Informs problems and successfully loaded external resources during reload

Felipe Zimmerle · Felipe Zimmerle · commit dc81e4f85282 · 2014-12-11T12:42:58.000-08:00
Resources load mechanism as the SecRemoteRuels were not showing information
about the loaded rules while Apache was reloaded. This patch add such
information to reload in the same way that it was showing on restart.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.????? (To be released)
 -----------------------
 
+ * Informs about external resources loaded/failed while reloading Apache.
+   [ModSecurity team]
  * Adds missing 'ModSecurity:' prefix in some warnings messages.
    [Walter Hop and ModSecurity team]
  * Refactoring external resources download warn messages. Holding the message
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
@@ -762,14 +762,15 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
                     "it by set SecStatusEngine to On.");
         }
 #endif
+    }
 
-        if (remote_rules_fail_message != NULL)
-        {
-            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \
-                    "Problems loading external resources: %s",
-                    remote_rules_fail_message);
-        }
-
+    /**
+     * Checking if it is not the first time that we are in this very function.
+     * We want to show the messages below during the start and the reload.
+     *
+     */
+    if (first_time != 1)
+    {
 #ifdef WITH_REMOTE_RULES
         if (remote_rules_server != NULL)
         {
@@ -789,6 +790,12 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
             }
         }
 #endif
+        if (remote_rules_fail_message != NULL)
+        {
+            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \
+                "Problems loading external resources: %s",
+                remote_rules_fail_message);
+        }
     }
 
     srand((unsigned int)(time(NULL) * getpid()));
diff --git a/apache2/re_operators.c b/apache2/re_operators.c
@@ -1293,7 +1293,12 @@ static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) {
 
             res = msc_remote_download_content(rule->ruleset->mp, fn, NULL,
                     &chunk, error_msg);
-            if (res == -1)
+            if (res == -2)
+            {
+                /* If download failed but SecRemoteRulesFailAction is set to Warn. */
+                return 1;
+            }
+            else if (res < 0)
             {
                 return 0;
             }

Original file line number	Diff line number	Diff line change
`@@ -1293,7 +1293,12 @@ static int msre_op_pmFromFile_param_init(msre_rule rule, char *error_msg) {`
`1293`	`1293`
`1294`	`1294`	`res = msc_remote_download_content(rule->ruleset->mp, fn, NULL,`
`1295`	`1295`	`&chunk, error_msg);`
`1296`		`- if (res == -1)`
	`1296`	`+ if (res == -2)`
	`1297`	`+ {`
	`1298`	`+ /* If download failed but SecRemoteRulesFailAction is set to Warn. */`
	`1299`	`+ return 1;`
	`1300`	`+ }`
	`1301`	`+ else if (res < 0)`
`1297`	`1302`	`{`
`1298`	`1303`	`return 0;`
`1299`	`1304`	`}`