Skip to content

Commit

Permalink
Include number of loaded rules in log message at start
Browse files Browse the repository at this point in the history
  • Loading branch information
defanator authored and Felipe Zimmerle committed Dec 17, 2018
1 parent 4a39aaa commit c3197e3
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 23 deletions.
3 changes: 3 additions & 0 deletions src/ngx_http_modsecurity_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,9 @@ typedef struct {
typedef struct {
void *pool;
ModSecurity *modsec;
ngx_uint_t rules_inline;
ngx_uint_t rules_file;
ngx_uint_t rules_remote;
} ngx_http_modsecurity_main_conf_t;


Expand Down
86 changes: 63 additions & 23 deletions src/ngx_http_modsecurity_module.c
Original file line number Diff line number Diff line change
Expand Up @@ -286,13 +286,19 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
}


char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
ngx_str_t *value = cf->args->elts;
int res;
const char *error = NULL;
char *rules = ngx_str_to_char(value[1], cf->pool);
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
char *
ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
int res;
char *rules;
ngx_str_t *value;
const char *error;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
ngx_http_modsecurity_main_conf_t *mmcf;

value = cf->args->elts;
rules = ngx_str_to_char(value[1], cf->pool);

if (rules == (char *)-1) {
return NGX_CONF_ERROR;
Expand All @@ -301,22 +307,32 @@ char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
res = msc_rules_add(mcf->rules_set, rules, &error);
ngx_http_modsecurity_pcre_malloc_done(old_pool);

if (res < 0) {
dd("Failed to load the rules: '%s' - reason: '%s'", rules, error);
return strdup(error);
}

mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
mmcf->rules_inline += res;

return NGX_CONF_OK;
}


char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
ngx_str_t *value = cf->args->elts;
int res;
const char *error = NULL;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
char *rules_set = ngx_str_to_char(value[1], cf->pool);
char *
ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
int res;
char *rules_set;
ngx_str_t *value;
const char *error;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
ngx_http_modsecurity_main_conf_t *mmcf;

value = cf->args->elts;
rules_set = ngx_str_to_char(value[1], cf->pool);

if (rules_set == (char *)-1) {
return NGX_CONF_ERROR;
Expand All @@ -325,39 +341,54 @@ char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
res = msc_rules_add_file(mcf->rules_set, rules_set, &error);
ngx_http_modsecurity_pcre_malloc_done(old_pool);

if (res < 0) {
dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error);
return strdup(error);
}

mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
mmcf->rules_file += res;

return NGX_CONF_OK;
}


char *ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
ngx_str_t *value = cf->args->elts;
int res;
const char *error = NULL;
const char *rules_remote_key = ngx_str_to_char(value[1], cf->pool);
const char *rules_remote_server = ngx_str_to_char(value[2], cf->pool);
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
char *
ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
int res;
ngx_str_t *value;
const char *error;
const char *rules_remote_key, *rules_remote_server;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
ngx_http_modsecurity_main_conf_t *mmcf;

value = cf->args->elts;
rules_remote_key = ngx_str_to_char(value[1], cf->pool);
rules_remote_server = ngx_str_to_char(value[2], cf->pool);

if (rules_remote_server == (char *)-1) {
return NGX_CONF_ERROR;
}

if (rules_remote_key == (char *)-1) {
return NGX_CONF_ERROR;
}

old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
res = msc_rules_add_remote(mcf->rules_set, rules_remote_key, rules_remote_server, &error);
ngx_http_modsecurity_pcre_malloc_done(old_pool);

if (res < 0) {
dd("Failed to load the rules from: '%s' - reason: '%s'", rules_remote_server, error);
return strdup(error);
}

mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
mmcf->rules_remote += res;

return NGX_CONF_OK;
}

Expand Down Expand Up @@ -564,6 +595,9 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
*
* conf->modsec = NULL;
* conf->pool = NULL;
* conf->rules_inline = 0;
* conf->rules_file = 0;
* conf->rules_remote = 0;
*/

cln = ngx_pool_cleanup_add(cf->pool, 0);
Expand Down Expand Up @@ -597,7 +631,13 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
static char *
ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf)
{
ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, MODSECURITY_NGINX_WHOAMI);
ngx_http_modsecurity_main_conf_t *mmcf;
mmcf = (ngx_http_modsecurity_main_conf_t *) conf;

ngx_log_error(NGX_LOG_NOTICE, cf->log, 0,
"%s (rules loaded inline/local/remote: %ui/%ui/%ui)",
MODSECURITY_NGINX_WHOAMI, mmcf->rules_inline,
mmcf->rules_file, mmcf->rules_remote);

return NGX_CONF_OK;
}
Expand Down

0 comments on commit c3197e3

Please sign in to comment.