Skip to content

Commit e3b3721

Browse files
Mario D. SantanaFelipe Zimmerle
authored andcommitted
Allow mod_proxy's "nocanon" behavior to be specified in proxy actions.
1 parent 258e554 commit e3b3721

File tree

2 files changed

+37
-1
lines changed

2 files changed

+37
-1
lines changed

apache2/re_actions.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -664,7 +664,12 @@ static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp
664664

665665
var = apr_pcalloc(mptmp, sizeof(msc_string));
666666
if (var == NULL) return -1;
667-
var->value = (char *)action->param;
667+
if (!strncmp(action->param,"[nocanon]",9)) {
668+
apr_table_setn(msr->r->notes,"proxy-nocanon",1);
669+
var->value = (char *)action->param+9;
670+
} else {
671+
var->value = (char *)action->param;
672+
}
668673
var->value_len = strlen(var->value);
669674
expand_macros(msr, var, rule, mptmp);
670675

tests/regression/action/00-disruptive-actions.t

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -474,6 +474,37 @@
474474
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
475475
),
476476
},
477+
{
478+
type => "action",
479+
comment => "nocanon proxy in phase:1 (get)",
480+
conf => qq(
481+
SecRuleEngine On
482+
SecRequestBodyAccess On
483+
SecResponseBodyAccess On
484+
SecResponseBodyMimeType null
485+
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'[nocanon]http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005"
486+
),
487+
match_log => {
488+
error => {
489+
apache => [qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1],
490+
nginx => [qr/ModSecurity: Access denied with code 500 \(phase 1\) \(Configuration Error: Proxy action to .* requested but proxy is only available in Apache version\)./, 1],
491+
},
492+
},
493+
match_response => {
494+
status => {
495+
apache => qr/^200$/,
496+
nginx => qr/^500$/,
497+
},
498+
content => {
499+
apache => qr/^TEST$/,
500+
nginx => qr/^*$/,
501+
},
502+
},
503+
504+
request => new HTTP::Request(
505+
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
506+
),
507+
},
477508
{
478509
type => "action",
479510
comment => "proxy in phase:2 (get)",

0 commit comments

Comments
 (0)