECLINED; -} -#endif - -/* -** [ENTRY POINT] does : this function called by nginx from the request handler -/ -static ngx_int_t -ngx_http_modsecurity_handler(ngx_http_request_t req) -{ - ngx_http_modsecurity_loc_conf_t cf; - ngx_http_modsecurity_ctx_t ctx; - request_rec r; - ngx_list_part_t part; - ngx_table_elt_t h; - ngx_uint_t i; - int status; - conn_rec connection; - const char msg; - - / Process only main request / - if (req != req->main \|\| req->internal) { - return NGX_DECLINED; - } - - cf = ngx_http_get_module_loc_conf(req, ngx_http_modsecurity_module); - if (!cf) { - return NGX_ERROR; - } - - if (!cf->enabled) { - return NGX_DECLINED; - } - - / XXX: temporary hack, nginx uses pcre as well and hijacks these two / - pcre_malloc = modsec_pcre_malloc; - pcre_free = modsec_pcre_free; - - ctx = ngx_http_get_module_ctx(req, ngx_http_modsecurity_module); - if (ctx == NULL) { - ctx = (ngx_http_modsecurity_ctx_t ) ngx_pcalloc(req->pool, sizeof(ngx_http_modsecurity_ctx_t)); - if (ctx == NULL) { - ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "ModSecurity: ctx memory allocation error"); - return NGX_ERROR; - } - ngx_http_set_ctx(req, ctx, ngx_http_modsecurity_module); - } - - - if (cf->config == NULL) { - cf->config = modsecGetDefaultConfig(); - - msg = modsecProcessConfig(cf->config, cf->config_path); - if (msg != NULL) { - ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "ModSecurity: modsecProcessConfig() %s", msg); - return NGX_ERROR; - } - } - - if (req->connection->requests == 0 \|\| ctx->connection == NULL) { - ctx->connection = modsecNewConnection(); - modsecProcessConnection(ctx->connection); - } - - r = modsecNewRequest(ctx->connection, cf->config); - r->request_time = apr_time_now(); - r->method = ConvertNgxStringToUTF8(req->method_name, r->pool); - r->path_info = ConvertNgxStringToUTF8(req->unparsed_uri, r->pool); - r->unparsed_uri = ConvertNgxStringToUTF8(req->unparsed_uri, r->pool); - r->uri = r->unparsed_uri; - r->the_request = ConvertNgxStringToUTF8(req->request_line, r->pool); - r->args = ConvertNgxStringToUTF8(req->args, r->pool); - r->filename = r->path_info; - - r->parsed_uri.scheme = "http"; - r->parsed_uri.path = r->path_info; - r->parsed_uri.is_initialized = 1; - r->parsed_uri.port = 80; - r->parsed_uri.port_str = "80"; - r->parsed_uri.query = r->args; - r->parsed_uri.dns_looked_up = 0; - r->parsed_uri.dns_resolved = 0; - r->parsed_uri.password = NULL; - r->parsed_uri.user = NULL; - r->parsed_uri.fragment = ConvertNgxStringToUTF8(req->exten, r->pool); - - part = &req->headers_in.headers.part; - h = part->elts; - - for (i = 0; ; i++) { - if (i >= part->nelts) { - if (part->next == NULL) - break; - - part = part->next; - h = part->elts; - i = 0; - } - - apr_table_setn(r->headers_in, ConvertNgxStringToUTF8(h[i].key, r->pool), - ConvertNgxStringToUTF8(h[i].value, r->pool)); - } - - apr_table_setn(r->subprocess_env, "UNIQUE_ID", "12345"); - -/* - ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "ModSecurity: %s", r->uri); -/ - / XXX: need correct request body handler / -/ - ngx_http_read_request_body(req, ngx_http_dummy_payload_handler); - - if (req->headers_in.content_length) { - ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "request body: %s", req->request_body->bufs); - } else { - ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "request body: "); - } -/ - - status = modsecProcessRequest(r); - - modsecFinishRequest(r); - - if (status != DECLINED) { - ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "ModSecurity: status: %d", status); - - / XXX: not implemented in standalone / - / - ngx_http_clear_accept_ranges(req); - ngx_http_clear_last_modified(req); - ngx_http_clear_content_length(req); - - return NGX_HTTP_INTERNAL_SERVER_ERROR; - / - return NGX_DECLINED; - } - - return NGX_DECLINED; -} - -static char -ngx_http_modsecurity_set_config(ngx_conf_t cf, ngx_command_t cmd, void conf) -{ - ngx_http_modsecurity_loc_conf_t ucf = conf; - ngx_str_t value; - - value = cf->args->elts; - - if (cf->args->nelts == 0 \|\| value[1].len == 0) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "ModSecurity: config path required"); - return NGX_CONF_ERROR; - } - - / not sure if we have to copy it in a buffed or use directly / - / XXX: need to check if path is absolute or relative and exists / - ucf->config_path = (char ) ngx_pcalloc(cf->pool, value[1].len + 1); - if (ucf->config_path == NULL) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "ModSecurity: config path memory allocation error"); - return NGX_CONF_ERROR; - } - ngx_memcpy(ucf->config_path, value[1].data, value[1].len); - - return NGX_CONF_OK; -}
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/CHANGES ^
@@ -1,4 +1,32 @@ -XX NNN 2012 - 2.7.0-rc3 +15 Oct 2012 - 2.7.0 +------------------- + + * Fixed Pause action should work as a disruptive action (MODSEC-297). + + * Fixed Problem loading mod_env variables in phase 2 (MODSEC-226). + + * Fixed Detect cookie v0 separator and use it for parsing (MODSEC-261). + + * Fixed Variable REMOTE_ADDR with wrong IP address in NGINX version (MODSEC-337). + + * Fixed Errors compiling NGINX version. + + * Added Include directive into standalone module. IIS and NGINX module should + support Include directive like Apache2. + + * Added MULTIPART_INVALID_PART flag. Also used in rule id 200002 for multipart strict + validation. + + * Updated Reference Manual. + +25 Sep 2012 - 2.6.8 +------------------- + + * Fixed ctl:ruleRemoveTargetByID order issue (MODSEC-333). Thanks to Armadillo Dasypodidae. + + * Fixed variable HIGHEST_SEVERITY incorrectly gets reset in a chain rule (MODSEC-315). Thanks to Valery Reznic. + +10 Sep 2012 - 2.7.0-rc3 ------------------- * Fixed requests bigger than SecRequestBodyNoFilesLimit were truncated even engine mode was detection only.
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/apache2.h ^
@@ -90,7 +90,7 @@ void DSOLOCAL msr_log_warn(modsec_rec msr, const char text, ...) PRINTF_ATTRIBUTE(2,3); -char DSOLOCAL format_error_log_message(apr_pool_t mp, error_message em); +char DSOLOCAL format_error_log_message(apr_pool_t mp, error_message_t em); const DSOLOCAL char get_response_protocol(request_rec r);
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/apache2_util.c ^
@@ -328,7 +328,7 @@ /** * Converts an Apache error log message into one line of text. / -char format_error_log_message(apr_pool_t mp, error_message em) { +char format_error_log_message(apr_pool_t mp, error_message_t em) { char s_file = "", s_line = "", s_level = ""; char s_status = "", s_message = ""; char *msg = NULL;
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/mod_security2.c ^
@@ -301,6 +301,13 @@ msr->allow_scope = ACTION_ALLOW; break; + case ACTION_PAUSE : + status = DECLINED; + message = apr_psprintf(msr->mp, "Paused Access%s.", phase_text); + msr->was_intercepted = 0; + msr->allow_scope = ACTION_ALLOW; + break; + case ACTION_ALLOW_PHASE : status = DECLINED; message = apr_psprintf(msr->mp, "Access to phase allowed%s.", phase_text); @@ -457,7 +464,7 @@ } /* Populate tx fields / - msr->error_messages = apr_array_make(msr->mp, 5, sizeof(error_message )); + msr->error_messages = apr_array_make(msr->mp, 5, sizeof(error_message_t )); msr->alerts = apr_array_make(msr->mp, 5, sizeof(char )); msr->server_software = real_server_signature; @@ -964,7 +971,7 @@ #endif { modsec_rec msr = NULL; - error_message em = NULL; + error_message_t em = NULL; #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 if (info == NULL) return; @@ -1007,7 +1014,7 @@ if (msr == NULL) return; / Store the error message for later / - em = (error_message )apr_pcalloc(msr->mp, sizeof(error_message)); + em = (error_message_t )apr_pcalloc(msr->mp, sizeof(error_message_t)); if (em == NULL) return; #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 @@ -1035,7 +1042,7 @@ } } - (const error_message *)apr_array_push(msr->error_messages) = em; + (const error_message_t *)apr_array_push(msr->error_messages) = em; } @@ -1459,6 +1466,11 @@ NULL }; + static const char const fixups_beforeme_list[] = { + "mod_env.c", + NULL + }; + /* Add the MODSEC_2.x compatibility defines / (char *)apr_array_push(ap_server_config_defines) = apr_pstrdup(mp, "MODSEC_2.5"); @@ -1494,7 +1506,7 @@ ap_hook_post_read_request(hook_request_early, postread_beforeme_list, postread_afterme_list, APR_HOOK_REALLY_FIRST); - ap_hook_fixups(hook_request_late, NULL, NULL, APR_HOOK_REALLY_FIRST); + ap_hook_fixups(hook_request_late, fixups_beforeme_list, NULL, APR_HOOK_REALLY_FIRST); / Logging */ ap_hook_error_log(hook_error_log, NULL, NULL, APR_HOOK_MIDDLE);
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/modsecurity.c ^
@@ -276,6 +276,7 @@ apr_status_t modsecurity_tx_init(modsec_rec msr) { const char s = NULL; const apr_array_header_t arr; + char _cookies = NULL; apr_table_entry_t te; int i; @@ -401,7 +402,12 @@ for (i = 0; i < arr->nelts; i++) { if (strcasecmp(te[i].key, "Cookie") == 0) { if (msr->txcfg->cookie_format == COOKIES_V0) { - parse_cookies_v0(msr, te[i].val, msr->request_cookies); + _cookies = apr_pstrdup(msr->mp, te[i].val); + while((_cookies != 0)&&(_cookies != ',')&&(_cookies != ';')) _cookies++; + if(*_cookies == ',') + parse_cookies_v0(msr, te[i].val, msr->request_cookies, ","); + else + parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";"); } else { parse_cookies_v1(msr, te[i].val, msr->request_cookies); }
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/modsecurity.h ^
@@ -26,7 +26,7 @@ typedef struct rule_exception encryption_method; typedef struct modsec_rec modsec_rec; typedef struct directory_config directory_config; -typedef struct error_message error_message; +typedef struct error_message_t error_message_t; typedef struct msc_engine msc_engine; typedef struct msc_data_chunk msc_data_chunk; typedef struct msc_arg msc_arg; @@ -176,6 +176,7 @@ #define ACTION_ALLOW 5 #define ACTION_ALLOW_REQUEST 6 #define ACTION_ALLOW_PHASE 7 +#define ACTION_PAUSE 8 #define MODSEC_DISABLED 0 #define MODSEC_DETECTION_ONLY 1 @@ -590,7 +591,7 @@ int crypto_hash_framesrc_pm; }; -struct error_message { +struct error_message_t { const char *file; int line; int level;
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/msc_logging.c ^
@@ -930,7 +930,7 @@ /* Apache error messages / for(i = 0; i < msr->error_messages->nelts; i++) { - error_message em = (((error_message*)msr->error_messages->elts)[i]); + error_message_t em = (((error_message_t **)msr->error_messages->elts)[i]); text = apr_psprintf(msr->mp, "Apache-Error: %s\n", format_error_log_message(msr->mp, em)); sec_auditlog_write(msr, text, strlen(text));
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/msc_multipart.c ^
@@ -654,6 +654,7 @@ } } else { + msr->mpd->flag_invalid_part = 1; msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): " "(offset %u, length %u)", msr->mpd->mpp, msr->mpd->mpp->offset, msr->mpd->mpp->length); @@ -945,7 +946,7 @@ if (msr->mpd->flag_header_folding) { msr_log(msr, 4, "Multipart: Warning: header folding used."); - } + } if (msr->mpd->flag_crlf_line && msr->mpd->flag_lf_line) { msr_log(msr, 4, "Multipart: Warning: mixed line endings used (CRLF/LF)."); @@ -962,9 +963,13 @@ msr_log(msr, 4, "Multipart: Warning: invalid quoting used."); } + if (msr->mpd->flag_invalid_part) { + msr_log(msr, 4, "Multipart: Warning: invalid part parsing."); + } + if (msr->mpd->flag_invalid_header_folding) { msr_log(msr, 4, "Multipart: Warning: invalid header folding used."); - } + } } if ((msr->mpd->seen_data != 0) && (msr->mpd->is_complete == 0)) {
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/msc_multipart.h ^
@@ -117,6 +117,7 @@ int flag_boundary_whitespace; int flag_missing_semicolon; int flag_invalid_quoting; + int flag_invalid_part; int flag_invalid_header_folding; int flag_file_limit_exceeded; };
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/msc_parsers.c ^
@@ -19,7 +19,7 @@ * / int parse_cookies_v0(modsec_rec msr, char _cookie_header, - apr_table_t cookies) + apr_table_t cookies, const char delim) { char attr_name = NULL, attr_value = NULL; char cookie_header; @@ -35,7 +35,8 @@ cookie_header = strdup(_cookie_header); if (cookie_header == NULL) return -1; - p = apr_strtok(cookie_header, ";", &saveptr); + p = apr_strtok(cookie_header, delim, &saveptr); + while(p != NULL) { attr_name = NULL; attr_value = NULL; @@ -57,14 +58,14 @@ if (attr_value != NULL) { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value \"%s\"", - log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); + log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); } apr_table_add(cookies, attr_name, attr_value); } else { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value empty", - log_escape(msr->mp, attr_name)); + log_escape(msr->mp, attr_name)); } apr_table_add(cookies, attr_name, ""); @@ -73,7 +74,7 @@ cookie_count++; } - p = apr_strtok(NULL, ";", &saveptr); + p = apr_strtok(NULL, delim, &saveptr); } free(cookie_header); @@ -84,7 +85,7 @@ / int parse_cookies_v1(modsec_rec msr, char _cookie_header, - apr_table_t cookies) + apr_table_t cookies) { char attr_name = NULL, attr_value = NULL, p = NULL; char prev_attr_name = NULL; @@ -162,7 +163,7 @@ } } - add_cookie: +add_cookie: / remove the whitespace from the end of cookie name / if (attr_name != NULL) { @@ -193,14 +194,14 @@ if (attr_value != NULL) { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value \"%s\"", - log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); + log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); } apr_table_add(cookies, attr_name, attr_value); } else { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value empty", - log_escape(msr->mp, attr_name)); + log_escape(msr->mp, attr_name)); } apr_table_add(cookies, attr_name, ""); @@ -227,8 +228,8 @@ / int parse_arguments(modsec_rec msr, const char s, apr_size_t inputlength, - int argument_separator, const char origin, - apr_table_t arguments, int invalid_count) + int argument_separator, const char origin, + apr_table_t arguments, int invalid_count) { msc_arg arg; apr_size_t i, j; @@ -333,8 +334,8 @@ { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"", - arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len), - log_escape_ex(msr->mp, arg->value, arg->value_len)); + arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len), + log_escape_ex(msr->mp, arg->value, arg->value_len)); } apr_table_addn(arguments, log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *)arg);
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/msc_parsers.h ^
@@ -17,7 +17,8 @@ #include "modsecurity.h" -int DSOLOCAL parse_cookies_v0(modsec_rec msr, char _cookie_header, apr_table_t cookies); +int DSOLOCAL parse_cookies_v0(modsec_rec msr, char _cookie_header, apr_table_t cookies, + const char delim); int DSOLOCAL parse_cookies_v1(modsec_rec msr, char _cookie_header, apr_table_t cookies);
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/msc_release.h ^
@@ -39,8 +39,8 @@ #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "7" #define MODSEC_VERSION_MAINT "0" -#define MODSEC_VERSION_TYPE "-rc" -#define MODSEC_VERSION_RELEASE "3" +#define MODSEC_VERSION_TYPE "" +#define MODSEC_VERSION_RELEASE "" #define MODSEC_VERSION_SUFFIX MODSEC_VERSION_TYPE MODSEC_VERSION_RELEASE @@ -50,13 +50,13 @@ /* Apache Module Defines */ #ifdef VERSION_IIS -#define MODSEC_MODULE_NAME "ModSecurity for IIS" +#define MODSEC_MODULE_NAME "ModSecurity for IIS (Beta)" #else #ifdef VERSION_NGINX -#define MODSEC_MODULE_NAME "ModSecurity for nginx" +#define MODSEC_MODULE_NAME "ModSecurity for nginx (Beta)" #else #ifdef VERSION_STANDALONE -#define MODSEC_MODULE_NAME "ModSecurity Standalone" +#define MODSEC_MODULE_NAME "ModSecurity Standalone (Beta)" #else #define MODSEC_MODULE_NAME "ModSecurity for Apache" #endif
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/re.c ^
@@ -104,6 +104,7 @@ name = apr_strtok(variable,":",&value); } else { name = variable; + value = NULL; } if((strlen(myname) == strlen(name)) && @@ -2662,8 +2663,8 @@ } /* Keep track of the highest severity matched so far */ - if ((acting_actionset->severity > 0) && (acting_actionset->severity < msr->highest_severity)) - { + if ((acting_actionset->severity > 0) && (acting_actionset->severity < msr->highest_severity) + && !rule->actionset->is_chained) { msr->highest_severity = acting_actionset->severity; }
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/re_actions.c ^
@@ -586,6 +586,7 @@ static apr_status_t msre_action_pause_init(msre_engine engine, msre_actionset actionset, msre_action *action) { + actionset->intercept_action = ACTION_PAUSE; actionset->intercept_pause = action->param; return 1; }
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/apache2/re_variables.c ^
@@ -670,7 +670,7 @@ int i, count = 0; for(i = 0; i < msr->error_messages->nelts; i++) { - error_message em = (((error_message)msr->error_messages->elts)[i]); + error_message_t em = (((error_message_t *)msr->error_messages->elts)[i]); char fem = NULL; fem = format_error_log_message(mptmp, em); @@ -1397,6 +1397,18 @@ } } +/* MULTIPART_INVALID_PART / + +static int var_multipart_invalid_part_generate(modsec_rec msr, msre_var var, msre_rule rule, + apr_table_t vartab, apr_pool_t mptmp) +{ + if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) { + return var_simple_generate(var, vartab, mptmp, "1"); + } else { + return var_simple_generate(var, vartab, mptmp, "0"); + } +} + /* MULTIPART_INVALID_QUOTING / static int var_multipart_invalid_quoting_generate(modsec_rec msr, msre_var var, msre_rule rule, @@ -1449,6 +1461,7 @@ \|\|(msr->mpd->flag_lf_line != 0) \|\|(msr->mpd->flag_missing_semicolon != 0) \|\|(msr->mpd->flag_invalid_quoting != 0) + \|\|(msr->mpd->flag_invalid_part != 0) \|\|(msr->mpd->flag_invalid_header_folding != 0) \|\|(msr->mpd->flag_file_limit_exceeded != 0) ) { @@ -2898,6 +2911,17 @@ VAR_DONT_CACHE, /* flag / PHASE_REQUEST_BODY ); + + / MULTIPART_INVALID_PART / + msre_engine_variable_register(engine, + "MULTIPART_INVALID_PART", + VAR_SIMPLE, + 0, 0, + NULL, + var_multipart_invalid_part_generate, + VAR_DONT_CACHE, / flag / + PHASE_REQUEST_BODY + ); / MULTIPART_INVALID_QUOTING */ msre_engine_variable_register(engine,
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/doc/Reference_Manual.html ^
@@ -9,30 +9,26 @@ <meta name="generator" content="MediaWiki 1.15.1"> <meta name="robots" content="noindex,follow"> <meta name="keywords" content="Reference Manual"> - <link rel="alternate" type="application/x-wiki" title="Edit" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit"> - <link rel="edit" title="Edit" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit"> - <link rel="shortcut icon" href="https://sourceforge.net/favicon.ico"> + <link rel="shortcut icon" href="http://sourceforge.net/favicon.ico"> <link rel="search" type="application/opensearchdescription+xml" -href="https://sourceforge.net/apps/mediawiki/mod-security/opensearch_desc.php" +href="http://sourceforge.net/apps/mediawiki/mod-security/opensearch_desc.php" title="mod-security (en)"> <link rel="alternate" type="application/rss+xml" title="mod-security RSS Feed" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=rss"> +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=rss"> <link rel="alternate" type="application/atom+xml" title="mod-security Atom Feed" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=atom"> +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=atom"> <title>SourceForge.net: Reference Manual - mod-security</title> <link rel="stylesheet" href="Reference_Manual_files/commonPrint.css" type="text/css"> - <link rel="stylesheet" href="Reference_Manual_files/index_002.css" + <link rel="stylesheet" href="Reference_Manual_files/index_003.css" type="text/css"> <link rel="stylesheet" href="Reference_Manual_files/index.css" type="text/css"> <link rel="stylesheet" href="Reference_Manual_files/index_004.css" type="text/css"> - <link rel="stylesheet" href="Reference_Manual_files/index_003.css" + <link rel="stylesheet" href="Reference_Manual_files/index_002.css" type="text/css"> <!--[if lt IE 7]><script type="text/javascript" src="/apps/mediawiki/mod-security/skins/common/IEFixes.js?207"></script> <meta http-equiv="imagetoolbar" content="no" /><![endif]--> @@ -45,7 +41,7 @@ var wgScript = "/apps/mediawiki/mod-security/index.php"; var wgVariantArticlePath = false; var wgActionPaths = {}; - var wgServer = "https://sourceforge.net"; + var wgServer = "http://sourceforge.net"; var wgCanonicalNamespace = ""; var wgCanonicalSpecialPageName = false; var wgNamespaceNumber = 0; @@ -54,12 +50,12 @@ var wgAction = "view"; var wgArticleId = "12"; var wgIsArticle = true; - var wgUserName = "Brenosilva"; - var wgUserGroups = ["admin", "editor", "", "user", "autoconfirmed"]; + var wgUserName = null; + var wgUserGroups = null; var wgUserLanguage = "en"; var wgContentLanguage = "en"; var wgBreakFrames = false; - var wgCurRevisionId = 507; + var wgCurRevisionId = 522; var wgVersion = "1.15.1"; var wgEnableAPI = true; var wgEnableWriteAPI = true; @@ -67,13 +63,11 @@ var wgDigitTransformTable = ["", ""]; var wgRestrictionEdit = []; var wgRestrictionMove = []; - var wgAjaxWatch = {"watchMsg": "Watch", "unwatchMsg": "Unwatch", "watchingMsg": "Watching…", "unwatchingMsg": "Unwatching…"}; /]]>*/</script> <script type="text/javascript" src="Reference_Manual_files/wikibits.js"><!-- wikibits js --></script> <!-- Head Scripts --> <script type="text/javascript" src="Reference_Manual_files/ajax.js"></script> - <script type="text/javascript" src="Reference_Manual_files/ajaxwatch.js"></script> <script type="text/javascript" src="Reference_Manual_files/index.php"><!-- site js --></script> @@ -151,8 +145,8 @@ class="tocnumber">4.2</span> <span class="toctext">Core Rules Content</span></a></li> </ul> </li> -<li class="toclevel-1"><a href="#Installation"><span class="tocnumber">5</span> - <span class="toctext">Installation</span></a> +<li class="toclevel-1"><a href="#Installation_for_Apache"><span +class="tocnumber">5</span> <span class="toctext">Installation for Apache</span></a> <ul> <li class="toclevel-2"><a href="#Prerequisites"><span class="tocnumber">5.1</span> <span class="toctext">Prerequisites</span></a> @@ -204,644 +198,683 @@ </li> </ul> </li> +<li class="toclevel-1"><a href="#Installation_for_NGINX"><span +class="tocnumber">6</span> <span class="toctext">Installation for NGINX</span></a> +<ul> +<li class="toclevel-2"><a +href="#Manually_Installing_ModSecurity_Module_on_NGINX"><span +class="tocnumber">6.1</span> <span class="toctext">Manually Installing +ModSecurity Module on NGINX</span></a> +<ul> +<li class="toclevel-3"><a href="#Installation_Steps_2"><span +class="tocnumber">6.1.1</span> <span class="toctext">Installation Steps</span></a></li> +</ul> +</li> +</ul> +</li> +<li class="toclevel-1"><a href="#Installation_for_Microsoft_IIS"><span +class="tocnumber">7</span> <span class="toctext">Installation for +Microsoft IIS</span></a> +<ul> +<li class="toclevel-2"><a +href="#Manually_Installing_and_Troubleshooting_Setup_of_ModSecurity_Module_on_IIS"><span + class="tocnumber">7.1</span> <span class="toctext">Manually Installing +and Troubleshooting Setup of ModSecurity Module on IIS</span></a> +<ul> +<li class="toclevel-3"><a href="#Prerequisites_2"><span +class="tocnumber">7.1.1</span> <span class="toctext">Prerequisites</span></a></li> +<li class="toclevel-3"><a href="#Installation_Steps_3"><span +class="tocnumber">7.1.2</span> <span class="toctext">Installation Steps</span></a></li> +<li class="toclevel-3"><a href="#Configuration"><span class="tocnumber">7.1.3</span> + <span class="toctext">Configuration</span></a></li> +</ul> +</li> +<li class="toclevel-2"><a href="#Common_Problems"><span +class="tocnumber">7.2</span> <span class="toctext">Common Problems</span></a></li> +</ul> +</li> <li class="toclevel-1"><a href="#Configuration_Directives"><span -class="tocnumber">6</span> <span class="toctext">Configuration +class="tocnumber">8</span> <span class="toctext">Configuration Directives</span></a> <ul> -<li class="toclevel-2"><a href="#SecAction"><span class="tocnumber">6.1</span> +<li class="toclevel-2"><a href="#SecAction"><span class="tocnumber">8.1</span> <span class="toctext">SecAction</span></a></li> <li class="toclevel-2"><a href="#SecArgumentSeparator"><span -class="tocnumber">6.2</span> <span class="toctext">SecArgumentSeparator</span></a></li> -<li class="toclevel-2"><a href="#SecAuditEngine"><span class="tocnumber">6.3</span> +class="tocnumber">8.2</span> <span class="toctext">SecArgumentSeparator</span></a></li> +<li class="toclevel-2"><a href="#SecAuditEngine"><span class="tocnumber">8.3</span> <span class="toctext">SecAuditEngine</span></a></li> -<li class="toclevel-2"><a href="#SecAuditLog"><span class="tocnumber">6.4</span> +<li class="toclevel-2"><a href="#SecAuditLog"><span class="tocnumber">8.4</span> <span class="toctext">SecAuditLog</span></a></li> -<li class="toclevel-2"><a href="#SecAuditLog2"><span class="tocnumber">6.5</span> +<li class="toclevel-2"><a href="#SecAuditLog2"><span class="tocnumber">8.5</span> <span class="toctext">SecAuditLog2</span></a></li> <li class="toclevel-2"><a href="#SecAuditLogDirMode"><span -class="tocnumber">6.6</span> <span class="toctext">SecAuditLogDirMode</span></a></li> +class="tocnumber">8.6</span> <span class="toctext">SecAuditLogDirMode</span></a></li> <li class="toclevel-2"><a href="#SecAuditLogFileMode"><span -class="tocnumber">6.7</span> <span class="toctext">SecAuditLogFileMode</span></a></li> +class="tocnumber">8.7</span> <span class="toctext">SecAuditLogFileMode</span></a></li> <li class="toclevel-2"><a href="#SecAuditLogParts"><span -class="tocnumber">6.8</span> <span class="toctext">SecAuditLogParts</span></a></li> +class="tocnumber">8.8</span> <span class="toctext">SecAuditLogParts</span></a></li> <li class="toclevel-2"><a href="#SecAuditLogRelevantStatus"><span -class="tocnumber">6.9</span> <span class="toctext">SecAuditLogRelevantStatus</span></a></li> +class="tocnumber">8.9</span> <span class="toctext">SecAuditLogRelevantStatus</span></a></li> <li class="toclevel-2"><a href="#SecAuditLogStorageDir"><span -class="tocnumber">6.10</span> <span class="toctext">SecAuditLogStorageDir</span></a></li> +class="tocnumber">8.10</span> <span class="toctext">SecAuditLogStorageDir</span></a></li> <li class="toclevel-2"><a href="#SecAuditLogType"><span -class="tocnumber">6.11</span> <span class="toctext">SecAuditLogType</span></a></li> +class="tocnumber">8.11</span> <span class="toctext">SecAuditLogType</span></a></li> <li class="toclevel-2"><a href="#SecCacheTransformations"><span -class="tocnumber">6.12</span> <span class="toctext">SecCacheTransformations</span></a></li> -<li class="toclevel-2"><a href="#SecChrootDir"><span class="tocnumber">6.13</span> +class="tocnumber">8.12</span> <span class="toctext">SecCacheTransformations</span></a></li> +<li class="toclevel-2"><a href="#SecChrootDir"><span class="tocnumber">8.13</span> <span class="toctext">SecChrootDir</span></a></li> <li class="toclevel-2"><a href="#SecComponentSignature"><span -class="tocnumber">6.14</span> <span class="toctext">SecComponentSignature</span></a></li> +class="tocnumber">8.14</span> <span class="toctext">SecComponentSignature</span></a></li> <li class="toclevel-2"><a href="#SecContentInjection"><span -class="tocnumber">6.15</span> <span class="toctext">SecContentInjection</span></a></li> +class="tocnumber">8.15</span> <span class="toctext">SecContentInjection</span></a></li> <li class="toclevel-2"><a href="#SecCookieFormat"><span -class="tocnumber">6.16</span> <span class="toctext">SecCookieFormat</span></a></li> -<li class="toclevel-2"><a href="#SecDataDir"><span class="tocnumber">6.17</span> +class="tocnumber">8.16</span> <span class="toctext">SecCookieFormat</span></a></li> +<li class="toclevel-2"><a href="#SecDataDir"><span class="tocnumber">8.17</span> <span class="toctext">SecDataDir</span></a></li> -<li class="toclevel-2"><a href="#SecDebugLog"><span class="tocnumber">6.18</span> +<li class="toclevel-2"><a href="#SecDebugLog"><span class="tocnumber">8.18</span> <span class="toctext">SecDebugLog</span></a></li> <li class="toclevel-2"><a href="#SecDebugLogLevel"><span -class="tocnumber">6.19</span> <span class="toctext">SecDebugLogLevel</span></a></li> +class="tocnumber">8.19</span> <span class="toctext">SecDebugLogLevel</span></a></li> <li class="toclevel-2"><a href="#SecDefaultAction"><span -class="tocnumber">6.20</span> <span class="toctext">SecDefaultAction</span></a></li> +class="tocnumber">8.20</span> <span class="toctext">SecDefaultAction</span></a></li> <li class="toclevel-2"><a href="#SecDisableBackendCompression"><span -class="tocnumber">6.21</span> <span class="toctext">SecDisableBackendCompression</span></a></li> +class="tocnumber">8.21</span> <span class="toctext">SecDisableBackendCompression</span></a></li> <li class="toclevel-2"><a href="#SecEncryptionEngine"><span -class="tocnumber">6.22</span> <span class="toctext">SecEncryptionEngine</span></a></li> +class="tocnumber">8.22</span> <span class="toctext">SecEncryptionEngine</span></a></li> <li class="toclevel-2"><a href="#SecEncryptionKey"><span -class="tocnumber">6.23</span> <span class="toctext">SecEncryptionKey</span></a></li> +class="tocnumber">8.23</span> <span class="toctext">SecEncryptionKey</span></a></li> <li class="toclevel-2"><a href="#SecEncryptionParam"><span -class="tocnumber">6.24</span> <span class="toctext">SecEncryptionParam</span></a></li> +class="tocnumber">8.24</span> <span class="toctext">SecEncryptionParam</span></a></li> <li class="toclevel-2"><a href="#SecEncryptionMethodRx"><span -class="tocnumber">6.25</span> <span class="toctext">SecEncryptionMethodRx</span></a></li> +class="tocnumber">8.25</span> <span class="toctext">SecEncryptionMethodRx</span></a></li> <li class="toclevel-2"><a href="#SecEncryptionMethodPm"><span -class="tocnumber">6.26</span> <span class="toctext">SecEncryptionMethodPm</span></a></li> -<li class="toclevel-2"><a href="#SecGeoLookupDb"><span class="tocnumber">6.27</span> +class="tocnumber">8.26</span> <span class="toctext">SecEncryptionMethodPm</span></a></li> +<li class="toclevel-2"><a href="#SecGeoLookupDb"><span class="tocnumber">8.27</span> <span class="toctext">SecGeoLookupDb</span></a></li> -<li class="toclevel-2"><a href="#SecGsbLookupDb"><span class="tocnumber">6.28</span> +<li class="toclevel-2"><a href="#SecGsbLookupDb"><span class="tocnumber">8.28</span> <span class="toctext">SecGsbLookupDb</span></a></li> -<li class="toclevel-2"><a href="#SecGuardianLog"><span class="tocnumber">6.29</span> +<li class="toclevel-2"><a href="#SecGuardianLog"><span class="tocnumber">8.29</span> <span class="toctext">SecGuardianLog</span></a></li> -<li class="toclevel-2"><a href="#SecHttpBlKey"><span class="tocnumber">6.30</span> +<li class="toclevel-2"><a href="#SecHttpBlKey"><span class="tocnumber">8.30</span> <span class="toctext">SecHttpBlKey</span></a></li> <li class="toclevel-2"><a href="#SecInterceptOnError"><span -class="tocnumber">6.31</span> <span class="toctext">SecInterceptOnError</span></a></li> -<li class="toclevel-2"><a href="#SecMarker"><span class="tocnumber">6.32</span> +class="tocnumber">8.31</span> <span class="toctext">SecInterceptOnError</span></a></li> +<li class="toclevel-2"><a href="#SecMarker"><span class="tocnumber">8.32</span> <span class="toctext">SecMarker</span></a></li> <li class="toclevel-2"><a href="#SecPcreMatchLimit"><span -class="tocnumber">6.33</span> <span class="toctext">SecPcreMatchLimit</span></a></li> +class="tocnumber">8.33</span> <span class="toctext">SecPcreMatchLimit</span></a></li> <li class="toclevel-2"><a href="#SecPcreMatchLimitRecursion"><span -class="tocnumber">6.34</span> <span class="toctext">SecPcreMatchLimitRecursion</span></a></li> -<li class="toclevel-2"><a href="#SecPdfProtect"><span class="tocnumber">6.35</span> +class="tocnumber">8.34</span> <span class="toctext">SecPcreMatchLimitRecursion</span></a></li> +<li class="toclevel-2"><a href="#SecPdfProtect"><span class="tocnumber">8.35</span> <span class="toctext">SecPdfProtect</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectMethod"><span -class="tocnumber">6.36</span> <span class="toctext">SecPdfProtectMethod</span></a></li> +class="tocnumber">8.36</span> <span class="toctext">SecPdfProtectMethod</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectSecret"><span -class="tocnumber">6.37</span> <span class="toctext">SecPdfProtectSecret</span></a></li> +class="tocnumber">8.37</span> <span class="toctext">SecPdfProtectSecret</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectTimeout"><span -class="tocnumber">6.38</span> <span class="toctext">SecPdfProtectTimeout</span></a></li> +class="tocnumber">8.38</span> <span class="toctext">SecPdfProtectTimeout</span></a></li> <li class="toclevel-2"><a href="#SecPdfProtectTokenName"><span -class="tocnumber">6.39</span> <span class="toctext">SecPdfProtectTokenName</span></a></li> +class="tocnumber">8.39</span> <span class="toctext">SecPdfProtectTokenName</span></a></li> <li class="toclevel-2"><a href="#SecReadStateLimit"><span -class="tocnumber">6.40</span> <span class="toctext">SecReadStateLimit</span></a></li> -<li class="toclevel-2"><a href="#SecSensorId"><span class="tocnumber">6.41</span> +class="tocnumber">8.40</span> <span class="toctext">SecReadStateLimit</span></a></li> +<li class="toclevel-2"><a href="#SecSensorId"><span class="tocnumber">8.41</span> <span class="toctext">SecSensorId</span></a></li> <li class="toclevel-2"><a href="#SecWriteStateLimit"><span -class="tocnumber">6.42</span> <span class="toctext">SecWriteStateLimit</span></a></li> +class="tocnumber">8.42</span> <span class="toctext">SecWriteStateLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyAccess"><span -class="tocnumber">6.43</span> <span class="toctext">SecRequestBodyAccess</span></a></li> +class="tocnumber">8.43</span> <span class="toctext">SecRequestBodyAccess</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyInMemoryLimit"><span -class="tocnumber">6.44</span> <span class="toctext">SecRequestBodyInMemoryLimit</span></a></li> +class="tocnumber">8.44</span> <span class="toctext">SecRequestBodyInMemoryLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyLimit"><span -class="tocnumber">6.45</span> <span class="toctext">SecRequestBodyLimit</span></a></li> +class="tocnumber">8.45</span> <span class="toctext">SecRequestBodyLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyNoFilesLimit"><span -class="tocnumber">6.46</span> <span class="toctext">SecRequestBodyNoFilesLimit</span></a></li> +class="tocnumber">8.46</span> <span class="toctext">SecRequestBodyNoFilesLimit</span></a></li> <li class="toclevel-2"><a href="#SecRequestBodyLimitAction"><span -class="tocnumber">6.47</span> <span class="toctext">SecRequestBodyLimitAction</span></a></li> +class="tocnumber">8.47</span> <span class="toctext">SecRequestBodyLimitAction</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyLimit"><span -class="tocnumber">6.48</span> <span class="toctext">SecResponseBodyLimit</span></a></li> +class="tocnumber">8.48</span> <span class="toctext">SecResponseBodyLimit</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyLimitAction"><span -class="tocnumber">6.49</span> <span class="toctext">SecResponseBodyLimitAction</span></a></li> +class="tocnumber">8.49</span> <span class="toctext">SecResponseBodyLimitAction</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyMimeType"><span -class="tocnumber">6.50</span> <span class="toctext">SecResponseBodyMimeType</span></a></li> +class="tocnumber">8.50</span> <span class="toctext">SecResponseBodyMimeType</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyMimeTypesClear"><span -class="tocnumber">6.51</span> <span class="toctext">SecResponseBodyMimeTypesClear</span></a></li> +class="tocnumber">8.51</span> <span class="toctext">SecResponseBodyMimeTypesClear</span></a></li> <li class="toclevel-2"><a href="#SecResponseBodyAccess"><span -class="tocnumber">6.52</span> <span class="toctext">SecResponseBodyAccess</span></a></li> -<li class="toclevel-2"><a href="#SecRule"><span class="tocnumber">6.53</span> +class="tocnumber">8.52</span> <span class="toctext">SecResponseBodyAccess</span></a></li> +<li class="toclevel-2"><a href="#SecRule"><span class="tocnumber">8.53</span> <span class="toctext">SecRule</span></a></li> <li class="toclevel-2"><a href="#SecRuleInheritance"><span -class="tocnumber">6.54</span> <span class="toctext">SecRuleInheritance</span></a></li> -<li class="toclevel-2"><a href="#SecRuleEngine"><span class="tocnumber">6.55</span> +class="tocnumber">8.54</span> <span class="toctext">SecRuleInheritance</span></a></li> +<li class="toclevel-2"><a href="#SecRuleEngine"><span class="tocnumber">8.55</span> <span class="toctext">SecRuleEngine</span></a></li> <li class="toclevel-2"><a href="#SecRulePerfTime"><span -class="tocnumber">6.56</span> <span class="toctext">SecRulePerfTime</span></a></li> +class="tocnumber">8.56</span> <span class="toctext">SecRulePerfTime</span></a></li> <li class="toclevel-2"><a href="#SecRuleRemoveById"><span -class="tocnumber">6.57</span> <span class="toctext">SecRuleRemoveById</span></a></li> +class="tocnumber">8.57</span> <span class="toctext">SecRuleRemoveById</span></a></li> <li class="toclevel-2"><a href="#SecRuleRemoveByMsg"><span -class="tocnumber">6.58</span> <span class="toctext">SecRuleRemoveByMsg</span></a></li> +class="tocnumber">8.58</span> <span class="toctext">SecRuleRemoveByMsg</span></a></li> <li class="toclevel-2"><a href="#SecRuleRemoveByTag"><span -class="tocnumber">6.59</span> <span class="toctext">SecRuleRemoveByTag</span></a></li> -<li class="toclevel-2"><a href="#SecRuleScript"><span class="tocnumber">6.60</span> +class="tocnumber">8.59</span> <span class="toctext">SecRuleRemoveByTag</span></a></li> +<li class="toclevel-2"><a href="#SecRuleScript"><span class="tocnumber">8.60</span> <span class="toctext">SecRuleScript</span></a></li> <li class="toclevel-2"><a href="#SecRuleUpdateActionById"><span -class="tocnumber">6.61</span> <span class="toctext">SecRuleUpdateActionById</span></a></li> +class="tocnumber">8.61</span> <span class="toctext">SecRuleUpdateActionById</span></a></li> <li class="toclevel-2"><a href="#SecRuleUpdateTargetById"><span -class="tocnumber">6.62</span> <span class="toctext">SecRuleUpdateTargetById</span></a></li> +class="tocnumber">8.62</span> <span class="toctext">SecRuleUpdateTargetById</span></a></li> <li class="toclevel-2"><a href="#SecRuleUpdateTargetByMsg"><span -class="tocnumber">6.63</span> <span class="toctext">SecRuleUpdateTargetByMsg</span></a></li> +class="tocnumber">8.63</span> <span class="toctext">SecRuleUpdateTargetByMsg</span></a></li> <li class="toclevel-2"><a href="#SecRuleUpdateTargetByTag"><span -class="tocnumber">6.64</span> <span class="toctext">SecRuleUpdateTargetByTag</span></a></li> +class="tocnumber">8.64</span> <span class="toctext">SecRuleUpdateTargetByTag</span></a></li> <li class="toclevel-2"><a href="#SecServerSignature"><span -class="tocnumber">6.65</span> <span class="toctext">SecServerSignature</span></a></li> +class="tocnumber">8.65</span> <span class="toctext">SecServerSignature</span></a></li> <li class="toclevel-2"><a href="#SecStreamInBodyInspection"><span -class="tocnumber">6.66</span> <span class="toctext">SecStreamInBodyInspection</span></a></li> +class="tocnumber">8.66</span> <span class="toctext">SecStreamInBodyInspection</span></a></li> <li class="toclevel-2"><a href="#SecStreamOutBodyInspection"><span -class="tocnumber">6.67</span> <span class="toctext">SecStreamOutBodyInspection</span></a></li> -<li class="toclevel-2"><a href="#SecTmpDir"><span class="tocnumber">6.68</span> +class="tocnumber">8.67</span> <span class="toctext">SecStreamOutBodyInspection</span></a></li> +<li class="toclevel-2"><a href="#SecTmpDir"><span class="tocnumber">8.68</span> <span class="toctext">SecTmpDir</span></a></li> <li class="toclevel-2"><a href="#SecUnicodeMapFile"><span -class="tocnumber">6.69</span> <span class="toctext">SecUnicodeMapFile</span></a></li> +class="tocnumber">8.69</span> <span class="toctext">SecUnicodeMapFile</span></a></li> <li class="toclevel-2"><a href="#SecUnicodeCodePage"><span -class="tocnumber">6.70</span> <span class="toctext">SecUnicodeCodePage</span></a></li> -<li class="toclevel-2"><a href="#SecUploadDir"><span class="tocnumber">6.71</span> +class="tocnumber">8.70</span> <span class="toctext">SecUnicodeCodePage</span></a></li> +<li class="toclevel-2"><a href="#SecUploadDir"><span class="tocnumber">8.71</span> <span class="toctext">SecUploadDir</span></a></li> <li class="toclevel-2"><a href="#SecUploadFileLimit"><span -class="tocnumber">6.72</span> <span class="toctext">SecUploadFileLimit</span></a></li> +class="tocnumber">8.72</span> <span class="toctext">SecUploadFileLimit</span></a></li> <li class="toclevel-2"><a href="#SecUploadFileMode"><span -class="tocnumber">6.73</span> <span class="toctext">SecUploadFileMode</span></a></li> +class="tocnumber">8.73</span> <span class="toctext">SecUploadFileMode</span></a></li> <li class="toclevel-2"><a href="#SecUploadKeepFiles"><span -class="tocnumber">6.74</span> <span class="toctext">SecUploadKeepFiles</span></a></li> -<li class="toclevel-2"><a href="#SecWebAppId"><span class="tocnumber">6.75</span> +class="tocnumber">8.74</span> <span class="toctext">SecUploadKeepFiles</span></a></li> +<li class="toclevel-2"><a href="#SecWebAppId"><span class="tocnumber">8.75</span> <span class="toctext">SecWebAppId</span></a></li> <li class="toclevel-2"><a href="#SecCollectionTimeout"><span -class="tocnumber">6.76</span> <span class="toctext">SecCollectionTimeout</span></a></li> +class="tocnumber">8.76</span> <span class="toctext">SecCollectionTimeout</span></a></li> </ul> </li> <li class="toclevel-1"><a href="#Processing_Phases"><span -class="tocnumber">7</span> <span class="toctext">Processing Phases</span></a> +class="tocnumber">9</span> <span class="toctext">Processing Phases</span></a> <ul> <li class="toclevel-2"><a href="#Phase_Request_Headers"><span -class="tocnumber">7.1</span> <span class="toctext">Phase Request Headers</span></a></li> +class="tocnumber">9.1</span> <span class="toctext">Phase Request Headers</span></a></li> <li class="toclevel-2"><a href="#Phase_Request_Body"><span -class="tocnumber">7.2</span> <span class="toctext">Phase Request Body</span></a></li> +class="tocnumber">9.2</span> <span class="toctext">Phase Request Body</span></a></li> <li class="toclevel-2"><a href="#Phase_Response_Headers"><span -class="tocnumber">7.3</span> <span class="toctext">Phase Response +class="tocnumber">9.3</span> <span class="toctext">Phase Response Headers</span></a></li> <li class="toclevel-2"><a href="#Phase_Response_Body"><span -class="tocnumber">7.4</span> <span class="toctext">Phase Response Body</span></a></li> -<li class="toclevel-2"><a href="#Phase_Logging"><span class="tocnumber">7.5</span> +class="tocnumber">9.4</span> <span class="toctext">Phase Response Body</span></a></li> +<li class="toclevel-2"><a href="#Phase_Logging"><span class="tocnumber">9.5</span> <span class="toctext">Phase Logging</span></a></li> </ul> </li> -<li class="toclevel-1"><a href="#Variables"><span class="tocnumber">8</span> +<li class="toclevel-1"><a href="#Variables"><span class="tocnumber">10</span> <span class="toctext">Variables</span></a> <ul> -<li class="toclevel-2"><a href="#ARGS"><span class="tocnumber">8.1</span> +<li class="toclevel-2"><a href="#ARGS"><span class="tocnumber">10.1</span> <span class="toctext">ARGS</span></a></li> <li class="toclevel-2"><a href="#ARGS_COMBINED_SIZE"><span -class="tocnumber">8.2</span> <span class="toctext">ARGS_COMBINED_SIZE</span></a></li> -<li class="toclevel-2"><a href="#ARGS_GET"><span class="tocnumber">8.3</span> +class="tocnumber">10.2</span> <span class="toctext">ARGS_COMBINED_SIZE</span></a></li> +<li class="toclevel-2"><a href="#ARGS_GET"><span class="tocnumber">10.3</span> <span class="toctext">ARGS_GET</span></a></li> -<li class="toclevel-2"><a href="#ARGS_GET_NAMES"><span class="tocnumber">8.4</span> +<li class="toclevel-2"><a href="#ARGS_GET_NAMES"><span class="tocnumber">10.4</span> <span class="toctext">ARGS_GET_NAMES</span></a></li> -<li class="toclevel-2"><a href="#ARGS_NAMES"><span class="tocnumber">8.5</span> +<li class="toclevel-2"><a href="#ARGS_NAMES"><span class="tocnumber">10.5</span> <span class="toctext">ARGS_NAMES</span></a></li> -<li class="toclevel-2"><a href="#ARGS_POST"><span class="tocnumber">8.6</span> +<li class="toclevel-2"><a href="#ARGS_POST"><span class="tocnumber">10.6</span> <span class="toctext">ARGS_POST</span></a></li> <li class="toclevel-2"><a href="#ARGS_POST_NAMES"><span -class="tocnumber">8.7</span> <span class="toctext">ARGS_POST_NAMES</span></a></li> -<li class="toclevel-2"><a href="#AUTH_TYPE"><span class="tocnumber">8.8</span> +class="tocnumber">10.7</span> <span class="toctext">ARGS_POST_NAMES</span></a></li> +<li class="toclevel-2"><a href="#AUTH_TYPE"><span class="tocnumber">10.8</span> <span class="toctext">AUTH_TYPE</span></a></li> -<li class="toclevel-2"><a href="#DURATION"><span class="tocnumber">8.9</span> +<li class="toclevel-2"><a href="#DURATION"><span class="tocnumber">10.9</span> <span class="toctext">DURATION</span></a></li> -<li class="toclevel-2"><a href="#ENV"><span class="tocnumber">8.10</span> +<li class="toclevel-2"><a href="#ENV"><span class="tocnumber">10.10</span> <span class="toctext">ENV</span></a></li> -<li class="toclevel-2"><a href="#FILES"><span class="tocnumber">8.11</span> +<li class="toclevel-2"><a href="#FILES"><span class="tocnumber">10.11</span> <span class="toctext">FILES</span></a></li> <li class="toclevel-2"><a href="#FILES_COMBINED_SIZE"><span -class="tocnumber">8.12</span> <span class="toctext">FILES_COMBINED_SIZE</span></a></li> -<li class="toclevel-2"><a href="#FILES_NAMES"><span class="tocnumber">8.13</span> +class="tocnumber">10.12</span> <span class="toctext">FILES_COMBINED_SIZE</span></a></li> +<li class="toclevel-2"><a href="#FILES_NAMES"><span class="tocnumber">10.13</span> <span class="toctext">FILES_NAMES</span></a></li> -<li class="toclevel-2"><a href="#FILES_SIZES"><span class="tocnumber">8.14</span> +<li class="toclevel-2"><a href="#FILES_SIZES"><span class="tocnumber">10.14</span> <span class="toctext">FILES_SIZES</span></a></li> -<li class="toclevel-2"><a href="#FILES_TMPNAMES"><span class="tocnumber">8.15</span> +<li class="toclevel-2"><a href="#FILES_TMPNAMES"><span class="tocnumber">10.15</span> <span class="toctext">FILES_TMPNAMES</span></a></li> -<li class="toclevel-2"><a href="#GEO"><span class="tocnumber">8.16</span> +<li class="toclevel-2"><a href="#GEO"><span class="tocnumber">10.16</span> <span class="toctext">GEO</span></a></li> <li class="toclevel-2"><a href="#HIGHEST_SEVERITY"><span -class="tocnumber">8.17</span> <span class="toctext">HIGHEST_SEVERITY</span></a></li> -<li class="toclevel-2"><a href="#INBOUND_ERROR_DATA"><span -class="tocnumber">8.18</span> <span class="toctext">INBOUND_ERROR_DATA</span></a></li> -<li class="toclevel-2"><a href="#MATCHED_VAR"><span class="tocnumber">8.19</span> +class="tocnumber">10.17</span> <span class="toctext">HIGHEST_SEVERITY</span></a></li> +<li class="toclevel-2"><a href="#INBOUND_DATA_ERROR"><span +class="tocnumber">10.18</span> <span class="toctext">INBOUND_DATA_ERROR</span></a></li> +<li class="toclevel-2"><a href="#MATCHED_VAR"><span class="tocnumber">10.19</span> <span class="toctext">MATCHED_VAR</span></a></li> -<li class="toclevel-2"><a href="#MATCHED_VARS"><span class="tocnumber">8.20</span> +<li class="toclevel-2"><a href="#MATCHED_VARS"><span class="tocnumber">10.20</span> <span class="toctext">MATCHED_VARS</span></a></li> <li class="toclevel-2"><a href="#MATCHED_VAR_NAME"><span -class="tocnumber">8.21</span> <span class="toctext">MATCHED_VAR_NAME</span></a></li> +class="tocnumber">10.21</span> <span class="toctext">MATCHED_VAR_NAME</span></a></li> <li class="toclevel-2"><a href="#MATCHED_VARS_NAMES"><span -class="tocnumber">8.22</span> <span class="toctext">MATCHED_VARS_NAMES</span></a></li> -<li class="toclevel-2"><a href="#MODSEC_BUILD"><span class="tocnumber">8.23</span> +class="tocnumber">10.22</span> <span class="toctext">MATCHED_VARS_NAMES</span></a></li> +<li class="toclevel-2"><a href="#MODSEC_BUILD"><span class="tocnumber">10.23</span> <span class="toctext">MODSEC_BUILD</span></a></li> <li class="toclevel-2"><a href="#MULTIPART_CRLF_LF_LINES"><span -class="tocnumber">8.24</span> <span class="toctext">MULTIPART_CRLF_LF_LINES</span></a></li> +class="tocnumber">10.24</span> <span class="toctext">MULTIPART_CRLF_LF_LINES</span></a></li> <li class="toclevel-2"><a href="#MULTIPART_STRICT_ERROR"><span -class="tocnumber">8.25</span> <span class="toctext">MULTIPART_STRICT_ERROR</span></a></li> +class="tocnumber">10.25</span> <span class="toctext">MULTIPART_STRICT_ERROR</span></a></li> <li class="toclevel-2"><a href="#MULTIPART_UNMATCHED_BOUNDARY"><span -class="tocnumber">8.26</span> <span class="toctext">MULTIPART_UNMATCHED_BOUNDARY</span></a></li> -<li class="toclevel-2"><a href="#PATH_INFO"><span class="tocnumber">8.27</span> +class="tocnumber">10.26</span> <span class="toctext">MULTIPART_UNMATCHED_BOUNDARY</span></a></li> +<li class="toclevel-2"><a href="#OUTBOUND_DATA_ERROR"><span +class="tocnumber">10.27</span> <span class="toctext">OUTBOUND_DATA_ERROR</span></a></li> +<li class="toclevel-2"><a href="#PATH_INFO"><span class="tocnumber">10.28</span> <span class="toctext">PATH_INFO</span></a></li> -<li class="toclevel-2"><a href="#PERF_COMBINED"><span class="tocnumber">8.28</span> +<li class="toclevel-2"><a href="#PERF_COMBINED"><span class="tocnumber">10.29</span> <span class="toctext">PERF_COMBINED</span></a></li> -<li class="toclevel-2"><a href="#PERF_GC"><span class="tocnumber">8.29</span> +<li class="toclevel-2"><a href="#PERF_GC"><span class="tocnumber">10.30</span> <span class="toctext">PERF_GC</span></a></li> -<li class="toclevel-2"><a href="#PERF_LOGGING"><span class="tocnumber">8.30</span> +<li class="toclevel-2"><a href="#PERF_LOGGING"><span class="tocnumber">10.31</span> <span class="toctext">PERF_LOGGING</span></a></li> -<li class="toclevel-2"><a href="#PERF_PHASE1"><span class="tocnumber">8.31</span> +<li class="toclevel-2"><a href="#PERF_PHASE1"><span class="tocnumber">10.32</span> <span class="toctext">PERF_PHASE1</span></a></li> -<li class="toclevel-2"><a href="#PERF_PHASE2"><span class="tocnumber">8.32</span> +<li class="toclevel-2"><a href="#PERF_PHASE2"><span class="tocnumber">10.33</span> <span class="toctext">PERF_PHASE2</span></a></li> -<li class="toclevel-2"><a href="#PERF_PHASE3"><span class="tocnumber">8.33</span> +<li class="toclevel-2"><a href="#PERF_PHASE3"><span class="tocnumber">10.34</span> <span class="toctext">PERF_PHASE3</span></a></li> -<li class="toclevel-2"><a href="#PERF_PHASE4"><span class="tocnumber">8.34</span> +<li class="toclevel-2"><a href="#PERF_PHASE4"><span class="tocnumber">10.35</span> <span class="toctext">PERF_PHASE4</span></a></li> -<li class="toclevel-2"><a href="#PERF_PHASE5"><span class="tocnumber">8.35</span> +<li class="toclevel-2"><a href="#PERF_PHASE5"><span class="tocnumber">10.36</span> <span class="toctext">PERF_PHASE5</span></a></li> -<li class="toclevel-2"><a href="#PERF_RULES"><span class="tocnumber">8.36</span> +<li class="toclevel-2"><a href="#PERF_RULES"><span class="tocnumber">10.37</span> <span class="toctext">PERF_RULES</span></a></li> -<li class="toclevel-2"><a href="#PERF_SREAD"><span class="tocnumber">8.37</span> +<li class="toclevel-2"><a href="#PERF_SREAD"><span class="tocnumber">10.38</span> <span class="toctext">PERF_SREAD</span></a></li> -<li class="toclevel-2"><a href="#PERF_SWRITE"><span class="tocnumber">8.38</span> +<li class="toclevel-2"><a href="#PERF_SWRITE"><span class="tocnumber">10.39</span> <span class="toctext">PERF_SWRITE</span></a></li> -<li class="toclevel-2"><a href="#QUERY_STRING"><span class="tocnumber">8.39</span> +<li class="toclevel-2"><a href="#QUERY_STRING"><span class="tocnumber">10.40</span> <span class="toctext">QUERY_STRING</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_ADDR"><span class="tocnumber">8.40</span> +<li class="toclevel-2"><a href="#REMOTE_ADDR"><span class="tocnumber">10.41</span> <span class="toctext">REMOTE_ADDR</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_HOST"><span class="tocnumber">8.41</span> +<li class="toclevel-2"><a href="#REMOTE_HOST"><span class="tocnumber">10.42</span> <span class="toctext">REMOTE_HOST</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_PORT"><span class="tocnumber">8.42</span> +<li class="toclevel-2"><a href="#REMOTE_PORT"><span class="tocnumber">10.43</span> <span class="toctext">REMOTE_PORT</span></a></li> -<li class="toclevel-2"><a href="#REMOTE_USER"><span class="tocnumber">8.43</span> +<li class="toclevel-2"><a href="#REMOTE_USER"><span class="tocnumber">10.44</span> <span class="toctext">REMOTE_USER</span></a></li> -<li class="toclevel-2"><a href="#REQBODY_ERROR"><span class="tocnumber">8.44</span> +<li class="toclevel-2"><a href="#REQBODY_ERROR"><span class="tocnumber">10.45</span> <span class="toctext">REQBODY_ERROR</span></a></li> <li class="toclevel-2"><a href="#REQBODY_ERROR_MSG"><span -class="tocnumber">8.45</span> <span class="toctext">REQBODY_ERROR_MSG</span></a></li> +class="tocnumber">10.46</span> <span class="toctext">REQBODY_ERROR_MSG</span></a></li> <li class="toclevel-2"><a href="#REQBODY_PROCESSOR"><span -class="tocnumber">8.46</span> <span class="toctext">REQBODY_PROCESSOR</span></a></li> +class="tocnumber">10.47</span> <span class="toctext">REQBODY_PROCESSOR</span></a></li> <li class="toclevel-2"><a href="#REQUEST_BASENAME"><span -class="tocnumber">8.47</span> <span class="toctext">REQUEST_BASENAME</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_BODY"><span class="tocnumber">8.48</span> +class="tocnumber">10.48</span> <span class="toctext">REQUEST_BASENAME</span></a></li> +<li class="toclevel-2"><a href="#REQUEST_BODY"><span class="tocnumber">10.49</span> <span class="toctext">REQUEST_BODY</span></a></li> <li class="toclevel-2"><a href="#REQUEST_BODY_LENGTH"><span -class="tocnumber">8.49</span> <span class="toctext">REQUEST_BODY_LENGTH</span></a></li> +class="tocnumber">10.50</span> <span class="toctext">REQUEST_BODY_LENGTH</span></a></li> <li class="toclevel-2"><a href="#REQUEST_COOKIES"><span -class="tocnumber">8.50</span> <span class="toctext">REQUEST_COOKIES</span></a></li> +class="tocnumber">10.51</span> <span class="toctext">REQUEST_COOKIES</span></a></li> <li class="toclevel-2"><a href="#REQUEST_COOKIES_NAMES"><span -class="tocnumber">8.51</span> <span class="toctext">REQUEST_COOKIES_NAMES</span></a></li> +class="tocnumber">10.52</span> <span class="toctext">REQUEST_COOKIES_NAMES</span></a></li> <li class="toclevel-2"><a href="#REQUEST_FILENAME"><span -class="tocnumber">8.52</span> <span class="toctext">REQUEST_FILENAME</span></a></li> +class="tocnumber">10.53</span> <span class="toctext">REQUEST_FILENAME</span></a></li> <li class="toclevel-2"><a href="#REQUEST_HEADERS"><span -class="tocnumber">8.53</span> <span class="toctext">REQUEST_HEADERS</span></a></li> +class="tocnumber">10.54</span> <span class="toctext">REQUEST_HEADERS</span></a></li> <li class="toclevel-2"><a href="#REQUEST_HEADERS_NAMES"><span -class="tocnumber">8.54</span> <span class="toctext">REQUEST_HEADERS_NAMES</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_LINE"><span class="tocnumber">8.55</span> +class="tocnumber">10.55</span> <span class="toctext">REQUEST_HEADERS_NAMES</span></a></li> +<li class="toclevel-2"><a href="#REQUEST_LINE"><span class="tocnumber">10.56</span> <span class="toctext">REQUEST_LINE</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_METHOD"><span class="tocnumber">8.56</span> +<li class="toclevel-2"><a href="#REQUEST_METHOD"><span class="tocnumber">10.57</span> <span class="toctext">REQUEST_METHOD</span></a></li> <li class="toclevel-2"><a href="#REQUEST_PROTOCOL"><span -class="tocnumber">8.57</span> <span class="toctext">REQUEST_PROTOCOL</span></a></li> -<li class="toclevel-2"><a href="#REQUEST_URI"><span class="tocnumber">8.58</span> +class="tocnumber">10.58</span> <span class="toctext">REQUEST_PROTOCOL</span></a></li> +<li class="toclevel-2"><a href="#REQUEST_URI"><span class="tocnumber">10.59</span> <span class="toctext">REQUEST_URI</span></a></li> <li class="toclevel-2"><a href="#REQUEST_URI_RAW"><span -class="tocnumber">8.59</span> <span class="toctext">REQUEST_URI_RAW</span></a></li> -<li class="toclevel-2"><a href="#RESPONSE_BODY"><span class="tocnumber">8.60</span> +class="tocnumber">10.60</span> <span class="toctext">REQUEST_URI_RAW</span></a></li> +<li class="toclevel-2"><a href="#RESPONSE_BODY"><span class="tocnumber">10.61</span> <span class="toctext">RESPONSE_BODY</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_CONTENT_LENGTH"><span -class="tocnumber">8.61</span> <span class="toctext">RESPONSE_CONTENT_LENGTH</span></a></li> +class="tocnumber">10.62</span> <span class="toctext">RESPONSE_CONTENT_LENGTH</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_CONTENT_TYPE"><span -class="tocnumber">8.62</span> <span class="toctext">RESPONSE_CONTENT_TYPE</span></a></li> +class="tocnumber">10.63</span> <span class="toctext">RESPONSE_CONTENT_TYPE</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_HEADERS"><span -class="tocnumber">8.63</span> <span class="toctext">RESPONSE_HEADERS</span></a></li> +class="tocnumber">10.64</span> <span class="toctext">RESPONSE_HEADERS</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_HEADERS_NAMES"><span -class="tocnumber">8.64</span> <span class="toctext">RESPONSE_HEADERS_NAMES</span></a></li> +class="tocnumber">10.65</span> <span class="toctext">RESPONSE_HEADERS_NAMES</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_PROTOCOL"><span -class="tocnumber">8.65</span> <span class="toctext">RESPONSE_PROTOCOL</span></a></li> +class="tocnumber">10.66</span> <span class="toctext">RESPONSE_PROTOCOL</span></a></li> <li class="toclevel-2"><a href="#RESPONSE_STATUS"><span -class="tocnumber">8.66</span> <span class="toctext">RESPONSE_STATUS</span></a></li> -<li class="toclevel-2"><a href="#RULE"><span class="tocnumber">8.67</span> +class="tocnumber">10.67</span> <span class="toctext">RESPONSE_STATUS</span></a></li> +<li class="toclevel-2"><a href="#RULE"><span class="tocnumber">10.68</span> <span class="toctext">RULE</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_BASENAME"><span -class="tocnumber">8.68</span> <span class="toctext">SCRIPT_BASENAME</span></a></li> +class="tocnumber">10.69</span> <span class="toctext">SCRIPT_BASENAME</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_FILENAME"><span -class="tocnumber">8.69</span> <span class="toctext">SCRIPT_FILENAME</span></a></li> -<li class="toclevel-2"><a href="#SCRIPT_GID"><span class="tocnumber">8.70</span> +class="tocnumber">10.70</span> <span class="toctext">SCRIPT_FILENAME</span></a></li> +<li class="toclevel-2"><a href="#SCRIPT_GID"><span class="tocnumber">10.71</span> <span class="toctext">SCRIPT_GID</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_GROUPNAME"><span -class="tocnumber">8.71</span> <span class="toctext">SCRIPT_GROUPNAME</span></a></li> -<li class="toclevel-2"><a href="#SCRIPT_MODE"><span class="tocnumber">8.72</span> +class="tocnumber">10.72</span> <span class="toctext">SCRIPT_GROUPNAME</span></a></li> +<li class="toclevel-2"><a href="#SCRIPT_MODE"><span class="tocnumber">10.73</span> <span class="toctext">SCRIPT_MODE</span></a></li> -<li class="toclevel-2"><a href="#SCRIPT_UID"><span class="tocnumber">8.73</span> +<li class="toclevel-2"><a href="#SCRIPT_UID"><span class="tocnumber">10.74</span> <span class="toctext">SCRIPT_UID</span></a></li> <li class="toclevel-2"><a href="#SCRIPT_USERNAME"><span -class="tocnumber">8.74</span> <span class="toctext">SCRIPT_USERNAME</span></a></li> -<li class="toclevel-2"><a href="#SERVER_ADDR"><span class="tocnumber">8.75</span> +class="tocnumber">10.75</span> <span class="toctext">SCRIPT_USERNAME</span></a></li> +<li class="toclevel-2"><a href="#SERVER_ADDR"><span class="tocnumber">10.76</span> <span class="toctext">SERVER_ADDR</span></a></li> -<li class="toclevel-2"><a href="#SERVER_NAME"><span class="tocnumber">8.76</span> +<li class="toclevel-2"><a href="#SERVER_NAME"><span class="tocnumber">10.77</span> <span class="toctext">SERVER_NAME</span></a></li> -<li class="toclevel-2"><a href="#SERVER_PORT"><span class="tocnumber">8.77</span> +<li class="toclevel-2"><a href="#SERVER_PORT"><span class="tocnumber">10.78</span> <span class="toctext">SERVER_PORT</span></a></li> -<li class="toclevel-2"><a href="#SESSION"><span class="tocnumber">8.78</span> +<li class="toclevel-2"><a href="#SESSION"><span class="tocnumber">10.79</span> <span class="toctext">SESSION</span></a></li> -<li class="toclevel-2"><a href="#SESSIONID"><span class="tocnumber">8.79</span> +<li class="toclevel-2"><a href="#SESSIONID"><span class="tocnumber">10.80</span> <span class="toctext">SESSIONID</span></a></li> <li class="toclevel-2"><a href="#STREAM_INPUT_BODY"><span -class="tocnumber">8.80</span> <span class="toctext">STREAM_INPUT_BODY</span></a></li> +class="tocnumber">10.81</span> <span class="toctext">STREAM_INPUT_BODY</span></a></li> <li class="toclevel-2"><a href="#STREAM_OUTPUT_BODY"><span -class="tocnumber">8.81</span> <span class="toctext">STREAM_OUTPUT_BODY</span></a></li> -<li class="toclevel-2"><a href="#TIME"><span class="tocnumber">8.82</span> +class="tocnumber">10.82</span> <span class="toctext">STREAM_OUTPUT_BODY</span></a></li> +<li class="toclevel-2"><a href="#TIME"><span class="tocnumber">10.83</span> <span class="toctext">TIME</span></a></li> -<li class="toclevel-2"><a href="#TIME_DAY"><span class="tocnumber">8.83</span> +<li class="toclevel-2"><a href="#TIME_DAY"><span class="tocnumber">10.84</span> <span class="toctext">TIME_DAY</span></a></li> -<li class="toclevel-2"><a href="#TIME_EPOCH"><span class="tocnumber">8.84</span> +<li class="toclevel-2"><a href="#TIME_EPOCH"><span class="tocnumber">10.85</span> <span class="toctext">TIME_EPOCH</span></a></li> -<li class="toclevel-2"><a href="#TIME_HOUR"><span class="tocnumber">8.85</span> +<li class="toclevel-2"><a href="#TIME_HOUR"><span class="tocnumber">10.86</span> <span class="toctext">TIME_HOUR</span></a></li> -<li class="toclevel-2"><a href="#TIME_MIN"><span class="tocnumber">8.86</span> +<li class="toclevel-2"><a href="#TIME_MIN"><span class="tocnumber">10.87</span> <span class="toctext">TIME_MIN</span></a></li> -<li class="toclevel-2"><a href="#TIME_MON"><span class="tocnumber">8.87</span> +<li class="toclevel-2"><a href="#TIME_MON"><span class="tocnumber">10.88</span> <span class="toctext">TIME_MON</span></a></li> -<li class="toclevel-2"><a href="#TIME_SEC"><span class="tocnumber">8.88</span> +<li class="toclevel-2"><a href="#TIME_SEC"><span class="tocnumber">10.89</span> <span class="toctext">TIME_SEC</span></a></li> -<li class="toclevel-2"><a href="#TIME_WDAY"><span class="tocnumber">8.89</span> +<li class="toclevel-2"><a href="#TIME_WDAY"><span class="tocnumber">10.90</span> <span class="toctext">TIME_WDAY</span></a></li> -<li class="toclevel-2"><a href="#TIME_YEAR"><span class="tocnumber">8.90</span> +<li class="toclevel-2"><a href="#TIME_YEAR"><span class="tocnumber">10.91</span> <span class="toctext">TIME_YEAR</span></a></li> -<li class="toclevel-2"><a href="#TX"><span class="tocnumber">8.91</span> +<li class="toclevel-2"><a href="#TX"><span class="tocnumber">10.92</span> <span class="toctext">TX</span></a></li> -<li class="toclevel-2"><a href="#UNIQUE_ID"><span class="tocnumber">8.92</span> +<li class="toclevel-2"><a href="#UNIQUE_ID"><span class="tocnumber">10.93</span> <span class="toctext">UNIQUE_ID</span></a></li> <li class="toclevel-2"><a href="#URLENCODED_ERROR"><span -class="tocnumber">8.93</span> <span class="toctext">URLENCODED_ERROR</span></a></li> -<li class="toclevel-2"><a href="#USERID"><span class="tocnumber">8.94</span> +class="tocnumber">10.94</span> <span class="toctext">URLENCODED_ERROR</span></a></li> +<li class="toclevel-2"><a href="#USERID"><span class="tocnumber">10.95</span> <span class="toctext">USERID</span></a></li> -<li class="toclevel-2"><a href="#USERAGENT_IP"><span class="tocnumber">8.95</span> +<li class="toclevel-2"><a href="#USERAGENT_IP"><span class="tocnumber">10.96</span> <span class="toctext">USERAGENT_IP</span></a></li> -<li class="toclevel-2"><a href="#WEBAPPID"><span class="tocnumber">8.96</span> +<li class="toclevel-2"><a href="#WEBAPPID"><span class="tocnumber">10.97</span> <span class="toctext">WEBAPPID</span></a></li> <li class="toclevel-2"><a href="#WEBSERVER_ERROR_LOG"><span -class="tocnumber">8.97</span> <span class="toctext">WEBSERVER_ERROR_LOG</span></a></li> -<li class="toclevel-2"><a href="#XML"><span class="tocnumber">8.98</span> +class="tocnumber">10.98</span> <span class="toctext">WEBSERVER_ERROR_LOG</span></a></li> +<li class="toclevel-2"><a href="#XML"><span class="tocnumber">10.99</span> <span class="toctext">XML</span></a></li> </ul> </li> <li class="toclevel-1"><a href="#Transformation_functions"><span -class="tocnumber">9</span> <span class="toctext">Transformation +class="tocnumber">11</span> <span class="toctext">Transformation functions</span></a> <ul> -<li class="toclevel-2"><a href="#base64Decode"><span class="tocnumber">9.1</span> +<li class="toclevel-2"><a href="#base64Decode"><span class="tocnumber">11.1</span> <span class="toctext">base64Decode</span></a></li> -<li class="toclevel-2"><a href="#sqlHexDecode"><span class="tocnumber">9.2</span> +<li class="toclevel-2"><a href="#sqlHexDecode"><span class="tocnumber">11.2</span> <span class="toctext">sqlHexDecode</span></a></li> <li class="toclevel-2"><a href="#base64DecodeExt"><span -class="tocnumber">9.3</span> <span class="toctext">base64DecodeExt</span></a></li> -<li class="toclevel-2"><a href="#base64Encode"><span class="tocnumber">9.4</span> +class="tocnumber">11.3</span> <span class="toctext">base64DecodeExt</span></a></li> +<li class="toclevel-2"><a href="#base64Encode"><span class="tocnumber">11.4</span> <span class="toctext">base64Encode</span></a></li> -<li class="toclevel-2"><a href="#cmdLine"><span class="tocnumber">9.5</span> +<li class="toclevel-2"><a href="#cmdLine"><span class="tocnumber">11.5</span> <span class="toctext">cmdLine</span></a></li> <li class="toclevel-2"><a href="#compressWhitespace"><span -class="tocnumber">9.6</span> <span class="toctext">compressWhitespace</span></a></li> -<li class="toclevel-2"><a href="#cssDecode"><span class="tocnumber">9.7</span> +class="tocnumber">11.6</span> <span class="toctext">compressWhitespace</span></a></li> +<li class="toclevel-2"><a href="#cssDecode"><span class="tocnumber">11.7</span> <span class="toctext">cssDecode</span></a></li> <li class="toclevel-2"><a href="#escapeSeqDecode"><span -class="tocnumber">9.8</span> <span class="toctext">escapeSeqDecode</span></a></li> -<li class="toclevel-2"><a href="#hexDecode"><span class="tocnumber">9.9</span> +class="tocnumber">11.8</span> <span class="toctext">escapeSeqDecode</span></a></li> +<li class="toclevel-2"><a href="#hexDecode"><span class="tocnumber">11.9</span> <span class="toctext">hexDecode</span></a></li> -<li class="toclevel-2"><a href="#hexEncode"><span class="tocnumber">9.10</span> +<li class="toclevel-2"><a href="#hexEncode"><span class="tocnumber">11.10</span> <span class="toctext">hexEncode</span></a></li> <li class="toclevel-2"><a href="#htmlEntityDecode"><span -class="tocnumber">9.11</span> <span class="toctext">htmlEntityDecode</span></a></li> -<li class="toclevel-2"><a href="#jsDecode"><span class="tocnumber">9.12</span> +class="tocnumber">11.11</span> <span class="toctext">htmlEntityDecode</span></a></li> +<li class="toclevel-2"><a href="#jsDecode"><span class="tocnumber">11.12</span> <span class="toctext">jsDecode</span></a></li> -<li class="toclevel-2"><a href="#length"><span class="tocnumber">9.13</span> +<li class="toclevel-2"><a href="#length"><span class="tocnumber">11.13</span> <span class="toctext">length</span></a></li> -<li class="toclevel-2"><a href="#lowercase"><span class="tocnumber">9.14</span> +<li class="toclevel-2"><a href="#lowercase"><span class="tocnumber">11.14</span> <span class="toctext">lowercase</span></a></li> -<li class="toclevel-2"><a href="#md5"><span class="tocnumber">9.15</span> +<li class="toclevel-2"><a href="#md5"><span class="tocnumber">11.15</span> <span class="toctext">md5</span></a></li> -<li class="toclevel-2"><a href="#none"><span class="tocnumber">9.16</span> +<li class="toclevel-2"><a href="#none"><span class="tocnumber">11.16</span> <span class="toctext">none</span></a></li> -<li class="toclevel-2"><a href="#normalisePath"><span class="tocnumber">9.17</span> +<li class="toclevel-2"><a href="#normalisePath"><span class="tocnumber">11.17</span> <span class="toctext">normalisePath</span></a></li> <li class="toclevel-2"><a href="#normalisePathWin"><span -class="tocnumber">9.18</span> <span class="toctext">normalisePathWin</span></a></li> -<li class="toclevel-2"><a href="#parityEven7bit"><span class="tocnumber">9.19</span> +class="tocnumber">11.18</span> <span class="toctext">normalisePathWin</span></a></li> +<li class="toclevel-2"><a href="#parityEven7bit"><span class="tocnumber">11.19</span> <span class="toctext">parityEven7bit</span></a></li> -<li class="toclevel-2"><a href="#parityOdd7bit"><span class="tocnumber">9.20</span> +<li class="toclevel-2"><a href="#parityOdd7bit"><span class="tocnumber">11.20</span> <span class="toctext">parityOdd7bit</span></a></li> -<li class="toclevel-2"><a href="#parityZero7bit"><span class="tocnumber">9.21</span> +<li class="toclevel-2"><a href="#parityZero7bit"><span class="tocnumber">11.21</span> <span class="toctext">parityZero7bit</span></a></li> -<li class="toclevel-2"><a href="#removeNulls"><span class="tocnumber">9.22</span> +<li class="toclevel-2"><a href="#removeNulls"><span class="tocnumber">11.22</span> <span class="toctext">removeNulls</span></a></li> <li class="toclevel-2"><a href="#removeWhitespace"><span -class="tocnumber">9.23</span> <span class="toctext">removeWhitespace</span></a></li> +class="tocnumber">11.23</span> <span class="toctext">removeWhitespace</span></a></li> <li class="toclevel-2"><a href="#replaceComments"><span -class="tocnumber">9.24</span> <span class="toctext">replaceComments</span></a></li> +class="tocnumber">11.24</span> <span class="toctext">replaceComments</span></a></li> <li class="toclevel-2"><a href="#removeCommentsChar"><span -class="tocnumber">9.25</span> <span class="toctext">removeCommentsChar</span></a></li> -<li class="toclevel-2"><a href="#removeComments"><span class="tocnumber">9.26</span> +class="tocnumber">11.25</span> <span class="toctext">removeCommentsChar</span></a></li> +<li class="toclevel-2"><a href="#removeComments"><span class="tocnumber">11.26</span> <span class="toctext">removeComments</span></a></li> -<li class="toclevel-2"><a href="#replaceNulls"><span class="tocnumber">9.27</span> +<li class="toclevel-2"><a href="#replaceNulls"><span class="tocnumber">11.27</span> <span class="toctext">replaceNulls</span></a></li> -<li class="toclevel-2"><a href="#urlDecode"><span class="tocnumber">9.28</span> +<li class="toclevel-2"><a href="#urlDecode"><span class="tocnumber">11.28</span> <span class="toctext">urlDecode</span></a></li> -<li class="toclevel-2"><a href="#urlDecodeUni"><span class="tocnumber">9.29</span> +<li class="toclevel-2"><a href="#urlDecodeUni"><span class="tocnumber">11.29</span> <span class="toctext">urlDecodeUni</span></a></li> -<li class="toclevel-2"><a href="#urlEncode"><span class="tocnumber">9.30</span> +<li class="toclevel-2"><a href="#urlEncode"><span class="tocnumber">11.30</span> <span class="toctext">urlEncode</span></a></li> -<li class="toclevel-2"><a href="#sha1"><span class="tocnumber">9.31</span> +<li class="toclevel-2"><a href="#utf8toUnicode"><span class="tocnumber">11.31</span> + <span class="toctext">utf8toUnicode</span></a></li> +<li class="toclevel-2"><a href="#sha1"><span class="tocnumber">11.32</span> <span class="toctext">sha1</span></a></li> -<li class="toclevel-2"><a href="#trimLeft"><span class="tocnumber">9.32</span> +<li class="toclevel-2"><a href="#trimLeft"><span class="tocnumber">11.33</span> <span class="toctext">trimLeft</span></a></li> -<li class="toclevel-2"><a href="#trimRight"><span class="tocnumber">9.33</span> +<li class="toclevel-2"><a href="#trimRight"><span class="tocnumber">11.34</span> <span class="toctext">trimRight</span></a></li> -<li class="toclevel-2"><a href="#trim"><span class="tocnumber">9.34</span> +<li class="toclevel-2"><a href="#trim"><span class="tocnumber">11.35</span> <span class="toctext">trim</span></a></li> </ul> </li> -<li class="toclevel-1"><a href="#Actions"><span class="tocnumber">10</span> +<li class="toclevel-1"><a href="#Actions"><span class="tocnumber">12</span> <span class="toctext">Actions</span></a> <ul> -<li class="toclevel-2"><a href="#accuracy"><span class="tocnumber">10.1</span> +<li class="toclevel-2"><a href="#accuracy"><span class="tocnumber">12.1</span> <span class="toctext">accuracy</span></a></li> -<li class="toclevel-2"><a href="#allow"><span class="tocnumber">10.2</span> +<li class="toclevel-2"><a href="#allow"><span class="tocnumber">12.2</span> <span class="toctext">allow</span></a></li> -<li class="toclevel-2"><a href="#append"><span class="tocnumber">10.3</span> +<li class="toclevel-2"><a href="#append"><span class="tocnumber">12.3</span> <span class="toctext">append</span></a></li> -<li class="toclevel-2"><a href="#auditlog"><span class="tocnumber">10.4</span> +<li class="toclevel-2"><a href="#auditlog"><span class="tocnumber">12.4</span> <span class="toctext">auditlog</span></a></li> -<li class="toclevel-2"><a href="#block"><span class="tocnumber">10.5</span> +<li class="toclevel-2"><a href="#block"><span class="tocnumber">12.5</span> <span class="toctext">block</span></a></li> -<li class="toclevel-2"><a href="#capture"><span class="tocnumber">10.6</span> +<li class="toclevel-2"><a href="#capture"><span class="tocnumber">12.6</span> <span class="toctext">capture</span></a></li> -<li class="toclevel-2"><a href="#chain"><span class="tocnumber">10.7</span> +<li class="toclevel-2"><a href="#chain"><span class="tocnumber">12.7</span> <span class="toctext">chain</span></a></li> -<li class="toclevel-2"><a href="#ctl"><span class="tocnumber">10.8</span> +<li class="toclevel-2"><a href="#ctl"><span class="tocnumber">12.8</span> <span class="toctext">ctl</span></a></li> -<li class="toclevel-2"><a href="#deny"><span class="tocnumber">10.9</span> +<li class="toclevel-2"><a href="#deny"><span class="tocnumber">12.9</span> <span class="toctext">deny</span></a></li> -<li class="toclevel-2"><a href="#deprecatevar"><span class="tocnumber">10.10</span> +<li class="toclevel-2"><a href="#deprecatevar"><span class="tocnumber">12.10</span> <span class="toctext">deprecatevar</span></a></li> -<li class="toclevel-2"><a href="#drop"><span class="tocnumber">10.11</span> +<li class="toclevel-2"><a href="#drop"><span class="tocnumber">12.11</span> <span class="toctext">drop</span></a></li> -<li class="toclevel-2"><a href="#exec"><span class="tocnumber">10.12</span> +<li class="toclevel-2"><a href="#exec"><span class="tocnumber">12.12</span> <span class="toctext">exec</span></a></li> -<li class="toclevel-2"><a href="#expirevar"><span class="tocnumber">10.13</span> +<li class="toclevel-2"><a href="#expirevar"><span class="tocnumber">12.13</span> <span class="toctext">expirevar</span></a></li> -<li class="toclevel-2"><a href="#id"><span class="tocnumber">10.14</span> +<li class="toclevel-2"><a href="#id"><span class="tocnumber">12.14</span> <span class="toctext">id</span></a></li> -<li class="toclevel-2"><a href="#initcol"><span class="tocnumber">10.15</span> +<li class="toclevel-2"><a href="#initcol"><span class="tocnumber">12.15</span> <span class="toctext">initcol</span></a></li> -<li class="toclevel-2"><a href="#log"><span class="tocnumber">10.16</span> +<li class="toclevel-2"><a href="#log"><span class="tocnumber">12.16</span> <span class="toctext">log</span></a></li> -<li class="toclevel-2"><a href="#logdata"><span class="tocnumber">10.17</span> +<li class="toclevel-2"><a href="#logdata"><span class="tocnumber">12.17</span> <span class="toctext">logdata</span></a></li> -<li class="toclevel-2"><a href="#maturity"><span class="tocnumber">10.18</span> +<li class="toclevel-2"><a href="#maturity"><span class="tocnumber">12.18</span> <span class="toctext">maturity</span></a></li> -<li class="toclevel-2"><a href="#msg"><span class="tocnumber">10.19</span> +<li class="toclevel-2"><a href="#msg"><span class="tocnumber">12.19</span> <span class="toctext">msg</span></a></li> -<li class="toclevel-2"><a href="#multiMatch"><span class="tocnumber">10.20</span> +<li class="toclevel-2"><a href="#multiMatch"><span class="tocnumber">12.20</span> <span class="toctext">multiMatch</span></a></li> -<li class="toclevel-2"><a href="#noauditlog"><span class="tocnumber">10.21</span> +<li class="toclevel-2"><a href="#noauditlog"><span class="tocnumber">12.21</span> <span class="toctext">noauditlog</span></a></li> -<li class="toclevel-2"><a href="#nolog"><span class="tocnumber">10.22</span> +<li class="toclevel-2"><a href="#nolog"><span class="tocnumber">12.22</span> <span class="toctext">nolog</span></a></li> -<li class="toclevel-2"><a href="#pass"><span class="tocnumber">10.23</span> +<li class="toclevel-2"><a href="#pass"><span class="tocnumber">12.23</span> <span class="toctext">pass</span></a></li> -<li class="toclevel-2"><a href="#pause"><span class="tocnumber">10.24</span> +<li class="toclevel-2"><a href="#pause"><span class="tocnumber">12.24</span> <span class="toctext">pause</span></a></li> -<li class="toclevel-2"><a href="#phase"><span class="tocnumber">10.25</span> +<li class="toclevel-2"><a href="#phase"><span class="tocnumber">12.25</span> <span class="toctext">phase</span></a></li> -<li class="toclevel-2"><a href="#prepend"><span class="tocnumber">10.26</span> +<li class="toclevel-2"><a href="#prepend"><span class="tocnumber">12.26</span> <span class="toctext">prepend</span></a></li> -<li class="toclevel-2"><a href="#proxy"><span class="tocnumber">10.27</span> +<li class="toclevel-2"><a href="#proxy"><span class="tocnumber">12.27</span> <span class="toctext">proxy</span></a></li> -<li class="toclevel-2"><a href="#redirect"><span class="tocnumber">10.28</span> +<li class="toclevel-2"><a href="#redirect"><span class="tocnumber">12.28</span> <span class="toctext">redirect</span></a></li> -<li class="toclevel-2"><a href="#rev"><span class="tocnumber">10.29</span> +<li class="toclevel-2"><a href="#rev"><span class="tocnumber">12.29</span> <span class="toctext">rev</span></a></li> -<li class="toclevel-2"><a href="#sanitiseArg"><span class="tocnumber">10.30</span> +<li class="toclevel-2"><a href="#sanitiseArg"><span class="tocnumber">12.30</span> <span class="toctext">sanitiseArg</span></a></li> <li class="toclevel-2"><a href="#sanitiseMatched"><span -class="tocnumber">10.31</span> <span class="toctext">sanitiseMatched</span></a></li> +class="tocnumber">12.31</span> <span class="toctext">sanitiseMatched</span></a></li> <li class="toclevel-2"><a href="#sanitiseMatchedBytes"><span -class="tocnumber">10.32</span> <span class="toctext">sanitiseMatchedBytes</span></a></li> +class="tocnumber">12.32</span> <span class="toctext">sanitiseMatchedBytes</span></a></li> <li class="toclevel-2"><a href="#sanitiseRequestHeader"><span -class="tocnumber">10.33</span> <span class="toctext">sanitiseRequestHeader</span></a></li> +class="tocnumber">12.33</span> <span class="toctext">sanitiseRequestHeader</span></a></li> <li class="toclevel-2"><a href="#sanitiseResponseHeader"><span -class="tocnumber">10.34</span> <span class="toctext">sanitiseResponseHeader</span></a></li> -<li class="toclevel-2"><a href="#severity"><span class="tocnumber">10.35</span> +class="tocnumber">12.34</span> <span class="toctext">sanitiseResponseHeader</span></a></li> +<li class="toclevel-2"><a href="#severity"><span class="tocnumber">12.35</span> <span class="toctext">severity</span></a></li> -<li class="toclevel-2"><a href="#setuid"><span class="tocnumber">10.36</span> +<li class="toclevel-2"><a href="#setuid"><span class="tocnumber">12.36</span> <span class="toctext">setuid</span></a></li> -<li class="toclevel-2"><a href="#setrsc"><span class="tocnumber">10.37</span> +<li class="toclevel-2"><a href="#setrsc"><span class="tocnumber">12.37</span> <span class="toctext">setrsc</span></a></li> -<li class="toclevel-2"><a href="#setsid"><span class="tocnumber">10.38</span> +<li class="toclevel-2"><a href="#setsid"><span class="tocnumber">12.38</span> <span class="toctext">setsid</span></a></li> -<li class="toclevel-2"><a href="#setenv"><span class="tocnumber">10.39</span> +<li class="toclevel-2"><a href="#setenv"><span class="tocnumber">12.39</span> <span class="toctext">setenv</span></a></li> -<li class="toclevel-2"><a href="#setvar"><span class="tocnumber">10.40</span> +<li class="toclevel-2"><a href="#setvar"><span class="tocnumber">12.40</span> <span class="toctext">setvar</span></a></li> -<li class="toclevel-2"><a href="#skip"><span class="tocnumber">10.41</span> +<li class="toclevel-2"><a href="#skip"><span class="tocnumber">12.41</span> <span class="toctext">skip</span></a></li> -<li class="toclevel-2"><a href="#skipAfter"><span class="tocnumber">10.42</span> +<li class="toclevel-2"><a href="#skipAfter"><span class="tocnumber">12.42</span> <span class="toctext">skipAfter</span></a></li> -<li class="toclevel-2"><a href="#status"><span class="tocnumber">10.43</span> +<li class="toclevel-2"><a href="#status"><span class="tocnumber">12.43</span> <span class="toctext">status</span></a></li> -<li class="toclevel-2"><a href="#t"><span class="tocnumber">10.44</span> +<li class="toclevel-2"><a href="#t"><span class="tocnumber">12.44</span> <span class="toctext">t</span></a></li> -<li class="toclevel-2"><a href="#tag"><span class="tocnumber">10.45</span> +<li class="toclevel-2"><a href="#tag"><span class="tocnumber">12.45</span> <span class="toctext">tag</span></a></li> -<li class="toclevel-2"><a href="#ver"><span class="tocnumber">10.46</span> +<li class="toclevel-2"><a href="#ver"><span class="tocnumber">12.46</span> <span class="toctext">ver</span></a></li> -<li class="toclevel-2"><a href="#xmlns"><span class="tocnumber">10.47</span> +<li class="toclevel-2"><a href="#xmlns"><span class="tocnumber">12.47</span> <span class="toctext">xmlns</span></a></li> </ul> </li> -<li class="toclevel-1"><a href="#Operators"><span class="tocnumber">11</span> +<li class="toclevel-1"><a href="#Operators"><span class="tocnumber">13</span> <span class="toctext">Operators</span></a> <ul> -<li class="toclevel-2"><a href="#beginsWith"><span class="tocnumber">11.1</span> +<li class="toclevel-2"><a href="#beginsWith"><span class="tocnumber">13.1</span> <span class="toctext">beginsWith</span></a></li> -<li class="toclevel-2"><a href="#contains"><span class="tocnumber">11.2</span> +<li class="toclevel-2"><a href="#contains"><span class="tocnumber">13.2</span> <span class="toctext">contains</span></a></li> -<li class="toclevel-2"><a href="#containsWord"><span class="tocnumber">11.3</span> +<li class="toclevel-2"><a href="#containsWord"><span class="tocnumber">13.3</span> <span class="toctext">containsWord</span></a></li> -<li class="toclevel-2"><a href="#endsWith"><span class="tocnumber">11.4</span> +<li class="toclevel-2"><a href="#endsWith"><span class="tocnumber">13.4</span> <span class="toctext">endsWith</span></a></li> -<li class="toclevel-2"><a href="#eq"><span class="tocnumber">11.5</span> +<li class="toclevel-2"><a href="#eq"><span class="tocnumber">13.5</span> <span class="toctext">eq</span></a></li> -<li class="toclevel-2"><a href="#ge"><span class="tocnumber">11.6</span> +<li class="toclevel-2"><a href="#ge"><span class="tocnumber">13.6</span> <span class="toctext">ge</span></a></li> -<li class="toclevel-2"><a href="#geoLookup"><span class="tocnumber">11.7</span> +<li class="toclevel-2"><a href="#geoLookup"><span class="tocnumber">13.7</span> <span class="toctext">geoLookup</span></a></li> -<li class="toclevel-2"><a href="#gsbLookup"><span class="tocnumber">11.8</span> +<li class="toclevel-2"><a href="#gsbLookup"><span class="tocnumber">13.8</span> <span class="toctext">gsbLookup</span></a></li> -<li class="toclevel-2"><a href="#gt"><span class="tocnumber">11.9</span> +<li class="toclevel-2"><a href="#gt"><span class="tocnumber">13.9</span> <span class="toctext">gt</span></a></li> -<li class="toclevel-2"><a href="#inspectFile"><span class="tocnumber">11.10</span> +<li class="toclevel-2"><a href="#inspectFile"><span class="tocnumber">13.10</span> <span class="toctext">inspectFile</span></a></li> -<li class="toclevel-2"><a href="#ipMatch"><span class="tocnumber">11.11</span> +<li class="toclevel-2"><a href="#ipMatch"><span class="tocnumber">13.11</span> <span class="toctext">ipMatch</span></a></li> -<li class="toclevel-2"><a href="#ipMatchF"><span class="tocnumber">11.12</span> +<li class="toclevel-2"><a href="#ipMatchF"><span class="tocnumber">13.12</span> <span class="toctext">ipMatchF</span></a></li> <li class="toclevel-2"><a href="#ipMatchFromFile"><span -class="tocnumber">11.13</span> <span class="toctext">ipMatchFromFile</span></a></li> -<li class="toclevel-2"><a href="#le"><span class="tocnumber">11.14</span> +class="tocnumber">13.13</span> <span class="toctext">ipMatchFromFile</span></a></li> +<li class="toclevel-2"><a href="#le"><span class="tocnumber">13.14</span> <span class="toctext">le</span></a></li> -<li class="toclevel-2"><a href="#lt"><span class="tocnumber">11.15</span> +<li class="toclevel-2"><a href="#lt"><span class="tocnumber">13.15</span> <span class="toctext">lt</span></a></li> -<li class="toclevel-2"><a href="#pm"><span class="tocnumber">11.16</span> +<li class="toclevel-2"><a href="#pm"><span class="tocnumber">13.16</span> <span class="toctext">pm</span></a></li> -<li class="toclevel-2"><a href="#pmf"><span class="tocnumber">11.17</span> +<li class="toclevel-2"><a href="#pmf"><span class="tocnumber">13.17</span> <span class="toctext">pmf</span></a></li> -<li class="toclevel-2"><a href="#pmFromFile"><span class="tocnumber">11.18</span> +<li class="toclevel-2"><a href="#pmFromFile"><span class="tocnumber">13.18</span> <span class="toctext">pmFromFile</span></a></li> -<li class="toclevel-2"><a href="#rbl"><span class="tocnumber">11.19</span> +<li class="toclevel-2"><a href="#rbl"><span class="tocnumber">13.19</span> <span class="toctext">rbl</span></a></li> -<li class="toclevel-2"><a href="#rsub"><span class="tocnumber">11.20</span> +<li class="toclevel-2"><a href="#rsub"><span class="tocnumber">13.20</span> <span class="toctext">rsub</span></a></li> -<li class="toclevel-2"><a href="#rx"><span class="tocnumber">11.21</span> +<li class="toclevel-2"><a href="#rx"><span class="tocnumber">13.21</span> <span class="toctext">rx</span></a></li> -<li class="toclevel-2"><a href="#streq"><span class="tocnumber">11.22</span> +<li class="toclevel-2"><a href="#streq"><span class="tocnumber">13.22</span> <span class="toctext">streq</span></a></li> -<li class="toclevel-2"><a href="#strmatch"><span class="tocnumber">11.23</span> +<li class="toclevel-2"><a href="#strmatch"><span class="tocnumber">13.23</span> <span class="toctext">strmatch</span></a></li> <li class="toclevel-2"><a href="#validateByteRange"><span -class="tocnumber">11.24</span> <span class="toctext">validateByteRange</span></a></li> -<li class="toclevel-2"><a href="#validateDTD"><span class="tocnumber">11.25</span> +class="tocnumber">13.24</span> <span class="toctext">validateByteRange</span></a></li> +<li class="toclevel-2"><a href="#validateDTD"><span class="tocnumber">13.25</span> <span class="toctext">validateDTD</span></a></li> <li class="toclevel-2"><a href="#validateEncryption"><span -class="tocnumber">11.26</span> <span class="toctext">validateEncryption</span></a></li> -<li class="toclevel-2"><a href="#validateSchema"><span class="tocnumber">11.27</span> +class="tocnumber">13.26</span> <span class="toctext">validateEncryption</span></a></li> +<li class="toclevel-2"><a href="#validateSchema"><span class="tocnumber">13.27</span> <span class="toctext">validateSchema</span></a></li> <li class="toclevel-2"><a href="#validateUrlEncoding"><span -class="tocnumber">11.28</span> <span class="toctext">validateUrlEncoding</span></a></li> +class="tocnumber">13.28</span> <span class="toctext">validateUrlEncoding</span></a></li> <li class="toclevel-2"><a href="#validateUtf8Encoding"><span -class="tocnumber">11.29</span> <span class="toctext">validateUtf8Encoding</span></a></li> -<li class="toclevel-2"><a href="#verifyCC"><span class="tocnumber">11.30</span> +class="tocnumber">13.29</span> <span class="toctext">validateUtf8Encoding</span></a></li> +<li class="toclevel-2"><a href="#verifyCC"><span class="tocnumber">13.30</span> <span class="toctext">verifyCC</span></a></li> -<li class="toclevel-2"><a href="#verifyCPF"><span class="tocnumber">11.31</span> +<li class="toclevel-2"><a href="#verifyCPF"><span class="tocnumber">13.31</span> <span class="toctext">verifyCPF</span></a></li> -<li class="toclevel-2"><a href="#verifySSN"><span class="tocnumber">11.32</span> +<li class="toclevel-2"><a href="#verifySSN"><span class="tocnumber">13.32</span> <span class="toctext">verifySSN</span></a></li> -<li class="toclevel-2"><a href="#within"><span class="tocnumber">11.33</span> +<li class="toclevel-2"><a href="#within"><span class="tocnumber">13.33</span> <span class="toctext">within</span></a></li> </ul> </li> <li class="toclevel-1"><a href="#Macro_Expansion"><span -class="tocnumber">12</span> <span class="toctext">Macro Expansion</span></a></li> +class="tocnumber">14</span> <span class="toctext">Macro Expansion</span></a></li> <li class="toclevel-1"><a href="#Persistant_Storage"><span -class="tocnumber">13</span> <span class="toctext">Persistant Storage</span></a></li> +class="tocnumber">15</span> <span class="toctext">Persistant Storage</span></a></li> <li class="toclevel-1"><a href="#Miscellaneous_Topics"><span -class="tocnumber">14</span> <span class="toctext">Miscellaneous Topics</span></a> +class="tocnumber">16</span> <span class="toctext">Miscellaneous Topics</span></a> <ul> <li class="toclevel-2"><a href="#Impedance_Mismatch"><span -class="tocnumber">14.1</span> <span class="toctext">Impedance Mismatch</span></a> +class="tocnumber">16.1</span> <span class="toctext">Impedance Mismatch</span></a> <ul> <li class="toclevel-3"><a href="#Impedance_Mismatch_with_PHP_Apps"><span - class="tocnumber">14.1.1</span> <span class="toctext">Impedance + class="tocnumber">16.1.1</span> <span class="toctext">Impedance Mismatch with PHP Apps</span></a></li> </ul> </li> </ul> </li> <li class="toclevel-1"><a href="#A_Recommended_Base_Configuration"><span - class="tocnumber">15</span> <span class="toctext">A Recommended Base + class="tocnumber">17</span> <span class="toctext">A Recommended Base Configuration</span></a></li> </ul> </td></tr></tbody></table><script type="text/javascript"> if (window.showTocToggle) { var tocShowText = "show"; var tocHideText = "hide"; showTocToggle(); } </script> @@ -1018,8 +1051,8 @@ </li><li>Trojan Protection - Detecting access to Trojans horses. </li><li>Error Hiding - Disguising error messages sent by the server. </li></ul> -<a name="Installation" id="Installation"></a><h1> <span -class="mw-headline"> Installation </span></h1> +<a name="Installation_for_Apache" id="Installation_for_Apache"></a><h1> <span + class="mw-headline"> Installation for Apache </span></h1> <a name="Prerequisites" id="Prerequisites"></a><h2> <span class="mw-headline"> Prerequisites </span></h2> <a name="ModSecurity_2.x_works_only_with_Apache_2.0.x_or_higher" @@ -1248,13 +1281,207 @@ </dd></dl> <ol><li><b>--enable-pcre-jit</b> - Enables JIT support from pcre >= 8.20 that can improve regex performance. -</li><li><b>--enable-cache-lua</b> - Enables lua vm caching that can +</li><li><b>--enable-lua-cache</b> - Enables lua vm caching that can improve lua script performance. Difference just appears if ModSecurity must run more than one script per transaction. </li><li><b>--enable-request-early</b> - On ModSecuricy 2.6 phase one has been moved to phase 2 hook, if you want to play around it use this option. </li></ol> +<a name="Installation_for_NGINX" id="Installation_for_NGINX"></a><h1> <span + class="mw-headline"> Installation for NGINX </span></h1> +<p>The extensibility model of the nginx server does not include +dynamically loaded modules, thus ModSecurity must be compiled with the +source code of the main server. Since nginx is available on multiple +Unix-based platforms (and also on Windows), for now the recommended way +of obtaining ModSecurity for nginx is compilation in the designated +environment. +</p> +<a name="Manually_Installing_ModSecurity_Module_on_NGINX" +id="Manually_Installing_ModSecurity_Module_on_NGINX"></a><h2> <span +class="mw-headline"> Manually Installing ModSecurity Module on NGINX </span></h2> +<p>The first step in obtaining nginx server with built-in ModSecurity +module is building of standalone library containing full ModSecurity +with a set of intermediate API (this layer is a common base for IIS +version, nginx version, and server-less command line version of +ModSecurity). It is recommended to follow the general steps of preparing + build environment for ModSecurity and then follow with two simple +commands +</p> +<a name="Installation_Steps_2" id="Installation_Steps_2"></a><h3> <span +class="mw-headline"> Installation Steps </span></h3> +<p>1 - Compile standalone module: +</p> +<pre>~/mod_security$ ./configure --enable-standalone-module +~/mod_security$ make +</pre> +<p>2 - Once the standalone library is built successfully, one can follow + with building the nginx server, following the steps from the nginx +build tutorial: +</p> +<pre>~/nginx-1.2.0$ ./configure --add-module=../mod_security/nginx/modsecurity +~/nginx-1.2.0$ make +~/nginx-1.2.0$ sudo make install +</pre> +<p>The last command performs server installation on the local machine, +which can be either customized or omitted with built binaries packaged +or moved to alternative server. +</p> +<a name="Installation_for_Microsoft_IIS" +id="Installation_for_Microsoft_IIS"></a><h1> <span class="mw-headline"> +Installation for Microsoft IIS </span></h1> +<p>The source code of ModSecurity’s IIS components is fully published +and the binary building process is described (see +mod_security/iis/winbuild/howto.txt). For quick installation it is +highly recommended to use standard MSI installer available from +SourceForge files repository of ModSecurity project or use binary +package and follow the manual installation steps. +</p> +<a +name="Manually_Installing_and_Troubleshooting_Setup_of_ModSecurity_Module_on_IIS" + +id="Manually_Installing_and_Troubleshooting_Setup_of_ModSecurity_Module_on_IIS"></a><h2> + <span class="mw-headline"> Manually Installing and Troubleshooting +Setup of ModSecurity Module on IIS </span></h2> +<a name="Prerequisites_2" id="Prerequisites_2"></a><h3> <span +class="mw-headline"> Prerequisites </span></h3> +<p>Before installing ModSecurity one has to install Visual Studio 2010 +Runtime: +</p> +<ul><li>32-bit OS: <a +href="http://www.microsoft.com/en-us/download/details.aspx?id=5555" +class="external free" +title="http://www.microsoft.com/en-us/download/details.aspx?id=5555" +rel="nofollow">http://www.microsoft.com/en-us/download/details.aspx?id=5555</a> +</li><li>64-bit OS: <a +href="http://www.microsoft.com/en-us/download/details.aspx?id=14632" +class="external free" +title="http://www.microsoft.com/en-us/download/details.aspx?id=14632" +rel="nofollow">http://www.microsoft.com/en-us/download/details.aspx?id=14632</a> +</li></ul> +<a name="Installation_Steps_3" id="Installation_Steps_3"></a><h3> <span +class="mw-headline"> Installation Steps </span></h3> +<p>Download binary package and unzip the content to a separate folder: +</p> +<ul><li><a +href="http://sourceforge.net/projects/mod-security/files/modsecurity-iis/2.7.0-rc2/ModSecurityIIS_2.7.0-rc2_debug.zip/download" + class="external free" +title="http://sourceforge.net/projects/mod-security/files/modsecurity-iis/2.7.0-rc2/ModSecurityIIS_2.7.0-rc2_debug.zip/download" + rel="nofollow">http://sourceforge.net/projects/mod-security/files/modsecurity-iis/2.7.0-rc2/ModSecurityIIS_2.7.0-rc2_debug.zip/download</a> +</li></ul> +<dl><dd> The installation process of ModSecurity module on IIS consists +of three parts: +</dd></dl> +<p><br> +</p> +<dl><dd><b>1. Copying of binaries: copyfiles.bat</b> +</dd><dd> The following binary files are required by ModSecurity module +and by default should be copied to %windir%\system32\ (32-bit +binaries) and/or %windir%\SysWOW64\ (64-bit binaries): +</dd></dl> +<ul><li>libapr-1.dll +</li><li>libapriconv-1.dll +</li><li>libaprutil-1.dll +</li><li>libxml2.dll +</li><li>lua5.1.dll +</li><li>ModSecurityIIS.dll +</li><li>pcre.dll +</li><li>zlib1.dll +</li></ul> +<dl><dd> The mlogc tool can be copied to any place, together with +libcurl.dll: +</dd></dl> +<ul><li>libcurl.dll +</li><li>mlogc.exe +</li></ul> +<p><br> +</p> +<dl><dd><b>2. Registering of the module: register.bat</b> +</dd><dd> An IIS module must be properly registered before it can be +used by web applications. The following command, executed +in %windir%\system32\inetsrv, performs the registration: +</dd></dl> +<pre>appcmd.exe install module /name:ModSecurityIIS /image:%windir%\system32\inetsrv\modsecurityiis.dll</pre> +<dl><dd> The registration process itself is described with details in +the following articles: +</dd></dl> +<ul><li><a +href="http://technet.microsoft.com/en-us/library/cc771133%28v=ws.10%29" +class="external free" +title="http://technet.microsoft.com/en-us/library/cc771133(v=ws.10)" +rel="nofollow">http://technet.microsoft.com/en-us/library/cc771133(v=ws.10)</a> +</li><li><a +href="http://learn.iis.net/page.aspx/121/iis-modules-overview/" +class="external free" +title="http://learn.iis.net/page.aspx/121/iis-modules-overview/" +rel="nofollow">http://learn.iis.net/page.aspx/121/iis-modules-overview/</a> +</li></ul> +<p><br> +</p> +<dl><dd><b>3. Extending of the configuration schema.</b> +</dd><dd> The last step extends IIS configuration schema with +ModSecurity entities, using ModSecurity.xml file provided in the binary: +</dd></dl> +<pre>iisschema.exe /install ModSecurity.xml</pre> +<dl><dd> and iisschema.exe tool. More information about the tool and +this step is available here: +</dd></dl> +<ul><li><a +href="http://mvolo.com/iisschemaexe-a-tool-to-register-iis7-configuration-sections" + class="external free" +title="http://mvolo.com/iisschemaexe-a-tool-to-register-iis7-configuration-sections" + rel="nofollow">http://mvolo.com/iisschemaexe-a-tool-to-register-iis7-configuration-sections</a> +</li></ul> +<a name="Configuration" id="Configuration"></a><h3> <span +class="mw-headline"> Configuration </span></h3> +<dl><dd> After the installation the module will be running in all +websites by default. To remove it from a website add to web.config: +</dd></dl> +<pre><modules> + <remove name="ModSecurityIIS" /> +</modules></pre> +<dl><dd> To configure module in a website add to web.config: +</dd></dl> +<pre><?xml version="1.0" encoding="UTF-8"?> +<configuration> + <system.webServer> + <ModSecurity enabled="true" configFile="c:\inetpub\wwwroot\xss.conf" /> + </system.webServer> +</configuration></pre> +<dl><dd> where configFile is standard ModSecurity config file. +</dd></dl> +<p><br> +</p> +<dl><dd> Events from the module will show up in "Application" Windows +log. +</dd></dl> +<a name="Common_Problems" id="Common_Problems"></a><h2> <span +class="mw-headline"> Common Problems </span></h2> +<dl><dd> If after installation protected website responds with HTTP 503 +error and event ID 2280 keeps getting logged in the application event +log: +</dd></dl> +<pre>Log Name: Application +Source: Microsoft-Windows-IIS-W3SVC-WP +Event ID: 2280 +Task Category: None +Level: Error +Keywords: Classic +User: N/A +Description: +The Module DLL C:\Windows\system32\inetsrv\modsecurityiis.dll failed to load. The data is the error. +</pre> +<p>most likely it means that the installation process has failed and the + ModSecurityIIS.dll module is missing one or more libraries that it +depends on. Repeating installation of the prerequisites and the module +files should fix the problem. The dependency walker tool: +</p> +<ul><li> <a href="http://www.dependencywalker.com/" class="external +free" title="http://www.dependencywalker.com/" rel="nofollow">http://www.dependencywalker.com/</a> +</li></ul> +<p>can be used to figure out which library is missing or cannot be +loaded. +</p> <a name="Configuration_Directives" id="Configuration_Directives"></a><h1> <span class="mw-headline"> Configuration Directives </span></h1> <p>The following section outlines all of the ModSecurity directives. @@ -2917,7 +3144,7 @@ <p>Below is a diagram of the standard Apache Request Cycle. In the diagram, the 5 ModSecurity processing phases are shown. </p><p><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=File:Apache_request_cycle-modsecurity.jpg" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=File:Apache_request_cycle-modsecurity.jpg" class="image" title="Apache request cycle-modsecurity.jpg"><img alt="" src="Reference_Manual_files/600px-Apache_request_cycle-modsecurity.jpg" height="459" width="600" border="0"></a> @@ -3203,15 +3430,15 @@ <dl><dt> Note </dt><dd> Higher severities have a lower numeric value. </dd></dl> -<a name="INBOUND_ERROR_DATA" id="INBOUND_ERROR_DATA"></a><h2> <span -class="mw-headline"> INBOUND_ERROR_DATA </span></h2> +<a name="INBOUND_DATA_ERROR" id="INBOUND_DATA_ERROR"></a><h2> <span +class="mw-headline"> INBOUND_DATA_ERROR </span></h2> <p>This variable will be set to 1 when the request body size is above the setting configured by SecRequestBodyLimit directive. Your policies should always contain a rule to check this variable. Depending on the rate of false positives and your default policy you should decide whether to block or just warn when the rule is triggered. </p><p>The best way to use this variable is as in the example below: -</p><p><code>SecRule INBOUND_ERROR_DATA "@eq 1" +</p><p><code>SecRule INBOUND_DATA_ERROR "@eq 1" "phase:1,t:none,log,pass,msg:'Request Body Larger than SecRequestBodyLimit Setting'"</code> </p> @@ -3286,7 +3513,7 @@ variables is also set to 1: REQBODY_PROCESSOR_ERROR, MULTIPART_BOUNDARY_QUOTED, MULTIPART_BOUNDARY_WHITESPACE, MULTIPART_DATA_BEFORE, MULTIPART_DATA_AFTER, MULTIPART_HEADER_FOLDING, -MULTIPART_LF_LINE, MULTIPART_SEMICOLON_MISSING MULTIPART_INVALID_QUOTING +MULTIPART_LF_LINE, MULTIPART_MISSING_SEMICOLON MULTIPART_INVALID_QUOTING MULTIPART_INVALID_HEADER_FOLDING MULTIPART_FILE_LIMIT_EXCEEDED. Each of these variables covers one unusual (although sometimes legal) aspect of the request body in multipart/form-data format. Your policies should @@ -3307,7 +3534,7 @@ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ -SM %{MULTIPART_SEMICOLON_MISSING}, \ +SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IQ %{MULTIPART_INVALID_HEADER_FOLDING}, \ FE %{MULTIPART_FILE_LIMIT_EXCEEDED}'" @@ -3333,6 +3560,18 @@ <p>Change the rule from blocking to logging-only if many false positives are encountered. </p> +<a name="OUTBOUND_DATA_ERROR" id="OUTBOUND_DATA_ERROR"></a><h2> <span +class="mw-headline"> OUTBOUND_DATA_ERROR </span></h2> +<p>This variable will be set to 1 when the response body size is above +the setting configured by SecResponseBodyLimit directive. Your policies + should always contain a rule to check this variable. Depending on the +rate of false positives and your default policy you should decide +whether to block or just warn when the rule is triggered. +</p><p>The best way to use this variable is as in the example below: +</p><p><code>SecRule OUTBOUND_DATA_ERROR "@eq 1" +"phase:1,t:none,log,pass,msg:'Response Body Larger than +SecResponseBodyLimit Setting'"</code> +</p> <a name="PATH_INFO" id="PATH_INFO"></a><h2> <span class="mw-headline"> PATH_INFO </span></h2> <p>Contains the extra request URI information, also known as path info. @@ -4237,6 +4476,12 @@ urlEncode </span></h2> <p>Encodes input string using URL encoding. </p> +<a name="utf8toUnicode" id="utf8toUnicode"></a><h2> <span +class="mw-headline"> utf8toUnicode </span></h2> +<p>Converts all UTF-8 characters sequences to Unicode. This help input +normalization specially for non-english languages minimizing +false-positives and false-negatives. (available with 2.7.0) +</p> <a name="sha1" id="sha1"></a><h2> <span class="mw-headline"> sha1 </span></h2> <p>Calculates a SHA1 hash from the input string. The computed hash is in a raw binary form and may need encoded into text to be printed (or @@ -4448,9 +4693,9 @@ chained rule will be triggered only if all of the variable checks return positive hits. If any one aspect of a chained rule comes back negative, then the entire rule chain will fail to match. Also note that -disruptive actions, execution phases, metadata actions (id, rev, msg), -skip, and skipAfter actions can be specified only by the chain starter -rule. +disruptive actions, execution phases, metadata actions (id, rev, msg, +tag, severity, logdata), skip, and skipAfter actions can be specified +only by the chain starter rule. </dd></dl> <p>The following directives can be used in rule chains: </p> @@ -4499,7 +4744,9 @@ </li><li><b>ruleUpdateTargetById</b> - This is deprecated and will be removed from the code. Use ruleRemoveTargetById for per-request exceptions. -</li><li><b>ruleRemoveTargetById</b> +</li><li><b>ruleRemoveTargetById</b> - since this action is used to just + remove targets, users don't need to use the char ! before the +target list. </li><li><b>ruleRemoveByMsg</b> </li><li><b>encryptionEngine</b> </li><li><b>encryptionEnforcement</b> @@ -4788,10 +5035,10 @@ <p><b>Description:</b> Pauses transaction processing for the specified number of milliseconds. Starting with ModSecurity 2.7 this feature also supports macro expansion. -</p><p><b>Action Group:</b> Non-disruptive +</p><p><b>Action Group:</b> Disruptive </p><p><b>Example:</b> </p> -<pre>SecRule REQUEST_HEADERS:User-Agent "Test" "log,deny,status:403,pause:5000" +<pre>SecRule REQUEST_HEADERS:User-Agent "Test" "log,pause:5000" </pre> <dl><dt> Warning </dt><dd> This feature can be of limited benefit for slowing down brute force authentication attacks, but use with care. @@ -5064,6 +5311,9 @@ Header set Set-Cookie "%{httponly_cookie}e; HTTPOnly" env=httponly_cookie </pre> +<dl><dt> Note </dt><dd> When used in a chain this action will be +execute when an individual rule matches and not the entire chain. +</dd></dl> <a name="setvar" id="setvar"></a><h2> <span class="mw-headline"> setvar </span></h2> <p><b>Description:</b> Creates, removes, or updates a variable. Variable names are case-insensitive. @@ -5083,6 +5333,9 @@ tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score}, \ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}" </pre> +<dl><dt> Note </dt><dd> When used in a chain this action will be +execute when an individual rule matches and not the entire chain. +</dd></dl> <a name="skip" id="skip"></a><h2> <span class="mw-headline"> skip </span></h2> <p><b>Description:</b> Skips one or more rules (or chains) on successful match. @@ -6095,7 +6348,7 @@ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ -SM %{MULTIPART_SEMICOLON_MISSING}, \ +SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'" @@ -6233,16 +6486,16 @@ <!-- NewPP limit report -Preprocessor node count: 793/1000000 +Preprocessor node count: 825/1000000 Post-expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Expensive parser function count: 0/100 --> -<!-- Saved in parser cache with key p_mod-security_mediawiki:pcache:idhash:12-0!1!0!!en!2!printable=1 and timestamp 20120723175510 --> +<!-- Saved in parser cache with key p_mod-security_mediawiki:pcache:idhash:12-0!1!0!!en!2!edit=0!printable=1 and timestamp 20121015135549 --> <div class="printfooter"> Retrieved from "<a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual">https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual</a>"</div> +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual">http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual</a>"</div> <!-- end content --> <div class="visualClear"></div> </div> @@ -6255,30 +6508,18 @@ <ul> <li id="ca-nstab-main" class="selected"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual" title="View the content page [alt-shift-c]" accesskey="c">Page</a></li> <li id="ca-talk" class="new"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Talk:Reference_Manual&action=edit&redlink=1" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Talk:Reference_Manual&action=edit&redlink=1" title="Discussion about the content page [alt-shift-t]" accesskey="t">Discussion</a></li> - <li id="ca-edit"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit" - title="You can edit this page. -Please use the preview button before saving [alt-shift-e]" accesskey="e">Edit</a></li> + <li id="ca-viewsource"><a +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit" + title="This page is protected. +You can view its source [alt-shift-e]" accesskey="e">View source</a></li> <li id="ca-history"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=history" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=history" title="Past revisions of this page [alt-shift-h]" accesskey="h">History</a></li> - <li id="ca-delete"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=delete" - title="Delete this page [alt-shift-d]" accesskey="d">Delete</a></li> - <li id="ca-move"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:MovePage/Reference_Manual" - title="Move this page [alt-shift-m]" accesskey="m">Move</a></li> - <li id="ca-protect"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=protect" - title="Protect this page [alt-shift-=]" accesskey="=">Protect</a></li> - <li id="ca-watch"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=watch" - title="Add this page to your watchlist [alt-shift-w]" accesskey="w">Watch</a></li> </ul> </div> </div> @@ -6288,24 +6529,6 @@ <table style="height: 4px;" rules="none" border="0" cellpadding="0" cellspacing="0"></table> <ul> - <li id="pt-userpage"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=User:Brenosilva" - title="Your user page [alt-shift-.]" accesskey="." class="new">Brenosilva</a></li> - <li id="pt-mytalk"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=User_talk:Brenosilva" - title="Your talk page [alt-shift-n]" accesskey="n" class="new">My talk</a></li> - <li id="pt-preferences"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Preferences" - title="Your preferences">My preferences</a></li> - <li id="pt-watchlist"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Watchlist" - title="The list of pages you are monitoring for changes [alt-shift-l]" -accesskey="l">My watchlist</a></li> - <li id="pt-mycontris"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Contributions/Brenosilva" - title="List of your contributions [alt-shift-y]" accesskey="y">My -contributions</a></li> - <li id="pt-logout"></li> </ul> </div> </div> @@ -6313,7 +6536,7 @@ <a style="background-image: url("/apps/mediawiki/mod-security/nfs/project/m/mo/mod-security/7/70/MediaWikiSidebarLogo.png");" -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page" title="Visit the main page [alt-shift-z]" accesskey="z"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> @@ -6322,24 +6545,24 @@ <div class="pBody"> <ul> <li id="n-mainpage-description"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page">Main +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page">Main Page</a></li> <li id="n-portal"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Community_Portal" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Community_Portal" title="About the project, what you can do, where to find things">Community portal</a></li> <li id="n-currentevents"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Current_events" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Current_events" title="Find background information on current events">Current events</a></li> <li id="n-recentchanges"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges" title="The list of recent changes in the wiki [alt-shift-r]" accesskey="r">Recent changes</a></li> <li id="n-randompage"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Random" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Random" title="Load a random page [alt-shift-x]" accesskey="x">Random page</a></li> <li id="n-help"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Help:Contents" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Help:Contents" title="The place to find out">Help</a></li> </ul> </div> @@ -6364,25 +6587,22 @@ <div class="pBody"> <ul> <li id="t-whatlinkshere"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:WhatLinksHere/Reference_Manual" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:WhatLinksHere/Reference_Manual" title="List of all wiki pages that link here [alt-shift-j]" accesskey="j">What links here</a></li> <li id="t-recentchangeslinked"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChangesLinked/Reference_Manual" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChangesLinked/Reference_Manual" title="Recent changes in pages linked from this page [alt-shift-k]" accesskey="k">Related changes</a></li> -<li id="t-upload"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Upload" - title="Upload files [alt-shift-u]" accesskey="u">Upload file</a></li> <li id="t-specialpages"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:SpecialPages" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:SpecialPages" title="List of all special pages [alt-shift-q]" accesskey="q">Special pages</a></li> <li id="t-print"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&printable=yes&printable=yes" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&printable=yes&printable=yes" rel="alternate" title="Printable version of this page [alt-shift-p]" accesskey="p">Printable version</a></li> <li id="t-permalink"><a -href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&oldid=507" +href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&oldid=522" title="Permanent link to this revision of the page">Permanent link</a></li> </ul> </div> @@ -6394,15 +6614,15 @@ src="Reference_Manual_files/poweredby_mediawiki_88x31.png" alt="Powered by MediaWiki"></a></div> <ul id="f-list"> - <li id="lastmod"> This page was last modified on 23 July 2012, at -17:54.</li> - <li id="viewcount">This page has been accessed 142,275 times.</li> + <li id="lastmod"> This page was last modified on 15 October 2012, +at 13:50.</li> + <li id="viewcount">This page has been accessed 165,682 times.</li> </ul> </div> </div> <script type="text/javascript">if (window.runOnloadHook) runOnloadHook();</script> -<!-- Served in 1.261 secs. --> +<!-- Served in 1.311 secs. --> <script type="text/javascript">
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/iis/ModSecurityIIS/ModSecurityIIS/ModSecurityIIS.vdproj ^
@@ -45,6 +45,12 @@ } "Entry" { + "MsmKey" = "8:_3CE93C3FC5AC3E954253889334FBCDA8" + "OwnerKey" = "8:_CB8446F7ADCD4E3DA3F2C6246FA844A0" + "MsmSig" = "8:_UNDEFINED" + } + "Entry" + { "MsmKey" = "8:_51AF671FCA3544DEA3E5756B5D450275" "OwnerKey" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED" @@ -141,6 +147,12 @@ } "Entry" { + "MsmKey" = "8:_CB8446F7ADCD4E3DA3F2C6246FA844A0" + "OwnerKey" = "8:_UNDEFINED" + "MsmSig" = "8:_UNDEFINED" + } + "Entry" + { "MsmKey" = "8:_CEB23D021A2E4EEF9245EEDC143AFBA8" "OwnerKey" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED" @@ -187,6 +199,12 @@ "OwnerKey" = "8:_764D5BE911464BEFBCC3BC3B25068987" "MsmSig" = "8:_UNDEFINED" } + "Entry" + { + "MsmKey" = "8:_UNDEFINED" + "OwnerKey" = "8:_CB8446F7ADCD4E3DA3F2C6246FA844A0" + "MsmSig" = "8:_UNDEFINED" + } } "Configurations" { @@ -468,6 +486,26 @@ "IsDependency" = "11:FALSE" "IsolateTo" = "8:" } + "{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_3CE93C3FC5AC3E954253889334FBCDA8" + { + "SourcePath" = "8:nativerd.dll" + "TargetName" = "8:nativerd.dll" + "Tag" = "8:" + "Folder" = "8:_565C3432A64049EAA7CA6E8C007B2188" + "Condition" = "8:" + "Transitive" = "11:FALSE" + "Vital" = "11:TRUE" + "ReadOnly" = "11:FALSE" + "Hidden" = "11:FALSE" + "System" = "11:FALSE" + "Permanent" = "11:FALSE" + "SharedLegacy" = "11:FALSE" + "PackageAs" = "3:1" + "Register" = "3:1" + "Exclude" = "11:FALSE" + "IsDependency" = "11:TRUE" + "IsolateTo" = "8:" + } "{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_51AF671FCA3544DEA3E5756B5D450275" { "SourcePath" = "8:x86\\ModSecurityIIS.dll" @@ -768,6 +806,37 @@ "IsDependency" = "11:FALSE" "IsolateTo" = "8:" } + "{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_CB8446F7ADCD4E3DA3F2C6246FA844A0" + { + "AssemblyRegister" = "3:1" + "AssemblyIsInGAC" = "11:FALSE" + "AssemblyAsmDisplayName" = "8:Interop.AppHostAdminLibrary, Version=1.0.0.0, Culture=neutral, processorArchitecture=x86" + "ScatterAssemblies" + { + "_CB8446F7ADCD4E3DA3F2C6246FA844A0" + { + "Name" = "8:Interop.AppHostAdminLibrary.dll" + "Attributes" = "3:512" + } + } + "SourcePath" = "8:installer project\\bin\\Release\\Interop.AppHostAdminLibrary.dll" + "TargetName" = "8:" + "Tag" = "8:" + "Folder" = "8:_565C3432A64049EAA7CA6E8C007B2188" + "Condition" = "8:" + "Transitive" = "11:FALSE" + "Vital" = "11:TRUE" + "ReadOnly" = "11:FALSE" + "Hidden" = "11:FALSE" + "System" = "11:FALSE" + "Permanent" = "11:FALSE" + "SharedLegacy" = "11:FALSE" + "PackageAs" = "3:1" + "Register" = "3:1" + "Exclude" = "11:FALSE" + "IsDependency" = "11:FALSE" + "IsolateTo" = "8:" + } "{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_CEB23D021A2E4EEF9245EEDC143AFBA8" { "SourcePath" = "8:amd64\\ModSecurityIIS.dll" @@ -987,7 +1056,7 @@ "Name" = "8:Microsoft Visual Studio" "ProductName" = "8:ModSecurity IIS" "ProductCode" = "8:{81EE8A4A-5128-4CDB-97B2-06B147E8B4B8}" - "PackageCode" = "8:{0E266CA7-97F3-4DCE-AC7B-5ECCAE18A108}" + "PackageCode" = "8:{B5E59B35-BF44-4075-B9F5-C251002DF58E}" "UpgradeCode" = "8:{7B32CF94-443C-47BB-91C3-0E9D3D12DF8B}" "AspNetVersion" = "8:4.0.30319.0" "RestartWWWService" = "11:FALSE"
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/iis/ModSecurityIIS/ModSecurityIIS/installer project/ModSecurityConfigurator.cs ^
@@ -16,6 +16,10 @@ { installDir = installDir.Substring(0, installDir.Length - 1); } + if (installDir.StartsWith("\"")) + { + installDir = installDir.Substring(1); + } Console.WriteLine("Copying 32-bit binaries..."); string dstpath = Environment.ExpandEnvironmentVariables("%windir%\\SysWow64");
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/iis/mymodule.cpp ^
@@ -76,8 +76,8 @@ IHttpContext m_pHttpContext; IHttpEventProvider m_pProvider; char m_pResponseBuffer; - unsigned int m_pResponseLength; - unsigned int m_pResponsePosition; + ULONGLONG m_pResponseLength; + ULONGLONG m_pResponsePosition; }; //---------------------------------------------------------------------------- @@ -94,39 +94,39 @@ apr_sockaddr_t CopySockAddr(apr_pool_t pool, PSOCKADDR pAddr) { - apr_sockaddr_t addr = (apr_sockaddr_t )apr_palloc(pool, sizeof(apr_sockaddr_t)); - int adrlen = 16, iplen = 4; - - if(pAddr->sa_family == AF_INET6) - { - adrlen = 46; - iplen = 16; - } - - addr->addr_str_len = adrlen; - addr->family = pAddr->sa_family; - - addr->hostname = "unknown"; -#ifdef WIN32 - addr->ipaddr_len = sizeof(IN_ADDR); -#else - addr->ipaddr_len = sizeof(struct in_addr); -#endif - addr->ipaddr_ptr = &addr->sa.sin.sin_addr; - addr->pool = pool; - addr->port = 80; -#ifdef WIN32 - memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); -#else - memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); -#endif - addr->sa.sin.sin_family = pAddr->sa_family; - addr->sa.sin.sin_port = 80; - addr->salen = sizeof(addr->sa); - addr->servname = addr->hostname; - - return addr; -} + apr_sockaddr_t addr = (apr_sockaddr_t )apr_palloc(pool, sizeof(apr_sockaddr_t)); + int adrlen = 16, iplen = 4; + + if(pAddr->sa_family == AF_INET6) + { + adrlen = 46; + iplen = 16; + } + + addr->addr_str_len = adrlen; + addr->family = pAddr->sa_family; + + addr->hostname = "unknown"; +#ifdef WIN32 + addr->ipaddr_len = sizeof(IN_ADDR); +#else + addr->ipaddr_len = sizeof(struct in_addr); +#endif + addr->ipaddr_ptr = &addr->sa.sin.sin_addr; + addr->pool = pool; + addr->port = 80; +#ifdef WIN32 + memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); +#else + memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); +#endif + addr->sa.sin.sin_family = pAddr->sa_family; + addr->sa.sin.sin_port = 80; + addr->salen = sizeof(addr->sa); + addr->servname = addr->hostname; + + return addr; +} //---------------------------------------------------------------------------- @@ -269,7 +269,7 @@ { OVERLAPPED ovl; DWORD dwDataStartOffset; - DWORD bytesTotal = 0; + ULONGLONG bytesTotal = 0; BYTE pIoBuffer = NULL; HANDLE hIoEvent = INVALID_HANDLE_VALUE; HRESULT hr = S_OK; @@ -332,6 +332,7 @@ TRUE)) { dwErr = GetLastError(); + switch(dwErr) { case ERROR_HANDLE_EOF: @@ -343,7 +344,6 @@ goto Done; } } - break; case ERROR_HANDLE_EOF: @@ -396,7 +396,9 @@ rsc = (REQUEST_STORED_CONTEXT )pHttpContext->GetModuleContextContainer()->GetModuleContext(g_pModuleContext); - if(rsc == NULL \|\| rsc->m_pRequestRec == NULL \|\| rsc->m_pResponseBuffer != NULL) + EnterCriticalSection(&m_csLock); + + if(rsc == NULL \|\| rsc->m_pRequestRec == NULL \|\| rsc->m_pResponseBuffer != NULL \|\| !modsecIsResponseBodyAccessEnabled(rsc->m_pRequestRec)) { goto Exit; } @@ -408,8 +410,8 @@ HTTP_DATA_CHUNK pSourceDataChunk = NULL; LARGE_INTEGER lFileSize; REQUEST_NOTIFICATION_STATUS ret = RQ_NOTIFICATION_CONTINUE; - ULONG ulTotalLength = 0; - DWORD c, bytesRead; + ULONGLONG ulTotalLength = 0; + DWORD c; request_rec r = rsc->m_pRequestRec; pHttpResponse = pHttpContext->GetResponse(); @@ -430,7 +432,6 @@ // assume HTML if content type not set // without this output filter would not buffer response and processing would hang - // this needs further investigation (it did not repro on debug build) // if(ctz[0] == 0) ctz = "text/html"; @@ -495,6 +496,9 @@ (const char **)apr_array_push(r->content_languages) = lng; } + // here we must check if response body processing is enabled + // + // Disable kernel caching for this response // Probably we don't have to do it for ModSecurity @@ -575,6 +579,7 @@ DWORD dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); + goto Finished; } ulTotalLength += pFileByteRange->Length.QuadPart; @@ -639,6 +644,8 @@ pHttpContext->SetRequestHandled(); rsc->FinishRequest(); + + LeaveCriticalSection(&m_csLock); return RQ_NOTIFICATION_FINISH_REQUEST; } @@ -648,6 +655,8 @@ if(rsc != NULL) rsc->FinishRequest(); + LeaveCriticalSection(&m_csLock); + return RQ_NOTIFICATION_CONTINUE; } @@ -665,7 +674,11 @@ // if(rsc != NULL && rsc->m_pResponseBuffer != NULL) { + EnterCriticalSection(&m_csLock); + rsc->FinishRequest(); + + LeaveCriticalSection(&m_csLock); } return RQ_NOTIFICATION_CONTINUE; @@ -683,6 +696,8 @@ UNREFERENCED_PARAMETER ( pProvider ); + EnterCriticalSection(&m_csLock); + if ( pHttpContext == NULL ) { hr = E_UNEXPECTED; @@ -996,14 +1011,14 @@ PSOCKADDR pAddr = pRequest->GetRemoteAddress(); -#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 - c->remote_addr = CopySockAddr(r->pool, pAddr); - c->remote_ip = GetIpAddr(r->pool, pAddr); -#else - c->client_addr = CopySockAddr(r->pool, pAddr); - c->client_ip = GetIpAddr(r->pool, pAddr); -#endif - c->remote_host = NULL; +#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 + c->remote_addr = CopySockAddr(r->pool, pAddr); + c->remote_ip = GetIpAddr(r->pool, pAddr); +#else + c->client_addr = CopySockAddr(r->pool, pAddr); + c->client_ip = GetIpAddr(r->pool, pAddr); +#endif + c->remote_host = NULL; int status = modsecProcessRequest(r); @@ -1012,10 +1027,12 @@ pHttpContext->GetResponse()->SetStatus(status, "ModSecurity Action"); pHttpContext->SetRequestHandled(); - return RQ_NOTIFICATION_FINISH_REQUEST; + hr = E_FAIL; + goto Finished; } Finished: + LeaveCriticalSection(&m_csLock); if ( FAILED( hr ) ) { @@ -1201,6 +1218,8 @@ GetSystemInfo(&sysInfo); m_dwPageSize = sysInfo.dwPageSize; + InitializeCriticalSection(&m_csLock); + modsecSetLogHook(this, Log); modsecSetReadBody(ReadBodyCallback); @@ -1238,6 +1257,8 @@ // Close the handle to the Event Viewer. DeregisterEventSource( m_hEventLog ); m_hEventLog = NULL; + + DeleteCriticalSection(&m_csLock); } }
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/iis/mymodule.h ^
@@ -22,8 +22,9 @@ class CMyHttpModule : public CHttpModule { public: - HANDLE m_hEventLog; - DWORD m_dwPageSize; + HANDLE m_hEventLog; + DWORD m_dwPageSize; + CRITICAL_SECTION m_csLock; REQUEST_NOTIFICATION_STATUS OnBeginRequest(
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/modsecurity.conf-recommended ^
@@ -70,8 +70,9 @@ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ +IP %{MULTIPART_INVALID_PART}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ -IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'" +FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" # Did we see anything that might be a boundary? # @@ -202,3 +203,11 @@ # evasion attacks (against the rules that examine named cookies). # SecCookieFormat 0 + +# Specify your Unicode Code Point. +# This mapping is used by the t:urlDecodeUni transformation function +# to properly map encoded data to your language. Properly setting +# these directives helps to reduce false positives and negatives. +# +#SecUnicodeCodePage 20127 +#SecUnicodeMapFile unicode.mapping
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/nginx/modsecurity/config ^
@@ -1,6 +1,6 @@ -ngx_addon_name=ngx_http_modsecurity_module -HTTP_MODULES="$HTTP_MODULES ngx_http_modsecurity_module" -NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity_module.c" +ngx_addon_name=ngx_http_modsecurity +HTTP_MODULES="$HTTP_MODULES ngx_http_modsecurity" +NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c" NGX_ADDON_DEPS="$NGX_ADDON_DEPS" CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm" CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2"
[-] [+]	Added	modsecurity-apache_2.7.0.tar.bz2/nginx/modsecurity/ngx_http_modsecurity.c ^
@@ -0,0 +1,1090 @@ +/* +* ModSecurity for Apache 2.x, http://www.modsecurity.org/ +* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* +* You may not use this file except in compliance with +* the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* If any of the files related to licensing are missing or if you have any +* other questions related to licensing please contact Trustwave Holdings, Inc. +* directly using the email address security@modsecurity.org. +/ + +#include <nginx.h> +#include <ngx_config.h> +#include <ngx_core.h> +#include <ngx_http.h> +#include <ngx_event.h> +#include <ngx_http_core_module.h> +#include <ctype.h> +#include <sys/times.h> + +#undef CR +#undef LF +#undef CRLF + +#include "api.h" + +#define NOTE_NGINX_REQUEST_CTX "nginx-ctx" + +extern ngx_module_t ngx_http_modsecurity; + +struct ngx_http_modsecurity_ctx_s; + +typedef ngx_int_t (ngx_http_request_body_data_handler_pt) + (struct ngx_http_modsecurity_ctx_s, u_char , u_char); + +typedef struct { + ngx_uint_t enable; + directory_config config; + ngx_str_t url; + ngx_http_complex_value_t url_cv; +} ngx_http_modsecurity_loc_conf_t; + +typedef struct ngx_http_modsecurity_ctx_s { + ngx_http_request_t r; + conn_rec connection; + request_rec req; + ngx_chain_t chain; + ngx_chain_t last; + /* used in modSecurity body handler / + ssize_t received; + ssize_t processed; + ngx_chain_t body_last; + u_char body_pos; + ngx_http_request_body_data_handler_pt data_handler; +} ngx_http_modsecurity_ctx_t; + + +/ +** Module's registred function/handlers. +/ +static ngx_int_t ngx_http_modsecurity_handler(ngx_http_request_t r); +//static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t cf); +static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t cycle); +static void ngx_http_modsecurity_exit_process(ngx_cycle_t cycle); +static void ngx_http_modsecurity_create_loc_conf(ngx_conf_t cf); +static char ngx_http_modsecurity_merge_loc_conf(ngx_conf_t cf, void parent, void child); +static char ngx_http_modsecurity_set_config(ngx_conf_t cf, ngx_command_t cmd, void conf); +apr_status_t modsecurity_read_body_cb(request_rec r, char buf, unsigned int length, + unsigned int readcnt, int is_eos); + +static ngx_int_t ngx_http_process_request_body(ngx_http_request_t r, ngx_chain_t body); +ngx_int_t ngx_http_read_upload_client_request_body(ngx_http_request_t r); +static void ngx_http_read_upload_client_request_body_handler(ngx_http_request_t r); +static ngx_int_t upload_process_buf(ngx_http_modsecurity_ctx_t ctx, u_char start, u_char end); +static ngx_int_t ngx_http_do_read_upload_client_request_body(ngx_http_request_t r); +static ngx_int_t ngx_http_upload_body_handler(ngx_http_request_t r); +static char ngx_http_modsecurity_add_handler(ngx_conf_t cf, ngx_command_t cmd, void conf); +static char ngx_http_modsecurity_pass(ngx_conf_t cf, ngx_command_t cmd, void conf); +static ngx_int_t ngx_http_modsecurity_pass_to_backend(ngx_http_request_t r); + +/ command handled by the module / +static ngx_command_t ngx_http_modsecurity_commands[] = { + { ngx_string("ModSecurityConfig"), + NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_HTTP_LOC_CONF\|NGX_CONF_TAKE1, + ngx_http_modsecurity_set_config, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + { ngx_string("ModSecurityEnabled"), + NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_HTTP_SIF_CONF + \|NGX_HTTP_LOC_CONF\|NGX_HTTP_LIF_CONF\|NGX_CONF_TAKE1, + ngx_http_modsecurity_add_handler, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + { ngx_string("ModSecurityPass"), + NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_HTTP_LOC_CONF\|NGX_CONF_TAKE1, + ngx_http_modsecurity_pass, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + ngx_null_command +}; + +/ +** handlers for configuration phases of the module +/ + +static ngx_http_module_t ngx_http_modsecurity_ctx = { + NULL, / preconfiguration / +// ngx_http_modsecurity_init, / postconfiguration / + NULL, + + NULL, / create main configuration / + NULL, / init main configuration / + + NULL, / create server configuration / + NULL, / merge server configuration / + + ngx_http_modsecurity_create_loc_conf, / create location configuration / + ngx_http_modsecurity_merge_loc_conf / merge location configuration / +}; + + +ngx_module_t ngx_http_modsecurity = { + NGX_MODULE_V1, + &ngx_http_modsecurity_ctx, / module context / + ngx_http_modsecurity_commands, / module directives / + NGX_HTTP_MODULE, / module type / + NULL, / init master / + NULL, / init module / + ngx_http_modsecurity_init_process, / init process / + NULL, / init thread / + NULL, / exit thread / + ngx_http_modsecurity_exit_process, / exit process / + NULL, / exit master / + NGX_MODULE_V1_PADDING +}; + +/ create loc conf struct / +static void +ngx_http_modsecurity_create_loc_conf(ngx_conf_t cf) +{ + ngx_http_modsecurity_loc_conf_t conf; + + conf = (ngx_http_modsecurity_loc_conf_t ) ngx_pcalloc(cf->pool, sizeof(ngx_http_modsecurity_loc_conf_t)); + if (conf == NULL) + return NULL; + + conf->enable = NGX_CONF_UNSET; + + return conf; +} + +/ merge loc conf / +static char +ngx_http_modsecurity_merge_loc_conf(ngx_conf_t cf, void parent, + void child) +{ + ngx_http_modsecurity_loc_conf_t prev = parent; + ngx_http_modsecurity_loc_conf_t conf = child; + + if (conf->config == NULL) { + conf->config = prev->config; + } + +/ + if (conf->config_path == NULL) { + conf->config_path = prev->config_path; + } +/ + if ((conf->url.len == 0) && (conf->url_cv == NULL)) { + conf->url = prev->url; + conf->url_cv = prev->url_cv; + } + + ngx_conf_merge_uint_value(conf->enable, prev->enable, 0); + + return NGX_CONF_OK; +} + +void +modsecLog(void obj, int level, char str) +{ + if (obj != NULL) + ngx_log_error(NGX_LOG_INFO, (ngx_log_t )obj, 0, "%s", str); +} + +#ifdef PROCESS_RESPONSE +/* + This function sets up handlers for CONTENT_PHASE, + XXX: not implemented yet +/ +static ngx_int_t +ngx_http_modsecurity_init(ngx_conf_t cf) +{ + ngx_http_handler_pt h; + ngx_http_core_main_conf_t cmcf; + + cmcf = (ngx_http_core_main_conf_t ) ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); + if (cmcf == NULL) { + return NGX_ERROR; + } + + / Register for CONTENT phase / + h = ngx_array_push(&cmcf->phases[NGX_HTTP_CONTENT_PHASE].handlers); + if (h == NULL) { + return NGX_ERROR; + } + h = ngx_http_modsecurity_content_handler; + + return NGX_OK; +} +#endif + +static ngx_int_t +ngx_http_modsecurity_init_process(ngx_cycle_t cycle) +{ + cycle->log->log_level = NGX_LOG_INFO; + + modsecSetLogHook(cycle->log, modsecLog); + + modsecInit(); + / config was already parsed in master process / +// modsecStartConfig(); +// modsecFinalizeConfig(); + modsecInitProcess(); + + return NGX_OK; +} + +static void +ngx_http_modsecurity_exit_process(ngx_cycle_t cycle) +{ + modsecTerminate(); +} + +/* + This is a temporary hack to make PCRE work with ModSecurity + nginx hijacks pcre_malloc and pcre_free, so we have to re-hijack them +/ +extern apr_pool_t pool; + +void * +modsec_pcre_malloc(size_t size) +{ + return apr_palloc(pool, size); +} + +void +modsec_pcre_free(void ptr) +{ +} + +char +ConvertNgxStringToUTF8(ngx_str_t str, apr_pool_t pool) +{ + char t = (char ) apr_palloc(pool, str.len + 1); + + ngx_memcpy(t, str.data, str.len); + t[str.len] = 0; + + return t; +} + +ngx_int_t +ngx_http_read_upload_client_request_body(ngx_http_request_t r) { + ssize_t size, preread; + ngx_buf_t b; + ngx_chain_t cl, *next; + ngx_http_request_body_t rb; + ngx_http_core_loc_conf_t clcf; + ngx_http_modsecurity_ctx_t ctx; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: ngx_http_read_upload_client_request_body"); + +#if defined nginx_version && nginx_version >= 8011 + r->main->count++; +#endif + + if (r->request_body \|\| r->discard_body) { + return NGX_OK; + } + + rb = ngx_pcalloc(r->pool, sizeof(ngx_http_request_body_t)); + if (rb == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + r->request_body = rb; + + if (r->headers_in.content_length_n <= 0) { + return NGX_HTTP_BAD_REQUEST; + } + + ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + /* + * set by ngx_pcalloc(): + * + * rb->bufs = NULL; + * rb->buf = NULL; + * rb->rest = 0; + / + + preread = r->header_in->last - r->header_in->pos; + + if (preread) { + + / there is the pre-read part of the request body / + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "modSecurity: http client request body preread %uz", preread); + + ctx->received = preread; + + b = ngx_calloc_buf(r->pool); + if (b == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + b->temporary = 1; + b->start = r->header_in->pos; + b->pos = r->header_in->pos; + b->last = r->header_in->last; + b->end = r->header_in->end; + + rb->bufs = ngx_alloc_chain_link(r->pool); + if (rb->bufs == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + rb->bufs->buf = b; + rb->bufs->next = NULL; + rb->buf = b; + + if (preread >= r->headers_in.content_length_n) { + + / the whole request body was pre-read / + + r->header_in->pos += r->headers_in.content_length_n; + r->request_length += r->headers_in.content_length_n; + + if (ngx_http_process_request_body(r, rb->bufs) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + return ngx_http_upload_body_handler(r); + } + + / + * to not consider the body as pipelined request in + * ngx_http_set_keepalive() + / + r->header_in->pos = r->header_in->last; + + r->request_length += preread; + + rb->rest = r->headers_in.content_length_n - preread; + + if (rb->rest <= (off_t) (b->end - b->last)) { + + / the whole request body may be placed in r->header_in / + + rb->to_write = rb->bufs; + + r->read_event_handler = ngx_http_read_upload_client_request_body_handler; + + return ngx_http_do_read_upload_client_request_body(r); + } + + next = &rb->bufs->next; + + } else { + b = NULL; + rb->rest = r->headers_in.content_length_n; + next = &rb->bufs; + } + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + size = clcf->client_body_buffer_size; + size += size >> 2; + + if (rb->rest < (ssize_t) size) { + size = rb->rest; + + if (r->request_body_in_single_buf) { + size += preread; + } + + } else { + size = clcf->client_body_buffer_size; + + / disable copying buffer for r->request_body_in_single_buf / + b = NULL; + } + + rb->buf = ngx_create_temp_buf(r->pool, size); + if (rb->buf == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + cl = ngx_alloc_chain_link(r->pool); + if (cl == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + cl->buf = rb->buf; + cl->next = NULL; + + if (b && r->request_body_in_single_buf) { + size = b->last - b->pos; + ngx_memcpy(rb->buf->pos, b->pos, size); + rb->buf->last += size; + + next = &rb->bufs; + } + + next = cl; + + rb->to_write = rb->bufs; + + r->read_event_handler = ngx_http_read_upload_client_request_body_handler; + + return ngx_http_do_read_upload_client_request_body(r); +} + +static void +ngx_http_read_upload_client_request_body_handler(ngx_http_request_t r) +{ + ngx_int_t rc; + ngx_event_t rev = r->connection->read; + ngx_http_core_loc_conf_t clcf; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: ngx_http_read_upload_client_request_body_handler"); + + if (rev->timedout) { + rev->timedout = 0; + rev->delayed = 0; + + if (!rev->ready) { + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + ngx_add_timer(rev, clcf->client_body_timeout); + + if (ngx_handle_read_event(rev, clcf->send_lowat) != NGX_OK) { + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + } + return; + } + } + + rc = ngx_http_do_read_upload_client_request_body(r); + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: ngx_http_read_upload_client_request_body_handler, finalizing"); + ngx_http_finalize_request(r, rc); + } +} + + +static ngx_int_t +ngx_http_do_read_upload_client_request_body(ngx_http_request_t r) +{ + ssize_t size, n; + ngx_connection_t c; + ngx_http_request_body_t rb; + ngx_int_t rc; + ngx_http_core_loc_conf_t clcf; + ngx_http_modsecurity_ctx_t ctx; + + c = r->connection; + rb = r->request_body; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, + "modSecurity: http read client request body"); + + ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + for ( ;; ) { + for ( ;; ) { + if (rb->buf->last == rb->buf->end) { + + rc = ngx_http_process_request_body(r, rb->to_write); + + rb->to_write = rb->bufs->next ? rb->bufs->next : rb->bufs; + rb->buf->last = rb->buf->start; + } + + size = rb->buf->end - rb->buf->last; + + if ((off_t)size > rb->rest) { + size = (size_t)rb->rest; + } + + n = c->recv(c, rb->buf->last, size); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, + "modSecurity: http client request body recv %z", n); + + if (n == NGX_AGAIN) { + break; + } + + if (n == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "modSecurity: client closed prematurely connection"); + } + + if (n == 0 \|\| n == NGX_ERROR) { + c->error = 1; + return NGX_HTTP_BAD_REQUEST; + } + + rb->buf->last += n; + rb->rest -= n; + r->request_length += n; + ctx->received += n; + + if (rb->rest == 0) { + break; + } + + if (rb->buf->last < rb->buf->end) { + break; + } + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, + "modSecurity: http client request body rest %uz", rb->rest); + + if (rb->rest == 0) { + break; + } + + if (!c->read->ready) { + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + ngx_add_timer(c->read, clcf->client_body_timeout); + + if (ngx_handle_read_event(c->read, 0) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + return NGX_AGAIN; + } + } + + if (c->read->timer_set) { + ngx_del_timer(c->read); + } + + ngx_http_process_request_body(r, rb->to_write); + + return ngx_http_upload_body_handler(r); +} + +static ngx_int_t +ngx_http_process_request_body(ngx_http_request_t r, ngx_chain_t body) +{ + ngx_int_t rc; + ngx_http_modsecurity_ctx_t ctx; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "modSecurity: ngx_http_process_request_body"); + + ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + / Feed all the buffers into data handler / + while (body) { + rc = ctx->data_handler(ctx, body->buf->pos, body->buf->last); + + if(rc != NGX_OK) + return rc; + + body = body->next; + } + + / Signal end of body / + if (r->request_body->rest == 0) { + rc = ctx->data_handler(ctx, NULL, NULL); + + if(rc != NGX_OK) + return rc; + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upload_body_handler(ngx_http_request_t r) +{ + ngx_int_t rc; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "modSecurity: ngx_http_upload_body_handler"); + + rc = ngx_http_modsecurity_pass_to_backend(r); + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + return rc; + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_modsecurity_pass_to_backend(ngx_http_request_t r) +{ + ngx_str_t uri; + ngx_str_t args; + ngx_uint_t flags; + ngx_http_modsecurity_ctx_t ctx; + ngx_http_modsecurity_loc_conf_t cf; + ngx_int_t rc; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "modSecurity: pass_to_backend"); + cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity); + if (!cf) { + return NGX_ERROR; + } + + ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + if (cf->enable) { + int status = modsecProcessRequest(ctx->req); + +// modsecFinishRequest(r); + + if (status != DECLINED) { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: status: %d, need action", status); + + ngx_http_clear_accept_ranges(r); + ngx_http_clear_last_modified(r); + ngx_http_clear_content_length(r); + + / XXX: return correct status / + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + } + + args = r->args; / forward the query args / + flags = 0; + + / XXX: this looks ugly, should we process PUT also? / + if (r->method == NGX_HTTP_POST && r->request_body) { + r->request_body->bufs = ctx->chain; + / do we really need it ? :) / + r->read_event_handler = ngx_http_request_empty_handler; +#if defined nginx_version && nginx_version >= 8011 + r->main->count--; +#endif + + } + + if (cf->url_cv) { + / complex value / + if (ngx_http_complex_value(r, cf->url_cv, &uri) != NGX_OK) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: uri parsing error #2"); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + if (uri.len == 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "empty \"upload_pass\" (was: \"%V\")", + &cf->url_cv->value); + + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + } else { + / simple value / + uri = cf->url; + } + + if (ngx_http_parse_unsafe_uri(r, &uri, &args, &flags) != NGX_OK) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: uri parsing error"); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + + if (uri.len != 0 && uri.data[0] == '/') { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: using internal redirect"); + rc = ngx_http_internal_redirect(r, &uri, &args); + } else { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: using named location"); + rc = ngx_http_named_location(r, &uri); + } + return rc; +} + + +static ngx_int_t +upload_process_buf(ngx_http_modsecurity_ctx_t ctx, u_char start, u_char end) +{ + ngx_http_request_t r = ctx->r; + ngx_buf_t b; + ngx_chain_t cl; + + / No more data? / + if (start == end) { + return NGX_OK; / confirm end of stream / + } + + b = ngx_create_temp_buf(r->pool, (size_t)(end - start)); + if (b == NULL) { + return NGX_ERROR; + } + + cl = ngx_alloc_chain_link(r->pool); + if (cl == NULL) { + return NGX_ERROR; + } + + b->last_in_chain = 0; + + cl->buf = b; + cl->next = NULL; + + b->last = ngx_cpymem(b->last, start, (size_t)(end - start)); + + if (ctx->chain == NULL) { + ctx->chain = cl; + ctx->last = cl; + } else { + ctx->last->next = cl; + ctx->last = cl; + } + + return NGX_OK; +} + +/ +** request body callback, passing body to mod security +/ +apr_status_t +modsecurity_read_body_cb(request_rec r, char buf, unsigned int length, + unsigned int readcnt, int is_eos) +{ + ngx_chain_t body; + ngx_http_modsecurity_ctx_t ctx; + ngx_buf_t b; + + ctx = (ngx_http_modsecurity_ctx_t ) apr_table_get(r->notes, NOTE_NGINX_REQUEST_CTX); + if (ctx == NULL) { + return APR_EINVAL; + } + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0, "modSecurity: read_body_cb"); + + if (ctx->processed >= ctx->received) { + is_eos = 1; + return APR_SUCCESS; + } + + if (ctx->body_last == NULL) { + body = ctx->chain; + } else { + body = ctx->body_last; + } + + if (!body) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0, "modSecurity: no more body left"); + } + + if (body) { + b = body->buf; + if (!ctx->body_pos) { + ctx->body_pos = b->start; + } + if ((b->end - ctx->body_pos) > length) { + ngx_memcpy(buf, (char ) ctx->body_pos, length); + ctx->processed += length; + ctx->body_pos += length; + readcnt = length; + ctx->body_last = body; + } else { + ngx_memcpy(buf, (char ) ctx->body_pos, (b->end - ctx->body_pos)); + ctx->processed += (b->end - ctx->body_pos); + readcnt = (b->end - ctx->body_pos); + ctx->body_last = body->next; + ctx->body_pos = NULL; + } + } + + return APR_SUCCESS; +} + +apr_sockaddr_t CopySockAddr(apr_pool_t pool, struct sockaddr pAddr) { + apr_sockaddr_t addr = (apr_sockaddr_t )apr_palloc(pool, sizeof(apr_sockaddr_t)); + int adrlen = 16, iplen = 4; + + if(pAddr->sa_family == AF_INET6) { + adrlen = 46; + iplen = 16; + } + + addr->addr_str_len = adrlen; + addr->family = pAddr->sa_family; + + addr->hostname = "unknown"; +#ifdef WIN32 + addr->ipaddr_len = sizeof(IN_ADDR); +#else + addr->ipaddr_len = sizeof(struct in_addr); +#endif + addr->ipaddr_ptr = &addr->sa.sin.sin_addr; + addr->pool = pool; + addr->port = 80; +#ifdef WIN32 + memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen); +#else + memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen); +#endif + addr->sa.sin.sin_family = pAddr->sa_family; + addr->sa.sin.sin_port = 80; + addr->salen = sizeof(addr->sa); + addr->servname = addr->hostname; + + return addr; +} + + +/ +** [ENTRY POINT] does : this function called by nginx from the request handler +/ +static ngx_int_t +ngx_http_modsecurity_handler(ngx_http_request_t r) +{ + ngx_http_modsecurity_loc_conf_t cf; + ngx_http_modsecurity_ctx_t ctx; + ngx_list_part_t part; + ngx_table_elt_t h; + ngx_uint_t i; + ngx_int_t rc; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: handler"); + + /* Process only main request / + if (r != r->main \|\| r->internal) { + return NGX_DECLINED; + } + + cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity); + if (!cf) { + return NGX_ERROR; + } + + / XXX: temporary hack, nginx uses pcre as well and hijacks these two / + pcre_malloc = modsec_pcre_malloc; + pcre_free = modsec_pcre_free; + + ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); + if (ctx == NULL) { + ctx = (ngx_http_modsecurity_ctx_t ) ngx_pcalloc(r->pool, sizeof(ngx_http_modsecurity_ctx_t)); + if (ctx == NULL) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "modSecurity: ctx memory allocation error"); + return NGX_ERROR; + } + ctx->r = r; + ctx->data_handler = upload_process_buf; + ctx->chain = ctx->last = NULL; + ctx->body_last = NULL; + ctx->body_pos = NULL; + ctx->received = ctx->processed = 0; + ngx_http_set_ctx(r, ctx, ngx_http_modsecurity); + } + + /* do all modsecurity related work only if handler is enabled / + if (cf->enable) { + if (r->connection->requests == 0 \|\| ctx->connection == NULL) { + ctx->connection = modsecNewConnection(); +#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 + ctx->connection->remote_addr = CopySockAddr(ctx->connection->pool, r->connection->sockaddr); + ctx->connection->remote_ip = ConvertNgxStringToUTF8(r->connection->addr_text, ctx->connection->pool); +#else + ctx->connection->client_addr = CopySockAddr(ctx->connection->pool, r->connection->sockaddr); + ctx->connection->client_ip = ConvertNgxStringToUTF8(r->connection->addr_text, ctx->connection->pool); +#endif + ctx->connection->remote_host = NULL; + modsecProcessConnection(ctx->connection); + } + + / cf->config was set in master process??? / + ctx->req = modsecNewRequest(ctx->connection, cf->config); + ctx->req->request_time = apr_time_now(); + ctx->req->method = ConvertNgxStringToUTF8(r->method_name, ctx->req->pool); + ctx->req->path_info = ConvertNgxStringToUTF8(r->unparsed_uri, ctx->req->pool); + ctx->req->unparsed_uri = ConvertNgxStringToUTF8(r->unparsed_uri, ctx->req->pool); + ctx->req->uri = ctx->req->unparsed_uri; + ctx->req->the_request = ConvertNgxStringToUTF8(r->request_line, ctx->req->pool); + ctx->req->args = ConvertNgxStringToUTF8(r->args, ctx->req->pool); + ctx->req->filename = ctx->req->path_info; + + ctx->req->parsed_uri.scheme = "http"; + ctx->req->parsed_uri.path = ctx->req->path_info; + ctx->req->parsed_uri.is_initialized = 1; + ctx->req->parsed_uri.port = 80; + ctx->req->parsed_uri.port_str = "80"; + ctx->req->parsed_uri.query = ctx->req->args; + ctx->req->parsed_uri.dns_looked_up = 0; + ctx->req->parsed_uri.dns_resolved = 0; + ctx->req->parsed_uri.password = NULL; + ctx->req->parsed_uri.user = NULL; + ctx->req->parsed_uri.fragment = ConvertNgxStringToUTF8(r->exten, ctx->req->pool); + + part = &r->headers_in.headers.part; + h = part->elts; + + for (i = 0; ; i++) { + if (i >= part->nelts) { + if (part->next == NULL) + break; + + part = part->next; + h = part->elts; + i = 0; + } + + apr_table_setn(ctx->req->headers_in, ConvertNgxStringToUTF8(h[i].key, ctx->req->pool), + ConvertNgxStringToUTF8(h[i].value, ctx->req->pool)); + } + + / XXX: if mod_uniqid enabled - use it's value / + apr_table_setn(ctx->req->subprocess_env, "UNIQUE_ID", "12345"); + / actually, we need ctx only for POST request body handling - don't like this part / + apr_table_setn(ctx->req->notes, NOTE_NGINX_REQUEST_CTX, (const char ) ctx); + } + +// r->keepalive = 0; + if (r->method == NGX_HTTP_POST) { + /* Processing POST request body, should we process PUT? / + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: method POST"); + if (cf->enable) + modsecSetReadBody(modsecurity_read_body_cb); + rc = ngx_http_read_upload_client_request_body(r); + } else { + / processing all the other methods / + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: method is not POST"); +/ rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init); + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + return rc; + }/ + rc = ngx_http_modsecurity_pass_to_backend(r); + } + + return rc; +} + +static char +ngx_http_modsecurity_set_config(ngx_conf_t cf, ngx_command_t cmd, void conf) +{ + ngx_http_modsecurity_loc_conf_t mscf = conf; + ngx_str_t value; + char config_path; + const char msg; + + value = cf->args->elts; + + if (cf->args->nelts == 0 \|\| value[1].len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "ModSecurity: config path required"); + return NGX_CONF_ERROR; + } + + if (ngx_conf_full_name(cf->cycle, &value[1], 1) != NGX_OK) { + return NGX_CONF_ERROR; + } + / + XXX: we need to check if file exists here + b/c modsecurity standalone will segfault with non-existent file + / + config_path = (char ) ngx_pcalloc(cf->pool, value[1].len + 1); + if (config_path == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "ModSecurity: config path memory allocation error"); + return NGX_CONF_ERROR; + } + ngx_memcpy(config_path, value[1].data, value[1].len); + + pcre_malloc = modsec_pcre_malloc; + pcre_free = modsec_pcre_free; + + cf->log->log_level = NGX_LOG_INFO; + + modsecSetLogHook(cf->log, modsecLog); + + modsecInit(); + modsecStartConfig(); + + mscf->config = modsecGetDefaultConfig(); + + msg = modsecProcessConfig(mscf->config, config_path); + if (msg != NULL) { + ngx_conf_log_error(NGX_LOG_INFO, cf, 0, "modSecurity: modsecProcessConfig() %s", msg); + return NGX_CONF_ERROR; + } + +// modsecFinalizeConfig(); + + return NGX_CONF_OK; +} + +static char * +ngx_http_modsecurity_add_handler(ngx_conf_t cf, ngx_command_t cmd, void conf) +{ + ngx_http_core_loc_conf_t clcf; + ngx_str_t value; + ngx_http_modsecurity_loc_conf_t mscf = conf; + + value = cf->args->elts; + + if (value[1].len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "empty value in \"%V\" directive", + &cmd->name); + + return NGX_CONF_ERROR; + } + + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); + clcf->handler = ngx_http_modsecurity_handler; + + if (ngx_strcmp(value[1].data, "off") == 0) { + mscf->enable = 0; + return NGX_CONF_OK; + } + if (ngx_strcmp(value[1].data, "on") == 0) { + mscf->enable = 1; + return NGX_CONF_OK; + } + + return NGX_CONF_OK; +} + +static char * +ngx_http_modsecurity_pass(ngx_conf_t cf, ngx_command_t cmd, void conf) +{ + ngx_http_modsecurity_loc_conf_t mscf = conf; + ngx_str_t value; + ngx_http_compile_complex_value_t ccv; + + if ((mscf->url.len != 0) \|\| (mscf->url_cv != NULL)) { + return "is duplicate"; + } + + value = cf->args->elts; + + if (value[1].len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "empty value in \"%V\" directive", + &cmd->name); + + return NGX_CONF_ERROR; + } + + if (ngx_http_script_variables_count(&value[1])) { + / complex value / + mscf->url_cv = ngx_palloc(cf->pool, sizeof(ngx_http_complex_value_t)); + if (mscf->url_cv == NULL) { + return NGX_CONF_ERROR; + } + + ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); + + ccv.cf = cf; + ccv.value = &value[1]; + ccv.complex_value = mscf->url_cv; + + if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { + return NGX_CONF_ERROR; + } + } else { + / simple value */ + mscf->url = value[1]; + } + + return NGX_CONF_OK; +}
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/standalone/api.c ^
@@ -422,6 +422,16 @@ return status; } +int modsecIsResponseBodyAccessEnabled(request_rec r) +{ + modsec_rec msr = retrieve_msr(r); + + if(msr == NULL \|\| msr->txcfg == NULL) + return 0; + + return msr->txcfg->resbody_access; +} + int modsecProcessResponse(request_rec *r) { int status = DECLINED;
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/standalone/api.h ^
@@ -71,6 +71,8 @@ void modsecSetWriteBody(apr_status_t (func)(request_rec r, char buf, unsigned int length)); void modsecSetWriteResponse(apr_status_t (func)(request_rec r, char buf, unsigned int length)); +int modsecIsResponseBodyAccessEnabled(request_rec *r); + #ifdef __cplusplus } #endif
[-] [+]	Changed	modsecurity-apache_2.7.0.tar.bz2/standalone/config.c ^
@@ -37,7 +37,7 @@ #include "apr_lib.h" #include "ap_config.h" #include "http_config.h" - +#include "apr_fnmatch.h" AP_DECLARE(int) ap_cfg_closefile(ap_configfile_t cfp) { @@ -510,9 +510,6 @@ return APR_SUCCESS; } - - - AP_CORE_DECLARE(const command_rec ) ap_find_command(const char name, const command_rec cmds) { @@ -702,6 +699,281 @@ {NULL, 0, 0, NULL, -1, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}; #endif +typedef struct { + const char fname; +} fnames; + +AP_DECLARE(int) ap_is_directory(apr_pool_t p, const char path) +{ + apr_finfo_t finfo; + + if (apr_stat(&finfo, path, APR_FINFO_TYPE, p) != APR_SUCCESS) + return 0; / in error condition, just return no / + + return (finfo.filetype == APR_DIR); +} + +AP_DECLARE(char ) ap_make_full_path(apr_pool_t a, const char src1, + const char src2) +{ + apr_size_t len1, len2; + char path; + + len1 = strlen(src1); + len2 = strlen(src2); + /* allocate +3 for '/' delimiter, trailing NULL and overallocate + * one extra byte to allow the caller to add a trailing '/' + / + path = (char )apr_palloc(a, len1 + len2 + 3); + if (len1 == 0) { + path = '/'; + memcpy(path + 1, src2, len2 + 1); + } + else { + char next; + memcpy(path, src1, len1); + next = path + len1; + if (next[-1] != '/') { + next++ = '/'; + } + memcpy(next, src2, len2 + 1); + } + return path; +} + +static int fname_alphasort(const void fn1, const void fn2) +{ + const fnames f1 = fn1; + const fnames f2 = fn2; + + return strcmp(f1->fname,f2->fname); +} + +AP_DECLARE(const char ) process_resource_config(const char fname, + apr_array_header_t ari, + apr_pool_t ptemp) +{ + (char *)apr_array_push(ari) = (char )fname; + + return NULL; +} + +static const char process_resource_config_nofnmatch(const char fname, + apr_array_header_t ari, + apr_pool_t p, + apr_pool_t ptemp, + unsigned depth, + int optional) +{ + const char error; + apr_status_t rv; + + if (ap_is_directory(ptemp, fname)) { + apr_dir_t dirp; + apr_finfo_t dirent; + int current; + apr_array_header_t candidates = NULL; + fnames fnew; + char path = apr_pstrdup(ptemp, fname); + + if (++depth > 100) { + return apr_psprintf(p, "Directory %s exceeds the maximum include " + "directory nesting level of %u. You have " + "probably a recursion somewhere.", path, + 100); + } + + /* + * first course of business is to grok all the directory + * entries here and store 'em away. Recall we need full pathnames + * for this. + / + rv = apr_dir_open(&dirp, path, ptemp); + if (rv != APR_SUCCESS) { + char errmsg[120]; + return apr_psprintf(p, "Could not open config directory %s: %s", + path, apr_strerror(rv, errmsg, sizeof errmsg)); + } + + candidates = apr_array_make(ptemp, 1, sizeof(fnames)); + while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) { + / strip out '.' and '..' / + if (strcmp(dirent.name, ".") + && strcmp(dirent.name, "..")) { + fnew = (fnames ) apr_array_push(candidates); + fnew->fname = ap_make_full_path(ptemp, path, dirent.name); + } + } + + apr_dir_close(dirp); + if (candidates->nelts != 0) { + qsort((void ) candidates->elts, candidates->nelts, + sizeof(fnames), fname_alphasort); + + / + * Now recurse these... we handle errors and subdirectories + * via the recursion, which is nice + / + for (current = 0; current < candidates->nelts; ++current) { + fnew = &((fnames ) candidates->elts)[current]; + error = process_resource_config_nofnmatch(fnew->fname, + ari, p, ptemp, + depth, optional); + if (error) { + return error; + } + } + } + + return NULL; + } + + return process_resource_config(fname, ari, ptemp); +} + +static const char process_resource_config_fnmatch(const char path, + const char fname, + apr_array_header_t ari, + apr_pool_t p, + apr_pool_t ptemp, + unsigned depth, + int optional) +{ + const char rest; + apr_status_t rv; + apr_dir_t dirp; + apr_finfo_t dirent; + apr_array_header_t candidates = NULL; + fnames fnew; + int current; + + /* find the first part of the filename / + rest = ap_strchr_c(fname, '/'); + if (rest) { + fname = apr_pstrndup(ptemp, fname, rest - fname); + rest++; + } + + / optimisation - if the filename isn't a wildcard, process it directly / + if (!apr_fnmatch_test(fname)) { + path = ap_make_full_path(ptemp, path, fname); + if (!rest) { + return process_resource_config_nofnmatch(path, + ari, p, + ptemp, 0, optional); + } + else { + return process_resource_config_fnmatch(path, rest, + ari, p, + ptemp, 0, optional); + } + } + + / + * first course of business is to grok all the directory + * entries here and store 'em away. Recall we need full pathnames + * for this. + / + rv = apr_dir_open(&dirp, path, ptemp); + if (rv != APR_SUCCESS) { + char errmsg[120]; + return apr_psprintf(p, "Could not open config directory %s: %s", + path, apr_strerror(rv, errmsg, sizeof errmsg)); + } + + candidates = apr_array_make(ptemp, 1, sizeof(fnames)); + while (apr_dir_read(&dirent, APR_FINFO_DIRENT \| APR_FINFO_TYPE, dirp) == APR_SUCCESS) { + / strip out '.' and '..' / + if (strcmp(dirent.name, ".") + && strcmp(dirent.name, "..") + && (apr_fnmatch(fname, dirent.name, + APR_FNM_PERIOD) == APR_SUCCESS)) { + const char full_path = ap_make_full_path(ptemp, path, dirent.name); + /* If matching internal to path, and we happen to match something + * other than a directory, skip it + / + if (rest && (rv == APR_SUCCESS) && (dirent.filetype != APR_DIR)) { + continue; + } + fnew = (fnames ) apr_array_push(candidates); + fnew->fname = full_path; + } + } + + apr_dir_close(dirp); + if (candidates->nelts != 0) { + const char error; + + qsort((void ) candidates->elts, candidates->nelts, + sizeof(fnames), fname_alphasort); + + /* + * Now recurse these... we handle errors and subdirectories + * via the recursion, which is nice + / + for (current = 0; current < candidates->nelts; ++current) { + fnew = &((fnames ) candidates->elts)[current]; + if (!rest) { + error = process_resource_config_nofnmatch(fnew->fname, + ari, p, + ptemp, 0, optional); + } + else { + error = process_resource_config_fnmatch(fnew->fname, rest, + ari, p, + ptemp, 0, optional); + } + if (error) { + return error; + } + } + } + else { + + if (!optional) { + return apr_psprintf(p, "No matches for the wildcard '%s' in '%s', failing " + "(use IncludeOptional if required)", fname, path); + } + } + + return NULL; +} + +AP_DECLARE(const char ) process_fnmatch_configs(apr_array_header_t ari, + const char fname, + apr_pool_t p, + apr_pool_t ptemp, + int optional) +{ + if (!apr_fnmatch_test(fname)) { + return process_resource_config(fname, ari, p); + } + else { + apr_status_t status; + const char rootpath, filepath = fname; + + / locate the start of the directories proper / + status = apr_filepath_root(&rootpath, &filepath, APR_FILEPATH_TRUENAME, ptemp); + + / we allow APR_SUCCESS and APR_EINCOMPLETE / + if (APR_ERELATIVE == status) { + return apr_pstrcat(p, "Include must have an absolute path, ", fname, NULL); + } + else if (APR_EBADPATH == status) { + return apr_pstrcat(p, "Include has a bad path, ", fname, NULL); + } + + / walk the filepath / + return process_resource_config_fnmatch(rootpath, filepath, ari, p, ptemp, + 0, optional); + } +} + +const char populate_include_files(apr_pool_t p, apr_pool_t ptemp, apr_array_header_t ari, const char fname, int optional) +{ + return process_fnmatch_configs(ari, fname, p, ptemp, optional); +} + const char process_command_config(server_rec s, void mconfig, apr_pool_t p, @@ -709,74 +981,153 @@ const char filename) { const char errmsg; - cmd_parms parms; char l = apr_palloc (ptemp, MAX_STRING_LEN); const char args = l; - char cmd_name; + char cmd_name, w; const command_rec cmd; - apr_array_header_t arr = apr_array_make(p, 1, sizeof(char )); + apr_array_header_t arr = apr_array_make(p, 1, sizeof(cmd_parms)); + apr_array_header_t ari = apr_array_make(p, 1, sizeof(char )); + cmd_parms parms; apr_status_t status; ap_directive_t newdir; + int optional; - parms = default_parms; - parms.pool = p; - parms.temp_pool = ptemp; - parms.server = s; - parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT); - parms.override_opts = OPT_ALL \| OPT_SYM_OWNER \| OPT_MULTI; + //(char *)apr_array_push(ari) = (char )filename; + errmsg = populate_include_files(p, ptemp, ari, filename, 0); - status = ap_pcfg_openfile(&parms.config_file, p, filename); + if(errmsg != NULL) + goto Exit; - if(status != APR_SUCCESS) + while(ari->nelts != 0 \|\| arr->nelts != 0) { - // cannot open config file - // - } + if(ari->nelts > 0) + { + char fn = (char *)apr_array_pop(ari); - while (!(ap_cfg_getline(l, MAX_STRING_LEN, parms.config_file))) { - if (l == '#' \|\| l == '\0') - continue; + parms = (cmd_parms )apr_array_push(arr); + parms = default_parms; + parms->pool = p; + parms->temp_pool = ptemp; + parms->server = s; + parms->override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT); + parms->override_opts = OPT_ALL \| OPT_SYM_OWNER \| OPT_MULTI; + + status = ap_pcfg_openfile(&parms->config_file, p, fn); + + if(status != APR_SUCCESS) + { + apr_array_pop(arr); + errmsg = apr_pstrcat(p, "Cannot open config file: ", fn, NULL); + goto Exit; + } + } - args = l; + if (arr->nelts > 1024) { + errmsg = "Exceeded the maximum include directory nesting level. You have " + "probably a recursion somewhere."; + goto Exit; + } - cmd_name = ap_getword_conf(p, &args); - if (cmd_name == '\0') - continue; + parms = (cmd_parms )apr_array_pop(arr); - cmd = ap_find_command(cmd_name, security2_module.cmds); + if(parms == NULL) + break; - if(cmd == NULL) - { - // unknown command, should error - // - printf("Unknown command: %s\n", cmd_name); - continue; - } + while (!(ap_cfg_getline(l, MAX_STRING_LEN, parms->config_file))) { + if (l == '#' \|\| l == '\0') + continue; + + args = l; + + cmd_name = ap_getword_conf(p, &args); + + if (cmd_name == '\0') + continue; + + if (!strcasecmp(cmd_name, "IncludeOptional")) + { + optional = 1; + goto ProcessInclude; + } + + if (!strcasecmp(cmd_name, "Include")) + { + optional = 0; +ProcessInclude: + w = ap_getword_conf(parms->pool, &args); + + if (w == '\0' \|\| args != 0) + { + ap_cfg_closefile(parms->config_file); + errmsg = apr_pstrcat(parms->pool, "Include takes one argument", NULL); + goto Exit; + } + + errmsg = populate_include_files(p, ptemp, ari, w, optional); + + (cmd_parms )apr_array_push(arr) = parms; + + if(errmsg != NULL) + goto Exit; + + // we don't want to close the current file yet + // + parms = NULL; + break; + } + + cmd = ap_find_command(cmd_name, security2_module.cmds); + + if(cmd == NULL) + { + // unknown command, should error + // + ap_cfg_closefile(parms->config_file); + errmsg = apr_pstrcat(p, "Unknown command in config: ", cmd_name, NULL); + goto Exit; + } + + newdir = apr_pcalloc(p, sizeof(ap_directive_t)); + newdir->filename = parms->config_file->name; + newdir->line_num = parms->config_file->line_number; + newdir->directive = cmd_name; + newdir->args = apr_pstrdup(p, args); - newdir = apr_pcalloc(p, sizeof(ap_directive_t)); - newdir->filename = parms.config_file->name; - newdir->line_num = parms.config_file->line_number; - newdir->directive = cmd_name; - newdir->args = apr_pstrdup(p, args); + parms->directive = newdir; - parms.directive = newdir; + errmsg = invoke_cmd(cmd, parms, mconfig, args); - errmsg = invoke_cmd(cmd, &parms, mconfig, args); + if(errmsg != NULL) + break; + } + + if(parms != NULL) + ap_cfg_closefile(parms->config_file); if(errmsg != NULL) break; } - ap_cfg_closefile(parms.config_file); + while((parms = (cmd_parms )apr_array_pop(arr)) != NULL) + { + ap_cfg_closefile(parms->config_file); + } if (errmsg) { char err = (char )apr_palloc(p, 1024); - apr_snprintf(err, 1024, "Syntax error in config file %s, line %d: %s", parms.config_file->name, - parms.config_file->line_number, errmsg); + apr_snprintf(err, 1024, "Syntax error in config file %s, line %d: %s", parms->config_file->name, + parms->config_file->line_number, errmsg); return err; } return NULL; +Exit: + while((parms = (cmd_parms *)apr_array_pop(arr)) != NULL) + { + ap_cfg_closefile(parms->config_file); + } + + return errmsg; }