Google Git
Sign in
nginx / nginx-pkgoss / a64a014780df01a449cac24b9924df7b7103ec17 / . / contrib / src / modsecurity-nginx / PR165.patch
blob: d0505e7cb8af355054e5e9beb13762beb9de1f1a [file] [log] [blame]
From d8987f6476edd2ac9d5df99778f9e12cfbe8e83e Mon Sep 17 00:00:00 2001
From: Andrei Belov <defanator@gmail.com>
Date: Tue, 6 Aug 2019 16:32:15 +0300
Subject: [PATCH] Avoid processing of subrequests initiated by the error_page
Closes #164, SpiderLabs/ModSecurity#2143.
---
src/ngx_http_modsecurity_header_filter.c | 4 ++++
src/ngx_http_modsecurity_log.c | 4 ++++
src/ngx_http_modsecurity_pre_access.c | 4 ++++
src/ngx_http_modsecurity_rewrite.c | 4 ++++
4 files changed, 16 insertions(+)
diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c
index 3f9f748..04ad7ac 100644
--- a/src/ngx_http_modsecurity_header_filter.c
+++ b/src/ngx_http_modsecurity_header_filter.c
@@ -420,6 +420,10 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
/* XXX: if NOT_MODIFIED, do we need to process it at all? see xslt_header_filter() */
+ if (r->error_page) {
+ return ngx_http_next_header_filter(r);
+ }
+
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
dd("header filter, recovering ctx: %p", ctx);
diff --git a/src/ngx_http_modsecurity_log.c b/src/ngx_http_modsecurity_log.c
index 5546596..39cf6b7 100644
--- a/src/ngx_http_modsecurity_log.c
+++ b/src/ngx_http_modsecurity_log.c
@@ -41,6 +41,10 @@ ngx_http_modsecurity_log_handler(ngx_http_request_t *r)
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
+ if (r->error_page) {
+ return NGX_OK;
+ }
+
dd("catching a new _log_ phase handler");
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c
index 05d7140..d5389ad 100644
--- a/src/ngx_http_modsecurity_pre_access.c
+++ b/src/ngx_http_modsecurity_pre_access.c
@@ -48,6 +48,10 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
+ if (r->error_page) {
+ return NGX_DECLINED;
+ }
+
dd("catching a new _preaccess_ phase handler");
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c
index cd02438..fa178a2 100644
--- a/src/ngx_http_modsecurity_rewrite.c
+++ b/src/ngx_http_modsecurity_rewrite.c
@@ -27,6 +27,10 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
+ if (r->error_page) {
+ return NGX_DECLINED;
+ }
+
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (mcf == NULL || mcf->enable != 1) {
dd("ModSecurity not enabled... returning");