Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Add an Option to Skip Body Inspections ( Closes #343 ) #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thekief wants to merge 2 commits into owasp-modsecurity:master
base: master
Choose a base branch
Loading
from thekief:skip-body-inspection

Conversation

Copy link

@thekief thekief commented Jun 3, 2025

As dicussed in the issue, I would like to add 2 new directives that allow to skip the body inspection. There are a few usecases, where, e.g. encrypted data is set, and no useful inspection can be made.

While denying the body access may skip the inspection, it still results in the caching of data. Subsequently, there is an unneeded amount of resource consumption, memory, as well as time, involved.

While it would be cleaner to expose an API that allows users of libmodsecurity to check, if a path, e.g. has a reqeust body check, this involves a lot more work. The approach taken in this PR, shifts the functionality to that is only necessitates changes in the nginx module.

Regarding Tests: As for tests, I'm a bit unsure what the best way would be to test it. One way would be to try to upload a file, e.g. 100MB, to a location and check when the first data reaches it. If the body inspection is disabled, the first bytes will arrive much sooner, as the nginx module caches the body until it's fully received otherwise and only then forwards the data.

Copy link
Member

airween commented Jun 3, 2025

Hi @thekief,

thanks for this PR, I think this is quite useful.

Regarding Tests: As for tests, I'm a bit unsure what the best way would be to test it.

If I suggest suggest a method:

  • create a vhost config where you turn Off the request body inspection
  • create a rule (into phase:2) that checks for a variable from the request body (eg ARGS_POST)
  • send a request which should trigger that rule

For the response body skip:

  • create another vhost config where you turn Off the response body inspection
  • create a rule (into phase:4) that checks for a variable from the response body (eg RESPONSE_BODY)
  • set a content for that vhost which triggers that rule

You can add cross checking too (eg. the first mentioned rule above executes in phase:4 and you try to mix the settings with these new options...)

Copy link
Author

thekief commented Jun 11, 2025
edited
Loading

Sorry for getting back so late. I created configurations, but as I'm terrible with nginx tests using Perl, may I just send you the configurations? 😅

Copy link

The abbreviation for response is usually rep or resp, or consider not using the abbreviation and directly name the directive: modsecurity_skip_request_body_filter and modsecurity_skip_response_body_filter

Copy link
Author

thekief commented Jun 16, 2025

@HanadaLee thank you for looking over the changes. I use resp to abbreviate response now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /