Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit dcabb04

Browse files
New variable $modsecurity_status
This variable can be used for example in access logs to distinguish which requests was blocked by modsecurity
1 parent d2051c9 commit dcabb04

File tree

2 files changed

+47
-1
lines changed

2 files changed

+47
-1
lines changed

‎src/ngx_http_modsecurity_common.h‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ typedef struct {
9999
unsigned processed:1;
100100
unsigned logged:1;
101101
unsigned intervention_triggered:1;
102+
ngx_uint_t status; // status code from modsecurity
102103
} ngx_http_modsecurity_ctx_t;
103104

104105

‎src/ngx_http_modsecurity_module.c‎

Lines changed: 46 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,10 @@ static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf);
3636
static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child);
3737
static void ngx_http_modsecurity_cleanup_instance(void *data);
3838
static void ngx_http_modsecurity_cleanup_rules(void *data);
39+
static ngx_int_t ngx_http_modsecurity_add_variables(ngx_conf_t *cf);
40+
static ngx_int_t ngx_http_modsecurity_status_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data);
3941

42+
static ngx_str_t ngx_http_modsecurity_status = ngx_string("modsecurity_status");
4043

4144
/*
4245
* PCRE malloc/free workaround, based on
@@ -223,6 +226,7 @@ ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_re
223226

224227
if (intervention.status != 200)
225228
{
229+
ctx->status = intervention.status;
226230
/**
227231
* FIXME: this will bring proper response code to audit log in case
228232
* when e.g. error_page redirect was triggered, but there still won't be another
@@ -284,6 +288,8 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
284288
return NULL;
285289
}
286290

291+
ctx->status = 0;
292+
287293
mmcf = ngx_http_get_module_main_conf(r, ngx_http_modsecurity_module);
288294
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
289295

@@ -514,7 +520,7 @@ static ngx_command_t ngx_http_modsecurity_commands[] = {
514520

515521

516522
static ngx_http_module_t ngx_http_modsecurity_ctx = {
517-
NULL, /* preconfiguration */
523+
ngx_http_modsecurity_add_variables, /* preconfiguration */
518524
ngx_http_modsecurity_init, /* postconfiguration */
519525

520526
ngx_http_modsecurity_create_main_conf, /* create main configuration */
@@ -817,4 +823,43 @@ ngx_http_modsecurity_cleanup_rules(void *data)
817823
}
818824

819825

826+
static ngx_int_t
827+
ngx_http_modsecurity_add_variables(ngx_conf_t *cf)
828+
{
829+
ngx_http_variable_t *v;
830+
831+
v = ngx_http_add_variable(cf, &ngx_http_modsecurity_status,
832+
NGX_HTTP_VAR_NOCACHEABLE);
833+
if (v == NULL) {
834+
return NGX_ERROR;
835+
}
836+
837+
v->get_handler = ngx_http_modsecurity_status_variable;
838+
839+
return NGX_OK;
840+
}
841+
842+
843+
static ngx_int_t
844+
ngx_http_modsecurity_status_variable(ngx_http_request_t *r,
845+
ngx_http_variable_value_t *v, uintptr_t data)
846+
{
847+
ngx_http_modsecurity_ctx_t *ctx;
848+
849+
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
850+
if (ctx == NULL || ctx->status == 0) {
851+
v->not_found = 1;
852+
return NGX_OK;
853+
}
854+
855+
v->len = ngx_sprintf(v->data, "%03ui", ctx->status) - v->data;
856+
v->valid = 1;
857+
v->no_cacheable = 0;
858+
v->not_found = 0;
859+
860+
return NGX_OK;
861+
}
862+
863+
864+
820865
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /