From 97a5835555c075f17aa3f5b752d6bc581bec216a Mon Sep 17 00:00:00 2001 From: jjustus2 Date: Fri, 22 May 2020 03:40:04 -0400 Subject: [PATCH 1/2] Fix error_page internal redirect false positive logging --- CHANGES | 8 ++++---- src/ngx_http_modsecurity_pre_access.c | 8 ++++---- src/ngx_http_modsecurity_rewrite.c | 7 ++++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 420a8cb..78c8587 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,10 @@ v1.0.x - YYYY-MMM-DD (To be released) ------------------------------------- - + - Fix request logging false positives due to error_page internal redirects + [Issue #182 - @jeremyjpj0916] - Fix config setting not respected: client_body_in_file_only on [Issue #187 - @martinhsv] - - Fix audit_log not generated for disruptive actions + - Fix audit_log not generated for disruptive actions [Issue #170, #2220, #2237 - @victorhora] - Exit more gracefully if uri length is zero [@martinhsv] @@ -13,7 +14,7 @@ v1.0.1 - 2019-Dec-16 - Fixed obtaining of server_addr [Issue #167, #168 - @defanator] - - Avoid processing of subrequests initiated by the error_page + - Avoid processing of subrequests initiated by the error_page [Issue #76, #164, #165 - @defanator] - Tests: extend request body tests [Issue #142,#143 - @defanator] @@ -53,4 +54,3 @@ v1.0.0 - 2017-Dec-20 -------------------- - First version of ModSecurity-nginx connector - diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c index 7869f54..8c487b7 100644 --- a/src/ngx_http_modsecurity_pre_access.c +++ b/src/ngx_http_modsecurity_pre_access.c @@ -48,6 +48,10 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) ngx_http_modsecurity_ctx_t *ctx; ngx_http_modsecurity_conf_t *mcf; + if (r->error_page) { + return NGX_DECLINED; + } + dd("catching a new _preaccess_ phase handler"); mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); @@ -202,9 +206,6 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) ngx_http_modsecurity_pcre_malloc_done(old_pool); ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r); - if (r->error_page) { - return NGX_DECLINED; - } if (ret > 0) { return ret; } @@ -214,4 +215,3 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) #endif return NGX_DECLINED; } - diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c index b6a6d6c..42bc855 100644 --- a/src/ngx_http_modsecurity_rewrite.c +++ b/src/ngx_http_modsecurity_rewrite.c @@ -27,6 +27,10 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) ngx_http_modsecurity_ctx_t *ctx; ngx_http_modsecurity_conf_t *mcf; + if (r->error_page) { + return NGX_DECLINED; + } + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); if (mcf == NULL || mcf->enable != 1) { dd("ModSecurity not enabled... returning"); @@ -204,9 +208,6 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) ngx_http_modsecurity_pcre_malloc_done(old_pool); dd("Processing intervention with the request headers information filled in"); ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r); - if (r->error_page) { - return NGX_DECLINED; - } if (ret > 0) { return ret; } From 4368c58988e61826a8228a6daec5e3ff34546681 Mon Sep 17 00:00:00 2001 From: jeremyjpj0916 <31913027+jeremyjpj0916@users.noreply.github.com> Date: Wed, 29 May 2024 22:16:47 -0400 Subject: [PATCH 2/2] Update CHANGES --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 075558d..43f3052 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ v1.0.4 - 2024-May-29 -------------------- - - Fix request logging false positives due to error_page internal redirects + - Fix request logging false positives due to error_page internal redirects and improve performance by not evaluating again post redirect [Issue #182 - @jeremyjpj0916] v1.0.3 - 2022-May-24