Skip to content

Commit 177b5b9

Browse files
chaizhenhuachaizhenhua
chaizhenhua
authored and
chaizhenhua
committed
Nginx: Added SecDisableBackendCompression support
Nginx: Added internel redirected request processing
1 parent 55850a9 commit 177b5b9

File tree

7 files changed

+1089
-241
lines changed

7 files changed

+1089
-241
lines changed

nginx/modsecurity/apr_bucket_nginx.c

Lines changed: 22 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
#include <apr_bucket_nginx.h>
33

44
static apr_status_t nginx_bucket_read(apr_bucket *b, const char **str,
5-
apr_size_t *len, apr_read_type_e block);
5+
apr_size_t *len, apr_read_type_e block);
66
static void nginx_bucket_destroy(void *data);
77

88
static const apr_bucket_type_t apr_bucket_type_nginx = {
@@ -110,22 +110,22 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
110110
b->last_buf = 0;
111111
return b;
112112
}
113-
113+
114114
buf = ngx_palloc(pool, sizeof(ngx_buf_t));
115115
if (buf == NULL) {
116116
return NULL;
117117
}
118118
ngx_memcpy(buf, b, sizeof(ngx_buf_t));
119-
120-
if (ngx_buf_in_memory(buf)) {
119+
120+
if (ngx_buf_in_memory(buf)) {
121121
buf->start = buf->pos = buf->pos + e->start;
122122
buf->end = buf->last = buf->pos + e->length;
123123
} else {
124124
buf->pos = NULL;
125125
buf->file_pos += e->start;
126126
buf->file_last = buf->file_pos + e->length;
127127
}
128-
128+
129129
buf->last_buf = 0;
130130
return buf;
131131
}
@@ -134,7 +134,7 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
134134
&len, APR_BLOCK_READ) != APR_SUCCESS) {
135135
return NULL;
136136
}
137-
137+
138138
buf = ngx_calloc_buf(pool);
139139
if (buf == NULL) {
140140
return NULL;
@@ -146,18 +146,18 @@ ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool) {
146146
buf->start = ngx_palloc(pool, len);
147147
ngx_memcpy(buf->start, data, len);
148148
}
149-
149+
150150
buf->pos = buf->start;
151151
buf->end = buf->last = buf->start + len;
152152
buf->temporary = 1;
153153
return buf;
154154
}
155155

156156
ngx_int_t
157-
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool) {
157+
move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf) {
158158
apr_bucket *e;
159159
ngx_chain_t *cl;
160-
160+
161161
while (chain) {
162162
e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
163163
if (e == NULL) {
@@ -175,6 +175,13 @@ move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *po
175175
chain = chain->next;
176176
ngx_free_chain(pool, cl);
177177
}
178+
179+
if (last_buf) {
180+
e = apr_bucket_eos_create(bb->bucket_alloc);
181+
APR_BRIGADE_INSERT_TAIL(bb, e);
182+
return NGX_OK;
183+
}
184+
178185
return NGX_AGAIN;
179186
}
180187

@@ -185,16 +192,16 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
185192
ngx_chain_t *cl;
186193

187194
cl = NULL;
188-
195+
189196
if (APR_BRIGADE_EMPTY(bb)) {
190197
*ll = NULL;
191198
return NGX_OK;
192199
}
193-
200+
194201
for (e = APR_BRIGADE_FIRST(bb);
195202
e != APR_BRIGADE_SENTINEL(bb);
196203
e = APR_BUCKET_NEXT(e)) {
197-
204+
198205
if (APR_BUCKET_IS_EOS(e)) {
199206
if (cl == NULL) {
200207
*ll = cl;
@@ -204,7 +211,7 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
204211
apr_brigade_cleanup(bb);
205212
return NGX_OK;
206213
}
207-
214+
208215
if (APR_BUCKET_IS_METADATA(e)) {
209216
continue;
210217
}
@@ -213,12 +220,12 @@ move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **ll, ngx_pool_t *pool
213220
if (buf == NULL) {
214221
break;
215222
}
216-
223+
217224
cl = ngx_alloc_chain_link(pool);
218225
if (cl == NULL) {
219226
break;
220227
}
221-
228+
222229
cl->buf = buf;
223230
cl->next = NULL;
224231
*ll = cl;

nginx/modsecurity/apr_bucket_nginx.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,6 @@ apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
1313

1414
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
1515

16-
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool);
16+
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
1717
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);
1818

nginx/modsecurity/config

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,8 @@
11
ngx_addon_name=ngx_http_modsecurity
2-
# HTTP_MODULES="$HTTP_MODULES ngx_http_modsecurity"
3-
HTTP_HEADERS_FILTER_MODULE="ngx_http_modsecurity $HTTP_HEADERS_FILTER_MODULE"
4-
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c"
5-
NGX_ADDON_DEPS="$NGX_ADDON_DEPS"
2+
CORE_MODULES="$CORE_MODULES ngx_pool_context_module"
3+
HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES"
4+
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c"
5+
NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h"
66
CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm"
77
CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2"
8-
have=REQUEST_EARLY . auto/have
98

0 commit comments

Comments
 (0)