Skip to content

Commit 275cb28

Browse files
chaizhenhuachaizhenhua
committed
Added 'ngx_modsecurity_write_body_cb' so that NGINX can deal with STREAM_INPUT_BODY
1 parent 604643c commit 275cb28

File tree

1 file changed

+32
-1
lines changed

1 file changed

+32
-1
lines changed

nginx/modsecurity/ngx_http_modsecurity.c

Lines changed: 32 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, v
6060
static char *ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
6161
apr_status_t modsecurity_read_body_cb(request_rec *r, char *buf, unsigned int length,
6262
unsigned int *readcnt, int *is_eos);
63+
apr_status_t modsecurity_write_body_cb(request_rec *rec, char *buf, unsigned int length);
6364

6465
static ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
6566
static int ngx_http_modsecurity_drop_action(request_rec *r);
@@ -190,6 +191,7 @@ ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
190191
modsecSetLogHook(cf->log, modsecLog);
191192
modsecSetDropAction(ngx_http_modsecurity_drop_action);
192193
modsecSetReadBody(modsecurity_read_body_cb);
194+
modsecSetWriteBody(modsecurity_write_body_cb);
193195

194196
modsecInit();
195197
modsecStartConfig();
@@ -321,6 +323,35 @@ modsecurity_read_body_cb(request_rec *r, char *outpos, unsigned int length,
321323
return APR_SUCCESS;
322324
}
323325

326+
apr_status_t
327+
modsecurity_write_body_cb(request_rec *rec, char *buf, unsigned int length)
328+
{
329+
ngx_buf_t *b;
330+
ngx_http_modsecurity_ctx_t *ctx;
331+
332+
ctx = (ngx_http_modsecurity_ctx_t *) apr_table_get(rec->notes, NOTE_NGINX_REQUEST_CTX);
333+
if (ctx == NULL) {
334+
return APR_EINVAL;
335+
}
336+
337+
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0, "modSecurity: write_body_cb");
338+
339+
b = ctx->r->header_in;
340+
341+
if (b->end - b->pos < length) {
342+
b->start = ngx_palloc(ctx->r->pool, length);
343+
if (b->start == NULL) {
344+
return APR_EINVAL;
345+
}
346+
b->end = b->start + length;
347+
b->pos = b->start;
348+
}
349+
350+
b->last = ngx_cpymem(b->pos, buf, length);
351+
352+
return APR_SUCCESS;
353+
}
354+
324355
apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, struct sockaddr *pAddr) {
325356
apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t));
326357
int adrlen = 16, iplen = 4;
@@ -575,7 +606,7 @@ ngx_http_modsecurity_request_body_handler(ngx_http_request_t *r)
575606
r->loc_conf = ctx->loc_conf;
576607

577608
rc = modsecProcessRequest(ctx->req);
578-
609+
579610
if (rc != DECLINED) {
580611
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: status: %d, need action", rc);
581612

0 commit comments

Comments
 (0)