Skip to content

Improved split Request to headers and body phase, use apr_brigade to deal with request body #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 11 commits into from
Closed

Improved split Request to headers and body phase, use apr_brigade to deal with request body #29

wants to merge 11 commits into from

Conversation

chaizhenhua
Copy link
Contributor

Added response Headers/Body phase.

@brenosilva
Copy link
Contributor

Thanks for the patch. I will apply and run some tests.
Let me just know if there is an specific reason (bug you found ? ) to change ngx_chain to apr_* ?

@brenosilva
Copy link
Contributor

Just doing some tests. I'm trying to upload file (+500Kb) and it is not working. Only very small files can be uploaded. Can you check?

Also when i add this rule:
SecRule REQBODY_ERROR "!@eq 0"
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"

I saw the message:
2013/01/15 14:07:18 [error] 11898#0: [client 192.168.0.102] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "standalone"] [uri "/upload_file.php"] [unique_id "12345"]

@chaizhenhua
Copy link
Contributor Author

hi,

nginx use nonblocking event driven io module, so we cant read request/response body directly in processing phase.
instead we have to buffer input/output body until all is saved and then pass to modsecurity, if we use brigade we can reduce memory copy(read cb will copy memory from nginx to modsecurity, while write cb will copy memory from modsecurity to nginx). this is why brigade conversion is used.

@chaizhenhua
Copy link
Contributor Author

The error has been fixed with patch Fixed multipart error

@brenosilva
Copy link
Contributor

Hello,

The patch looks fine. Could you merge it again to the trunk ? Trunk is a different (2.7.2) and it will fail to merge. Maybe submit a new pull ?

Thanks

Breno

@chaizhenhua
Copy link
Contributor Author

Hi, Breno
I have submit a new pull #34.

@brenosilva
Copy link
Contributor

Hello,

Just tested the new trunk with your patch and when SecRuleEngine On and a rule like SecRule REQUEST_BODY "price" "phase:2,id:113,deny" it is not blocking the transaction anymore ad return 403.

Could you take a look ?

Thanks

Breno

@Menahem1 Menahem1 mentioned this pull request Feb 11, 2017
Closed
@majordaw majordaw mentioned this pull request Sep 26, 2017
Closed
@monkburger monkburger mentioned this pull request Mar 10, 2018
Closed
@KfirManSnunit KfirManSnunit mentioned this pull request Dec 10, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chaizhenhua @brenosilva