Allow mod_proxy's "nocanon" behavior to be specified in proxy actions.

Author: Mario D. Santana

apache2/re_actions.c

@@ -664,7 +664,12 @@ static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp
 
     var = apr_pcalloc(mptmp, sizeof(msc_string));
     if (var == NULL) return -1;
-    var->value = (char *)action->param;
+    if (!strncmp(action->param,"[nocanon]",9)) {
+        apr_table_setn(msr->r->notes,"proxy-nocanon",1);
+        var->value = (char *)action->param+9;
+    } else {
+        var->value = (char *)action->param;
+    }
     var->value_len = strlen(var->value);
     expand_macros(msr, var, rule, mptmp);
 

tests/regression/action/00-disruptive-actions.t

@@ -474,6 +474,37 @@
 		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 	),
 },
+{
+	type => "action",
+	comment => "nocanon proxy in phase:1 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'[nocanon]http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005"
+	),
+	match_log => {
+		error => {
+			apache => [qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1],
+			nginx => [qr/ModSecurity: Access denied with code 500 \(phase 1\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
+		},
+	},
+	match_response => {
+		status => {
+			apache => qr/^200$/,
+			nginx => qr/^500$/,
+		},
+		content => {
+			apache => qr/^TEST$/,
+			nginx => qr/^*$/,
+		},
+	},
+
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
 {
 	type => "action",
 	comment => "proxy in phase:2 (get)",