Include number of loaded rules in log message at start

defanator · Felipe Zimmerle · commit c3197e3ad9ac · 2018-12-17T10:07:09.000-03:00
diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h
@@ -89,6 +89,9 @@ typedef struct {
 typedef struct {
     void                      *pool;
     ModSecurity               *modsec;
+    ngx_uint_t                 rules_inline;
+    ngx_uint_t                 rules_file;
+    ngx_uint_t                 rules_remote;
 } ngx_http_modsecurity_main_conf_t;
 
 
diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c
@@ -286,13 +286,19 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
 }
 
 
-char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
-    ngx_str_t *value = cf->args->elts;
-    int res;
-    const char *error = NULL;
-    char *rules = ngx_str_to_char(value[1], cf->pool);
-    ngx_pool_t *old_pool;
-    ngx_http_modsecurity_conf_t *mcf = conf;
+char *
+ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    int                                res;
+    char                              *rules;
+    ngx_str_t                         *value;
+    const char                        *error;
+    ngx_pool_t                        *old_pool;
+    ngx_http_modsecurity_conf_t       *mcf = conf;
+    ngx_http_modsecurity_main_conf_t  *mmcf;
+
+    value = cf->args->elts;
+    rules = ngx_str_to_char(value[1], cf->pool);
 
     if (rules == (char *)-1) {
         return NGX_CONF_ERROR;
@@ -301,22 +307,32 @@ char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
     old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
     res = msc_rules_add(mcf->rules_set, rules, &error);
     ngx_http_modsecurity_pcre_malloc_done(old_pool);
+
     if (res < 0) {
         dd("Failed to load the rules: '%s' - reason: '%s'", rules, error);
         return strdup(error);
     }
 
+    mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
+    mmcf->rules_inline += res;
+
     return NGX_CONF_OK;
 }
 
 
-char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
-    ngx_str_t *value = cf->args->elts;
-    int res;
-    const char *error = NULL;
-    ngx_pool_t *old_pool;
-    ngx_http_modsecurity_conf_t *mcf = conf;
-    char *rules_set = ngx_str_to_char(value[1], cf->pool);
+char *
+ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    int                                res;
+    char                              *rules_set;
+    ngx_str_t                         *value;
+    const char                        *error;
+    ngx_pool_t                        *old_pool;
+    ngx_http_modsecurity_conf_t       *mcf = conf;
+    ngx_http_modsecurity_main_conf_t  *mmcf;
+
+    value = cf->args->elts;
+    rules_set = ngx_str_to_char(value[1], cf->pool);
 
     if (rules_set == (char *)-1) {
         return NGX_CONF_ERROR;
@@ -325,39 +341,54 @@ char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
     old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
     res = msc_rules_add_file(mcf->rules_set, rules_set, &error);
     ngx_http_modsecurity_pcre_malloc_done(old_pool);
+
     if (res < 0) {
         dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error);
         return strdup(error);
     }
 
+    mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
+    mmcf->rules_file += res;
+
     return NGX_CONF_OK;
 }
 
 
-char *ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
-    ngx_str_t *value = cf->args->elts;
-    int res;
-    const char *error = NULL;
-    const char *rules_remote_key = ngx_str_to_char(value[1], cf->pool);
-    const char *rules_remote_server = ngx_str_to_char(value[2], cf->pool);
-    ngx_pool_t *old_pool;
-    ngx_http_modsecurity_conf_t *mcf = conf;
+char *
+ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    int                                res;
+    ngx_str_t                         *value;
+    const char                        *error;
+    const char                        *rules_remote_key, *rules_remote_server;
+    ngx_pool_t                        *old_pool;
+    ngx_http_modsecurity_conf_t       *mcf = conf;
+    ngx_http_modsecurity_main_conf_t  *mmcf;
+
+    value = cf->args->elts;
+    rules_remote_key = ngx_str_to_char(value[1], cf->pool);
+    rules_remote_server = ngx_str_to_char(value[2], cf->pool);
 
     if (rules_remote_server == (char *)-1) {
         return NGX_CONF_ERROR;
     }
+
     if (rules_remote_key == (char *)-1) {
         return NGX_CONF_ERROR;
     }
 
     old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
     res = msc_rules_add_remote(mcf->rules_set, rules_remote_key, rules_remote_server, &error);
     ngx_http_modsecurity_pcre_malloc_done(old_pool);
+
     if (res < 0) {
         dd("Failed to load the rules from: '%s'  - reason: '%s'", rules_remote_server, error);
         return strdup(error);
     }
 
+    mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
+    mmcf->rules_remote += res;
+
     return NGX_CONF_OK;
 }
 
@@ -564,6 +595,9 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
      *
      *     conf->modsec = NULL;
      *     conf->pool = NULL;
+     *     conf->rules_inline = 0;
+     *     conf->rules_file = 0;
+     *     conf->rules_remote = 0;
      */
 
     cln = ngx_pool_cleanup_add(cf->pool, 0);
@@ -597,7 +631,13 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
 static char *
 ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf)
 {
-    ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, MODSECURITY_NGINX_WHOAMI);
+    ngx_http_modsecurity_main_conf_t  *mmcf;
+    mmcf = (ngx_http_modsecurity_main_conf_t *) conf;
+
+    ngx_log_error(NGX_LOG_NOTICE, cf->log, 0,
+                  "%s (rules loaded inline/local/remote: %ui/%ui/%ui)",
+                  MODSECURITY_NGINX_WHOAMI, mmcf->rules_inline,
+                  mmcf->rules_file, mmcf->rules_remote);
 
     return NGX_CONF_OK;
 }
