attempt to fix issue238

this one is not entirely correct as it produces a set of "header already sent" alerts in tests (in particular, modsecurity.t, modsecurity-response-body.t, modsecurity-proxy.t)
defanator · Jan 25, 2021 · 51cbaf3 · 51cbaf3
1 parent 3dbe4da
commit 51cbaf3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c
@@ -525,8 +525,12 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
     ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r);
     if (r->error_page) {
         return ngx_http_next_header_filter(r);
-        }
+    }
     if (ret > 0) {
+        if (!r->header_sent && ret == NGX_HTTP_FORBIDDEN) {
+            r->err_status = ret;
+            return ngx_http_send_header(r);
+        }
         return ret;
     }