| From d8987f6476edd2ac9d5df99778f9e12cfbe8e83e Mon Sep 17 00:00:00 2001 |
| From: Andrei Belov <defanator@gmail.com> |
| Date: Tue, 6 Aug 2019 16:32:15 +0300 |
| Subject: [PATCH] Avoid processing of subrequests initiated by the error_page |
| |
| Closes #164, SpiderLabs/ModSecurity#2143. |
| --- |
| src/ngx_http_modsecurity_header_filter.c | 4 ++++ |
| src/ngx_http_modsecurity_log.c | 4 ++++ |
| src/ngx_http_modsecurity_pre_access.c | 4 ++++ |
| src/ngx_http_modsecurity_rewrite.c | 4 ++++ |
| 4 files changed, 16 insertions(+) |
| |
| diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c |
| index 3f9f748..04ad7ac 100644 |
| --- a/src/ngx_http_modsecurity_header_filter.c |
| +++ b/src/ngx_http_modsecurity_header_filter.c |
| @@ -420,6 +420,10 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) |
| |
| /* XXX: if NOT_MODIFIED, do we need to process it at all? see xslt_header_filter() */ |
| |
| + if (r->error_page) { |
| + return ngx_http_next_header_filter(r); |
| + } |
| + |
| ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); |
| |
| dd("header filter, recovering ctx: %p", ctx); |
| diff --git a/src/ngx_http_modsecurity_log.c b/src/ngx_http_modsecurity_log.c |
| index 5546596..39cf6b7 100644 |
| --- a/src/ngx_http_modsecurity_log.c |
| +++ b/src/ngx_http_modsecurity_log.c |
| @@ -41,6 +41,10 @@ ngx_http_modsecurity_log_handler(ngx_http_request_t *r) |
| ngx_http_modsecurity_ctx_t *ctx; |
| ngx_http_modsecurity_conf_t *mcf; |
| |
| + if (r->error_page) { |
| + return NGX_OK; |
| + } |
| + |
| dd("catching a new _log_ phase handler"); |
| |
| mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); |
| diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c |
| index 05d7140..d5389ad 100644 |
| --- a/src/ngx_http_modsecurity_pre_access.c |
| +++ b/src/ngx_http_modsecurity_pre_access.c |
| @@ -48,6 +48,10 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) |
| ngx_http_modsecurity_ctx_t *ctx; |
| ngx_http_modsecurity_conf_t *mcf; |
| |
| + if (r->error_page) { |
| + return NGX_DECLINED; |
| + } |
| + |
| dd("catching a new _preaccess_ phase handler"); |
| |
| mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); |
| diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c |
| index cd02438..fa178a2 100644 |
| --- a/src/ngx_http_modsecurity_rewrite.c |
| +++ b/src/ngx_http_modsecurity_rewrite.c |
| @@ -27,6 +27,10 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) |
| ngx_http_modsecurity_ctx_t *ctx; |
| ngx_http_modsecurity_conf_t *mcf; |
| |
| + if (r->error_page) { |
| + return NGX_DECLINED; |
| + } |
| + |
| mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); |
| if (mcf == NULL || mcf->enable != 1) { |
| dd("ModSecurity not enabled... returning"); |