@@ -25,11 +25,28 @@ if [ -n "${CONFIG_FILE}" ]; then
2525 setup_conf_path=" ${CONFIG_FILE} "
2626fi
2727
28+ # Detect CRS version based on the config file content
29+ detect_crs_version () {
30+ if grep -q " tx\.blocking_paranoia_level" " ${setup_conf_path} " ; then
31+ echo " v4"
32+ elif grep -q " tx\.paranoia_level" " ${setup_conf_path} " ; then
33+ echo " v3"
34+ else
35+ echo " Unknown CRS version"
36+ exit 10
37+ fi
38+ }
39+
40+ # Get the CRS version
41+ CRS_VERSION=" $( detect_crs_version) "
42+ echo " Detected CRS config file version: ${CRS_VERSION} "
43+
2844set_value () {
2945 rule=" ${1} "
3046 var_name=" ${2} "
3147 tx_var_name=" ${3} "
3248 var_value=" ${4} "
49+
3350 echo " Configuring ${rule} for ${var_name} with ${tx_var_name} =${var_value} "
3451
3552 # For each rule, we do one pass to uncomment the rule (up to first blank line after the rule),
@@ -40,7 +57,7 @@ set_value() {
4057 ed -s " ${setup_conf_path} " << EOF 2 > /dev/null
4158/id:${rule} /
4259-
43- .,/^#\? $/ s/#//
60+ .,/^$/ s/#//
4461wq
4562EOF
4663 fi
5269 # Use `#` as pattern delimiter, as `/` is part of some variable values.
5370 ed -s " ${setup_conf_path} " << EOF 2 > /dev/null
5471/id:${rule} /
55- /setvar:'\? tx\.${tx_var_name} =/
56- s#=[^,'"]\+ #=${var_value} #
72+ /setvar:[']* tx\.${tx_var_name} =/
73+ s#=[^,'"]* #=${var_value} #
5774wq
5875EOF
5976}
@@ -68,8 +85,7 @@ can_set() {
6885
6986 if ! grep -q " id:${rule} " " ${setup_conf_path} " ; then
7087 return 1
71- fi
72- if grep -Eq " setvar:'?tx\.${tx_var_name} " " ${setup_conf_path} " ; then
88+ elif ! grep -Eq " setvar:'?tx\.${tx_var_name} " " ${setup_conf_path} " ; then
7389 return 1
7490 fi
7591 return 0
@@ -96,6 +112,14 @@ get_tx_var_name() {
96112 echo " ${1} " | awk -F' \|' ' {print $4}'
97113}
98114
115+ get_tx_var_name () {
116+ echo " ${1} " | awk -F' \|' ' {print $4}'
117+ }
118+
119+ get_test_value () {
120+ echo " ${1} " | awk -F' \|' ' {print $5}'
121+ }
122+
99123while read -r line; do
100124 if [ -z " ${line} " || echo " ${line} " | grep -Eq " ^#" ; then
101125 continue
@@ -106,23 +130,20 @@ while read -r line; do
106130 var_value=" $( get_var_value " ${line} " ) "
107131 rule=" $( get_rule " ${line} " ) "
108132 tx_var_name=" $( get_tx_var_name " ${line} " ) "
109-
133+
110134 if should_set " ${var_value} " " ${tx_var_name} " ; then
111135 if ! can_set " ${rule} " " ${tx_var_name} " ; then
112136 if [ " ${legacy} " = " true" ; then
113137 echo " Legacy variable ${var_name} (${rule} ) set but nothing found to substitute. Skipping"
114138 continue
115- elif [ " ${legacy} " = " false" -a " ${rule} " != " 900000" ; then
116- echo " Non-legacy variable ${var_name} (${rule} ) set but nothing found to substitute. Skipping"
117- continue
118139 fi
119140 echo " Failed to find rule ${rule} to set ${tx_var_name} =${var_value} for ${var_name} in ${setup_conf_path} . Aborting"
120141 exit 1
121142 fi
122143
123144 set_value " ${rule} " " ${var_name} " " ${tx_var_name} " " ${var_value} "
124145 fi
125- done < " ${DIRECTORY} /configure-rules.conf"
146+ done < " ${DIRECTORY} /configure-rules.${CRS_VERSION} . conf"
126147
127148# Add SecDefaultActions
128149var=" ${MODSEC_DEFAULT_PHASE1_ACTION} "
0 commit comments