Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Module configuration refactoring #139

Closed
wants to merge 6 commits into from
Closed

Module configuration refactoring #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e00e2cc
Do not use main/server contexts for creating/merging configuration
defanator Nov 29, 2018
ae765f2
Emit connector version just once (broken in e00e2cc)
defanator Nov 30, 2018
7b8f1ef
Introduce separate configuration for main context
defanator Nov 30, 2018
3e256b0
Small rewording in cleanup handlers
defanator Nov 30, 2018
6b7e59e
Use consistent naming of configuration structures
defanator Nov 30, 2018
2ae2a10
Include number of loaded rules in log message at start
defanator Nov 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/ngx_http_modsecurity_body_filter.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
ngx_chain_t *chain = in;
ngx_http_modsecurity_ctx_t *ctx = NULL;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
ngx_http_modsecurity_conf_t *loc_cf = NULL;
ngx_http_modsecurity_conf_t *mcf;
ngx_list_part_t *part = &r->headers_out.headers.part;
ngx_table_elt_t *data = part->elts;
ngx_uint_t i = 0;
Expand All @@ -57,8 +57,8 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
}

#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (loc_cf != NULL && loc_cf->sanity_checks_enabled != NGX_CONF_UNSET)
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (mcf != NULL && mcf->sanity_checks_enabled != NGX_CONF_UNSET)
{
#if 0
dd("dumping stored ctx headers");
Expand Down
20 changes: 14 additions & 6 deletions src/ngx_http_modsecurity_common.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ typedef struct {
Transaction *modsec_transaction;
ModSecurityIntervention *delayed_intervention;

#ifdef MODSECURITY_SANITY_CHECKS
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
/*
* Should be filled with the headers that were sent to ModSecurity.
*
Expand All @@ -87,14 +87,22 @@ typedef struct {


typedef struct {
ModSecurity *modsec;
void *pool;
ModSecurity *modsec;
ngx_uint_t rules_inline;
ngx_uint_t rules_file;
ngx_uint_t rules_remote;
} ngx_http_modsecurity_main_conf_t;

ngx_flag_t enable;
ngx_flag_t sanity_checks_enabled;

Rules *rules_set;
typedef struct {
void *pool;
Rules *rules_set;

void *pool;
ngx_flag_t enable;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
ngx_flag_t sanity_checks_enabled;
#endif

ngx_http_complex_value_t *transaction_id;
} ngx_http_modsecurity_conf_t;
Expand Down
10 changes: 5 additions & 5 deletions src/ngx_http_modsecurity_header_filter.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,17 +103,17 @@ ngx_http_modsecurity_header_out_t ngx_http_modsecurity_headers_out[] = {
int
ngx_http_modescurity_store_ctx_header(ngx_http_request_t *r, ngx_str_t *name, ngx_str_t *value)
{
ngx_http_modsecurity_ctx_t *ctx = NULL;
ngx_http_modsecurity_header_t *hdr = NULL;
ngx_http_modsecurity_conf_t *loc_cf = NULL;
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
ngx_http_modsecurity_header_t *hdr;

ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
if (ctx == NULL || ctx->sanity_headers_out == NULL) {
return NGX_ERROR;
}

loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (loc_cf == NULL || loc_cf->sanity_checks_enabled == NGX_CONF_UNSET)
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (mcf == NULL || mcf->sanity_checks_enabled == NGX_CONF_UNSET)
{
return NGX_OK;
}
Expand Down
10 changes: 5 additions & 5 deletions src/ngx_http_modsecurity_log.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,14 @@ ngx_http_modsecurity_log(void *log, const void* data)
ngx_int_t
ngx_http_modsecurity_log_handler(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx = NULL;
ngx_http_modsecurity_conf_t *cf;
ngx_pool_t *old_pool;
ngx_pool_t *old_pool;
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;

dd("catching a new _log_ phase handler");

cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (cf == NULL || cf->enable != 1)
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (mcf == NULL || mcf->enable != 1)
{
dd("ModSecurity not enabled... returning");
return NGX_OK;
Expand Down
Loading