diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h index 8a2962a..52443fb 100644 --- a/src/ngx_http_modsecurity_common.h +++ b/src/ngx_http_modsecurity_common.h @@ -89,6 +89,9 @@ typedef struct { typedef struct { void *pool; ModSecurity *modsec; + ngx_uint_t rules_inline; + ngx_uint_t rules_file; + ngx_uint_t rules_remote; } ngx_http_modsecurity_main_conf_t; diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c index 819552e..420b917 100644 --- a/src/ngx_http_modsecurity_module.c +++ b/src/ngx_http_modsecurity_module.c @@ -286,13 +286,19 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r) } -char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_str_t *value = cf->args->elts; - int res; - const char *error = NULL; - char *rules = ngx_str_to_char(value[1], cf->pool); - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *mcf = conf; +char * +ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + int res; + char *rules; + ngx_str_t *value; + const char *error; + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf = conf; + ngx_http_modsecurity_main_conf_t *mmcf; + + value = cf->args->elts; + rules = ngx_str_to_char(value[1], cf->pool); if (rules == (char *)-1) { return NGX_CONF_ERROR; @@ -301,22 +307,32 @@ char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool); res = msc_rules_add(mcf->rules_set, rules, &error); ngx_http_modsecurity_pcre_malloc_done(old_pool); + if (res < 0) { dd("Failed to load the rules: '%s' - reason: '%s'", rules, error); return strdup(error); } + mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module); + mmcf->rules_inline += res; + return NGX_CONF_OK; } -char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_str_t *value = cf->args->elts; - int res; - const char *error = NULL; - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *mcf = conf; - char *rules_set = ngx_str_to_char(value[1], cf->pool); +char * +ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + int res; + char *rules_set; + ngx_str_t *value; + const char *error; + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf = conf; + ngx_http_modsecurity_main_conf_t *mmcf; + + value = cf->args->elts; + rules_set = ngx_str_to_char(value[1], cf->pool); if (rules_set == (char *)-1) { return NGX_CONF_ERROR; @@ -325,27 +341,38 @@ char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool); res = msc_rules_add_file(mcf->rules_set, rules_set, &error); ngx_http_modsecurity_pcre_malloc_done(old_pool); + if (res < 0) { dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error); return strdup(error); } + mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module); + mmcf->rules_file += res; + return NGX_CONF_OK; } -char *ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_str_t *value = cf->args->elts; - int res; - const char *error = NULL; - const char *rules_remote_key = ngx_str_to_char(value[1], cf->pool); - const char *rules_remote_server = ngx_str_to_char(value[2], cf->pool); - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *mcf = conf; +char * +ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + int res; + ngx_str_t *value; + const char *error; + const char *rules_remote_key, *rules_remote_server; + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf = conf; + ngx_http_modsecurity_main_conf_t *mmcf; + + value = cf->args->elts; + rules_remote_key = ngx_str_to_char(value[1], cf->pool); + rules_remote_server = ngx_str_to_char(value[2], cf->pool); if (rules_remote_server == (char *)-1) { return NGX_CONF_ERROR; } + if (rules_remote_key == (char *)-1) { return NGX_CONF_ERROR; } @@ -353,11 +380,15 @@ char *ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool); res = msc_rules_add_remote(mcf->rules_set, rules_remote_key, rules_remote_server, &error); ngx_http_modsecurity_pcre_malloc_done(old_pool); + if (res < 0) { dd("Failed to load the rules from: '%s' - reason: '%s'", rules_remote_server, error); return strdup(error); } + mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module); + mmcf->rules_remote += res; + return NGX_CONF_OK; } @@ -564,6 +595,9 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf) * * conf->modsec = NULL; * conf->pool = NULL; + * conf->rules_inline = 0; + * conf->rules_file = 0; + * conf->rules_remote = 0; */ cln = ngx_pool_cleanup_add(cf->pool, 0); @@ -597,7 +631,13 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf) static char * ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf) { - ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, MODSECURITY_NGINX_WHOAMI); + ngx_http_modsecurity_main_conf_t *mmcf; + mmcf = (ngx_http_modsecurity_main_conf_t *) conf; + + ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, + "%s (rules loaded inline/local/remote: %ui/%ui/%ui)", + MODSECURITY_NGINX_WHOAMI, mmcf->rules_inline, + mmcf->rules_file, mmcf->rules_remote); return NGX_CONF_OK; }