2525#include "apr_optional.h"
2626#include "mod_log_config.h"
2727
28+ #ifdef APLOG_USE_MODULE
29+ APLOG_USE_MODULE (security2 );
30+ #endif
31+
2832#include "msc_logging.h"
2933#include "msc_util.h"
3034
@@ -1451,6 +1455,9 @@ static int hook_connection_early(conn_rec *conn)
14511455
14521456 apr_cpystrn (ws_record -> client , client_ip , sizeof (ws_record -> client ));
14531457
1458+ ap_log_cerror (APLOG_MARK , APLOG_TRACE3 , 0 , conn ,
1459+ "ModSecurity: going to loop through %d servers with %d threads" ,
1460+ server_limit , thread_limit );
14541461 for (i = 0 ; i < server_limit ; ++ i ) {
14551462 for (j = 0 ; j < thread_limit ; ++ j ) {
14561463
@@ -1485,14 +1492,18 @@ static int hook_connection_early(conn_rec *conn)
14851492 }
14861493 }
14871494
1495+ ap_log_cerror (APLOG_MARK , APLOG_TRACE3 , 0 , conn ,
1496+ "ModSecurity: threads in READ: %ld of %ld, WRITE: %ld of %ld, IP: %s" ,
1497+ ip_count_r , conn_read_state_limit , ip_count_w , conn_write_state_limit , client_ip );
1498+
14881499 if (conn_read_state_limit > 0 && ip_count_r > conn_read_state_limit )
14891500 {
14901501 if (conn_read_state_suspicious_list &&
14911502 (tree_contains_ip (conn -> pool ,
14921503 conn_read_state_suspicious_list , client_ip , NULL , & error_msg ) <= 0 ))
14931504 {
14941505 if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1495- ap_log_error (APLOG_MARK , APLOG_WARNING , 0 , NULL ,
1506+ ap_log_cerror (APLOG_MARK , APLOG_WARNING , 0 , conn ,
14961507 "ModSecurity: Too many threads [%ld] of %ld allowed " \
14971508 "in READ state from %s - There is a suspission list " \
14981509 "but that IP is not part of it, access granted" ,
@@ -1502,15 +1513,15 @@ static int hook_connection_early(conn_rec *conn)
15021513 conn_read_state_whitelist , client_ip , NULL , & error_msg ) > 0 )
15031514 {
15041515 if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1505- ap_log_error (APLOG_MARK , APLOG_WARNING , 0 , NULL ,
1516+ ap_log_cerror (APLOG_MARK , APLOG_WARNING , 0 , conn ,
15061517 "ModSecurity: Too many threads [%ld] of %ld allowed " \
15071518 "in READ state from %s - Ip is on whitelist, access " \
15081519 "granted" , ip_count_r , conn_read_state_limit ,
15091520 client_ip );
15101521 }
15111522 else
15121523 {
1513- ap_log_error (APLOG_MARK , APLOG_WARNING , 0 , NULL ,
1524+ ap_log_cerror (APLOG_MARK , APLOG_WARNING , 0 , conn ,
15141525 "ModSecurity: Access denied with code 400. Too many " \
15151526 "threads [%ld] of %ld allowed in READ state from %s - " \
15161527 "Possible DoS Consumption Attack [Rejected]" , ip_count_r ,
@@ -1528,7 +1539,7 @@ static int hook_connection_early(conn_rec *conn)
15281539 conn_write_state_suspicious_list , client_ip , NULL , & error_msg ) <= 0 ))
15291540 {
15301541 if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1531- ap_log_error (APLOG_MARK , APLOG_WARNING , 0 , NULL ,
1542+ ap_log_cerror (APLOG_MARK , APLOG_WARNING , 0 , conn ,
15321543 "ModSecurity: Too many threads [%ld] of %ld allowed " \
15331544 "in WRITE state from %s - There is a suspission list " \
15341545 "but that IP is not part of it, access granted" ,
@@ -1538,15 +1549,15 @@ static int hook_connection_early(conn_rec *conn)
15381549 conn_write_state_whitelist , client_ip , NULL , & error_msg ) > 0 )
15391550 {
15401551 if (conn_limits_filter_state == MODSEC_DETECTION_ONLY )
1541- ap_log_error (APLOG_MARK , APLOG_WARNING , 0 , NULL ,
1552+ ap_log_cerror (APLOG_MARK , APLOG_WARNING , 0 , conn ,
15421553 "ModSecurity: Too many threads [%ld] of %ld allowed " \
15431554 "in WRITE state from %s - Ip is on whitelist, " \
15441555 "access granted" , ip_count_w , conn_read_state_limit ,
15451556 client_ip );
15461557 }
15471558 else
15481559 {
1549- ap_log_error (APLOG_MARK , APLOG_WARNING , 0 , NULL ,
1560+ ap_log_cerror (APLOG_MARK , APLOG_WARNING , 0 , conn ,
15501561 "ModSecurity: Access denied with code 400. Too many " \
15511562 "threads [%ld] of %ld allowed in WRITE state from %s - " \
15521563 "Possible DoS Consumption Attack [Rejected]" , ip_count_w ,
0 commit comments