diff --git a/.travis.yml b/.travis.yml index 2431f31..f0d134f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,8 +16,8 @@ addons: - liblmdb-dev env: - - VER_NGINX=1.13.10 - - VER_NGINX=1.12.2 + - VER_NGINX=1.15.5 + - VER_NGINX=1.14.0 before_script: - cd .. @@ -33,7 +33,7 @@ before_script: - cd .. - wget http://nginx.org/download/nginx-${VER_NGINX}.tar.gz && tar -xf nginx-${VER_NGINX}.tar.gz - cd nginx-${VER_NGINX} - - ./configure --add-module=../ModSecurity-nginx + - ./configure --with-http_auth_request_module --add-module=../ModSecurity-nginx - make - sudo make install - cd .. diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c index 6f4cbcb..f863cf8 100644 --- a/src/ngx_http_modsecurity_pre_access.c +++ b/src/ngx_http_modsecurity_pre_access.c @@ -34,6 +34,7 @@ ngx_http_modsecurity_request_read(ngx_http_request_t *r) if (ctx->waiting_more_body) { ctx->waiting_more_body = 0; + r->write_event_handler = ngx_http_core_run_phases; ngx_http_core_run_phases(r); } } @@ -131,6 +132,8 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) dd("request body is ready to be processed"); + r->write_event_handler = ngx_http_core_run_phases; + ngx_chain_t *chain = r->request_body->bufs; /** diff --git a/tests/modsecurity-request-body.t b/tests/modsecurity-request-body.t index 6732d2f..d485937 100644 --- a/tests/modsecurity-request-body.t +++ b/tests/modsecurity-request-body.t @@ -22,7 +22,7 @@ use Test::Nginx; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http/); +my $t = Test::Nginx->new()->has(qw/http auth_request/); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -41,6 +41,7 @@ http { server_name localhost; modsecurity on; + client_header_buffer_size 1024; location /bodyaccess { modsecurity_rules ' @@ -82,6 +83,20 @@ http { '; proxy_pass http://127.0.0.1:8081; } + + location = /auth { + return 200; + } + + location = /useauth { + modsecurity on; + modsecurity_rules ' + SecRuleEngine On + SecRequestBodyAccess On + '; + auth_request /auth; + proxy_pass http://127.0.0.1:8081; + } } } EOF @@ -89,7 +104,7 @@ EOF $t->run_daemon(\&http_daemon); $t->run()->waitforsocket('127.0.0.1:' . port(8081)); -$t->plan(32); +$t->plan(36); ############################################################################### @@ -104,6 +119,33 @@ like(http_req_body($method, '/bodylimitprocesspartial', 'BODY' x 32 . 'BAD BODY' like(http_req_body($method, '/bodylimitprocesspartial', 'BODY' x 30 . 'BAD BODY' x 32), qr/403 Forbidden/, "$method request body limit process partial, block"); } +like(http_req_body('POST', '/useauth', 'BODY' x 16), qr/TEST-OK-IF-YOU-SEE-THIS/, "POST with auth_request (request size < client_header_buffer_size)"); +like(http_req_body('POST', '/useauth', 'BODY' x 257), qr/TEST-OK-IF-YOU-SEE-THIS/, "POST with auth_request (request size > client_header_buffer_size)"); + +like( + http( + 'POST /useauth HTTP/1.0' . CRLF + . 'Content-Length: 1028' . CRLF . CRLF + . 'BODY' x 256, + sleep => 0.1, + body => 'BODY' + ), + qr/TEST-OK-IF-YOU-SEE-THIS/, + 'POST with auth_request (request size > client_header_buffer_size), no preread' +); + +like( + http( + 'POST /useauth HTTP/1.0' . CRLF + . 'Content-Length: 64' . CRLF . CRLF + . 'BODY' x 15, + sleep => 0.1, + body => 'BODY' + ), + qr/TEST-OK-IF-YOU-SEE-THIS/, + 'POST with auth_request (request size < client_header_buffer_size), no preread' +); + ############################################################################### sub http_daemon {