-
Notifications
You must be signed in to change notification settings - Fork 297
fix: response body (based on #326) #334
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Quality Gate Passed Quality Gate passed
Issues
1 New issue
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
Does this fix losing the context of the tx due to nginx internal redirects(POSTS all recorded as GETs etc.)? If so thats a good first step in the right direction.
Does this fix losing the context of the tx due to nginx internal redirects(POSTS all recorded as GETs etc.)? If so thats a good first step in the right direction.
Yes, it does. The base PR (#326) didn't do that but I could add #273 (see my initial commit) which does. Both two PR's are necessary. I also faced the duplicated tx in case of internal redirect, this is why I started to research.
Dr-Lazarus-V2
commented
Nov 21, 2024
Will have a look and test this out!
Dr-Lazarus-V2
commented
Nov 25, 2024
Hey I have done some initial testing, it appears to work as intended.
liudongmiao
commented
Nov 25, 2024
@airween For ngx_http_modsecurity_get_module_ctx part, I'd suggest to use with the original realip part, which checks r->internal || r->filter_finalize too.
When I use it with the old modsecurity, I don't know why I removed the internal and flter_finalize part.
Hi @liudongmiao,
@airween For
ngx_http_modsecurity_get_module_ctxpart, I'd suggest to use with the original realip part, which checksr->internal || r->filter_finalizetoo.When I use it with the old modsecurity, I don't know why I removed the internal and flter_finalize part.
thanks for suggestion - you mean here I should replace that function with your suggestion?
Could you send a review with your solution?
@liudongmiao ping.
liudongmiao
commented
Dec 26, 2024
@airween Yes, I suggest you use original version from nginx, and check whether use nginx version or my version.
liudongmiao
commented
Dec 26, 2024
@airween However, my patched version works well since the pr I maked 2 years ago.
@airween Yes, I suggest you use original version from nginx, and check whether use nginx version or my version.
Thanks - just to clarify: you mean we should add the extra condition to check if the ctx is null or not, right? So now I copied from your solution this:
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); if (ctx == NULL) {
but we should change to this:
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); if (ctx == NULL && (r->internal || r->filter_finalize)) {
It would be nice to know what the r->filter_finalize does, because Nginx's documentation does not explains that (r->internal is covered in the docs).
liudongmiao
commented
Dec 30, 2024
@airween In my old cases, I just want to get context, ignore any nginx's internal status.
You should check it carefully.
@airween In my old cases, I just want to get context, ignore any nginx's internal status.
You should check it carefully.
Thanks - then I keep it as it is. We can add other conditions if everyone has an issue.
Thanks for all the help guys, merging now.
This patch is based on #326 but there was a problem: if Nginx uses any custom error page, then because of the the internal redirect a new transaction started and it generated an
audit.logentry with emptymessagesfield. See this commit.I found PR #273 by @liudongmiao but that pull request was very old, and I wasn't able to build the module with that. I picked up the modifications and added to the base PR.
Credits to: @liudongmiao, @g00g1.
@Dr-Lazarus-V2, @g00g1, @liudongmiao, @jeremyjpj0916 - guys please could you test this branch?
Suggested test cases:
REQUEST_URI(rules withphase:1but Nginx callsmsc_process_uri(),REQUEST_HEADERS(phase:1), egARGS(phase2), etc...) (with response403))Feel free to ask here or on Slack.