diff --git a/src/ngx_http_modsecurity_body_filter.c b/src/ngx_http_modsecurity_body_filter.c index fd286d0..6118a94 100644 --- a/src/ngx_http_modsecurity_body_filter.c +++ b/src/ngx_http_modsecurity_body_filter.c @@ -38,7 +38,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) ngx_chain_t *chain = in; ngx_http_modsecurity_ctx_t *ctx = NULL; #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) - ngx_http_modsecurity_conf_t *loc_cf = NULL; + ngx_http_modsecurity_conf_t *mcf; ngx_list_part_t *part = &r->headers_out.headers.part; ngx_table_elt_t *data = part->elts; ngx_uint_t i = 0; @@ -57,8 +57,8 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) } #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) - loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); - if (loc_cf != NULL && loc_cf->sanity_checks_enabled != NGX_CONF_UNSET) + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); + if (mcf != NULL && mcf->sanity_checks_enabled != NGX_CONF_UNSET) { #if 0 dd("dumping stored ctx headers"); diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h index 79355d1..52443fb 100644 --- a/src/ngx_http_modsecurity_common.h +++ b/src/ngx_http_modsecurity_common.h @@ -68,7 +68,7 @@ typedef struct { Transaction *modsec_transaction; ModSecurityIntervention *delayed_intervention; -#ifdef MODSECURITY_SANITY_CHECKS +#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) /* * Should be filled with the headers that were sent to ModSecurity. * @@ -87,14 +87,22 @@ typedef struct { typedef struct { - ModSecurity *modsec; + void *pool; + ModSecurity *modsec; + ngx_uint_t rules_inline; + ngx_uint_t rules_file; + ngx_uint_t rules_remote; +} ngx_http_modsecurity_main_conf_t; - ngx_flag_t enable; - ngx_flag_t sanity_checks_enabled; - Rules *rules_set; +typedef struct { + void *pool; + Rules *rules_set; - void *pool; + ngx_flag_t enable; +#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) + ngx_flag_t sanity_checks_enabled; +#endif ngx_http_complex_value_t *transaction_id; } ngx_http_modsecurity_conf_t; diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c index 7728d82..3f9f748 100644 --- a/src/ngx_http_modsecurity_header_filter.c +++ b/src/ngx_http_modsecurity_header_filter.c @@ -103,17 +103,17 @@ ngx_http_modsecurity_header_out_t ngx_http_modsecurity_headers_out[] = { int ngx_http_modescurity_store_ctx_header(ngx_http_request_t *r, ngx_str_t *name, ngx_str_t *value) { - ngx_http_modsecurity_ctx_t *ctx = NULL; - ngx_http_modsecurity_header_t *hdr = NULL; - ngx_http_modsecurity_conf_t *loc_cf = NULL; + ngx_http_modsecurity_ctx_t *ctx; + ngx_http_modsecurity_conf_t *mcf; + ngx_http_modsecurity_header_t *hdr; ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module); if (ctx == NULL || ctx->sanity_headers_out == NULL) { return NGX_ERROR; } - loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); - if (loc_cf == NULL || loc_cf->sanity_checks_enabled == NGX_CONF_UNSET) + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); + if (mcf == NULL || mcf->sanity_checks_enabled == NGX_CONF_UNSET) { return NGX_OK; } diff --git a/src/ngx_http_modsecurity_log.c b/src/ngx_http_modsecurity_log.c index f6454b5..5546596 100644 --- a/src/ngx_http_modsecurity_log.c +++ b/src/ngx_http_modsecurity_log.c @@ -37,14 +37,14 @@ ngx_http_modsecurity_log(void *log, const void* data) ngx_int_t ngx_http_modsecurity_log_handler(ngx_http_request_t *r) { - ngx_http_modsecurity_ctx_t *ctx = NULL; - ngx_http_modsecurity_conf_t *cf; - ngx_pool_t *old_pool; + ngx_pool_t *old_pool; + ngx_http_modsecurity_ctx_t *ctx; + ngx_http_modsecurity_conf_t *mcf; dd("catching a new _log_ phase handler"); - cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); - if (cf == NULL || cf->enable != 1) + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); + if (mcf == NULL || mcf->enable != 1) { dd("ModSecurity not enabled... returning"); return NGX_OK; diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c index 199d992..420b917 100644 --- a/src/ngx_http_modsecurity_module.c +++ b/src/ngx_http_modsecurity_module.c @@ -26,11 +26,11 @@ static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf); static void *ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf); -static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf); -static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); -static char *ngx_http_modsecurity_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child); -static void ngx_http_modsecurity_config_cleanup(void *data); static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf); +static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf); +static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child); +static void ngx_http_modsecurity_cleanup_instance(void *data); +static void ngx_http_modsecurity_cleanup_rules(void *data); /* @@ -234,11 +234,11 @@ ngx_http_modsecurity_cleanup(void *data) ngx_inline ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r) { - ngx_http_modsecurity_ctx_t *ctx; - ngx_http_modsecurity_conf_t *loc_cf = NULL; - ngx_http_modsecurity_conf_t *cf = NULL; - ngx_pool_cleanup_t *cln = NULL; - ngx_str_t s; + ngx_str_t s; + ngx_pool_cleanup_t *cln; + ngx_http_modsecurity_ctx_t *ctx; + ngx_http_modsecurity_conf_t *mcf; + ngx_http_modsecurity_main_conf_t *mmcf; ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_modsecurity_ctx_t)); if (ctx == NULL) @@ -246,19 +246,20 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r) dd("failed to allocate memory for the context."); return NULL; } - cf = ngx_http_get_module_main_conf(r, ngx_http_modsecurity_module); - loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); - dd("creating transaction with the following rules: '%p' -- ms: '%p'", loc_cf->rules_set, cf->modsec); + mmcf = ngx_http_get_module_main_conf(r, ngx_http_modsecurity_module); + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); + + dd("creating transaction with the following rules: '%p' -- ms: '%p'", mcf->rules_set, mmcf->modsec); - if (loc_cf->transaction_id) { - if (ngx_http_complex_value(r, loc_cf->transaction_id, &s) != NGX_OK) { + if (mcf->transaction_id) { + if (ngx_http_complex_value(r, mcf->transaction_id, &s) != NGX_OK) { return NGX_CONF_ERROR; } - ctx->modsec_transaction = msc_new_transaction_with_id(cf->modsec, loc_cf->rules_set, (char *) s.data, r->connection->log); + ctx->modsec_transaction = msc_new_transaction_with_id(mmcf->modsec, mcf->rules_set, (char *) s.data, r->connection->log); } else { - ctx->modsec_transaction = msc_new_transaction(cf->modsec, loc_cf->rules_set, r->connection->log); + ctx->modsec_transaction = msc_new_transaction(mmcf->modsec, mcf->rules_set, r->connection->log); } dd("transaction created"); @@ -285,13 +286,19 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r) } -char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_str_t *value = cf->args->elts; - int res; - const char *error = NULL; - char *rules = ngx_str_to_char(value[1], cf->pool); - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *mcf = conf; +char * +ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + int res; + char *rules; + ngx_str_t *value; + const char *error; + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf = conf; + ngx_http_modsecurity_main_conf_t *mmcf; + + value = cf->args->elts; + rules = ngx_str_to_char(value[1], cf->pool); if (rules == (char *)-1) { return NGX_CONF_ERROR; @@ -300,22 +307,32 @@ char *ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool); res = msc_rules_add(mcf->rules_set, rules, &error); ngx_http_modsecurity_pcre_malloc_done(old_pool); + if (res < 0) { dd("Failed to load the rules: '%s' - reason: '%s'", rules, error); return strdup(error); } + mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module); + mmcf->rules_inline += res; + return NGX_CONF_OK; } -char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_str_t *value = cf->args->elts; - int res; - const char *error = NULL; - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *mcf = conf; - char *rules_set = ngx_str_to_char(value[1], cf->pool); +char * +ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + int res; + char *rules_set; + ngx_str_t *value; + const char *error; + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf = conf; + ngx_http_modsecurity_main_conf_t *mmcf; + + value = cf->args->elts; + rules_set = ngx_str_to_char(value[1], cf->pool); if (rules_set == (char *)-1) { return NGX_CONF_ERROR; @@ -324,27 +341,38 @@ char *ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool); res = msc_rules_add_file(mcf->rules_set, rules_set, &error); ngx_http_modsecurity_pcre_malloc_done(old_pool); + if (res < 0) { dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error); return strdup(error); } + mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module); + mmcf->rules_file += res; + return NGX_CONF_OK; } -char *ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_str_t *value = cf->args->elts; - int res; - const char *error = NULL; - const char *rules_remote_key = ngx_str_to_char(value[1], cf->pool); - const char *rules_remote_server = ngx_str_to_char(value[2], cf->pool); - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *mcf = conf; +char * +ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + int res; + ngx_str_t *value; + const char *error; + const char *rules_remote_key, *rules_remote_server; + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf = conf; + ngx_http_modsecurity_main_conf_t *mmcf; + + value = cf->args->elts; + rules_remote_key = ngx_str_to_char(value[1], cf->pool); + rules_remote_server = ngx_str_to_char(value[2], cf->pool); if (rules_remote_server == (char *)-1) { return NGX_CONF_ERROR; } + if (rules_remote_key == (char *)-1) { return NGX_CONF_ERROR; } @@ -352,11 +380,15 @@ char *ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool); res = msc_rules_add_remote(mcf->rules_set, rules_remote_key, rules_remote_server, &error); ngx_http_modsecurity_pcre_malloc_done(old_pool); + if (res < 0) { dd("Failed to load the rules from: '%s' - reason: '%s'", rules_remote_server, error); return strdup(error); } + mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module); + mmcf->rules_remote += res; + return NGX_CONF_OK; } @@ -437,32 +469,32 @@ static ngx_command_t ngx_http_modsecurity_commands[] = { static ngx_http_module_t ngx_http_modsecurity_ctx = { - NULL, /* preconfiguration */ - ngx_http_modsecurity_init, /* postconfiguration */ + NULL, /* preconfiguration */ + ngx_http_modsecurity_init, /* postconfiguration */ - ngx_http_modsecurity_create_main_conf, /* create main configuration */ - ngx_http_modsecurity_init_main_conf, /* init main configuration */ + ngx_http_modsecurity_create_main_conf, /* create main configuration */ + ngx_http_modsecurity_init_main_conf, /* init main configuration */ - ngx_http_modsecurity_create_conf, /* create server configuration */ - ngx_http_modsecurity_merge_srv_conf, /* merge server configuration */ + NULL, /* create server configuration */ + NULL, /* merge server configuration */ - ngx_http_modsecurity_create_conf, /* create location configuration */ - ngx_http_modsecurity_merge_loc_conf /* merge location configuration */ + ngx_http_modsecurity_create_conf, /* create location configuration */ + ngx_http_modsecurity_merge_conf /* merge location configuration */ }; ngx_module_t ngx_http_modsecurity_module = { NGX_MODULE_V1, - &ngx_http_modsecurity_ctx, /* module context */ - ngx_http_modsecurity_commands, /* module directives */ - NGX_HTTP_MODULE, /* module type */ - NULL, /* init master */ - NULL, /* init module */ - NULL, /* init process */ - NULL, /* init thread */ - NULL, /* exit thread */ - NULL, /* exit process */ - NULL, /* exit master */ + &ngx_http_modsecurity_ctx, /* module context */ + ngx_http_modsecurity_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ NGX_MODULE_V1_PADDING }; @@ -547,21 +579,38 @@ ngx_http_modsecurity_init(ngx_conf_t *cf) static void * ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf) { - ngx_http_modsecurity_conf_t *conf; + ngx_pool_cleanup_t *cln; + ngx_http_modsecurity_main_conf_t *conf; - ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, MODSECURITY_NGINX_WHOAMI); + conf = (ngx_http_modsecurity_main_conf_t *) ngx_pcalloc(cf->pool, + sizeof(ngx_http_modsecurity_main_conf_t)); + + if (conf == NULL) + { + return NGX_CONF_ERROR; + } - /* ngx_pcalloc already sets all of this scructure to zeros. */ - conf = ngx_http_modsecurity_create_conf(cf); + /* + * set by ngx_pcalloc(): + * + * conf->modsec = NULL; + * conf->pool = NULL; + * conf->rules_inline = 0; + * conf->rules_file = 0; + * conf->rules_remote = 0; + */ - if (conf == NULL || conf == NGX_CONF_ERROR) { - dd("failed to allocate space for the ModSecurity configuration"); + cln = ngx_pool_cleanup_add(cf->pool, 0); + if (cln == NULL) { return NGX_CONF_ERROR; } - dd ("conf crated at: '%p'", conf); + cln->handler = ngx_http_modsecurity_cleanup_instance; + cln->data = conf; - /* Create our ModSecurity instace */ + conf->pool = cf->pool; + + /* Create our ModSecurity instance */ conf->modsec = msc_init(); if (conf->modsec == NULL) { @@ -573,23 +622,35 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf) msc_set_connector_info(conf->modsec, MODSECURITY_NGINX_WHOAMI); msc_set_log_cb(conf->modsec, ngx_http_modsecurity_log); + dd ("main conf created at: '%p', instance is: '%p'", conf, conf->modsec); + return conf; } -static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf) +static char * +ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf) { - dd("modsec main conf init. Loaded rules:"); + ngx_http_modsecurity_main_conf_t *mmcf; + mmcf = (ngx_http_modsecurity_main_conf_t *) conf; + + ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, + "%s (rules loaded inline/local/remote: %ui/%ui/%ui)", + MODSECURITY_NGINX_WHOAMI, mmcf->rules_inline, + mmcf->rules_file, mmcf->rules_remote); return NGX_CONF_OK; } -static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf) +static void * +ngx_http_modsecurity_create_conf(ngx_conf_t *cf) { - ngx_pool_cleanup_t *cln = NULL; - ngx_http_modsecurity_conf_t *conf = (ngx_http_modsecurity_conf_t *) - ngx_pcalloc(cf->pool, sizeof(ngx_http_modsecurity_conf_t)); + ngx_pool_cleanup_t *cln; + ngx_http_modsecurity_conf_t *conf; + + conf = (ngx_http_modsecurity_conf_t *) ngx_pcalloc(cf->pool, + sizeof(ngx_http_modsecurity_conf_t)); if (conf == NULL) { @@ -600,7 +661,6 @@ static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf) /* * set by ngx_pcalloc(): * - * conf->modsec = NULL; * conf->enable = 0; * conf->sanity_checks_enabled = 0; * conf->rules_set = NULL; @@ -609,68 +669,30 @@ static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf) */ conf->enable = NGX_CONF_UNSET; - conf->sanity_checks_enabled = NGX_CONF_UNSET; conf->rules_set = msc_create_rules_set(); conf->pool = cf->pool; conf->transaction_id = NGX_CONF_UNSET_PTR; +#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) + conf->sanity_checks_enabled = NGX_CONF_UNSET; +#endif cln = ngx_pool_cleanup_add(cf->pool, 0); if (cln == NULL) { dd("failed to create the ModSecurity configuration cleanup"); return NGX_CONF_ERROR; } - cln->handler = ngx_http_modsecurity_config_cleanup; - cln->data = conf; - - return conf; -} - - -static char * -ngx_http_modsecurity_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) -{ - ngx_http_modsecurity_conf_t *p = parent; - ngx_http_modsecurity_conf_t *c = child; -#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG) - ngx_http_core_srv_conf_t *clcf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module); -#endif - int rules; - const char *error = NULL; - dd("merging srv config [%s] - parent: '%p' child: '%p'", - ngx_str_to_char(clcf->server_name, cf->pool), parent, - child); - dd(" state - parent: '%d' child: '%d'", - (int) p->enable, (int) c->enable); - - ngx_conf_merge_value(c->enable, p->enable, 0); - ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0); - ngx_conf_merge_ptr_value(c->transaction_id, p->transaction_id, NULL); - -#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG) - dd("PARENT RULES"); - msc_rules_dump(p->rules_set); - dd("CHILD RULES"); - msc_rules_dump(c->rules_set); -#endif + cln->handler = ngx_http_modsecurity_cleanup_rules; + cln->data = conf; - rules = msc_rules_merge(c->rules_set, p->rules_set, &error); + dd ("conf created at: '%p'", conf); - if (rules < 0) { - return strdup(error); - } - dd(" state - this: '%d'", - (int) c->enable); -#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG) - dd("NEW CHIELD RULES"); - msc_rules_dump(c->rules_set); -#endif - return NGX_CONF_OK; + return conf; } static char * -ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) +ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child) { ngx_http_modsecurity_conf_t *p = parent; ngx_http_modsecurity_conf_t *c = child; @@ -688,8 +710,10 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) (int) c->enable, (int) p->enable); ngx_conf_merge_value(c->enable, p->enable, 0); - ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0); ngx_conf_merge_ptr_value(c->transaction_id, p->transaction_id, NULL); +#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) + ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0); +#endif #if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG) dd("PARENT RULES"); @@ -704,7 +728,7 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) } #if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG) - dd("NEW CHIELD RULES"); + dd("NEW CHILD RULES"); msc_rules_dump(c->rules_set); #endif return NGX_CONF_OK; @@ -712,20 +736,34 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) static void -ngx_http_modsecurity_config_cleanup(void *data) +ngx_http_modsecurity_cleanup_instance(void *data) { - ngx_pool_t *old_pool; - ngx_http_modsecurity_conf_t *t = (ngx_http_modsecurity_conf_t *) data; + ngx_pool_t *old_pool; + ngx_http_modsecurity_main_conf_t *mmcf; - dd("deleting a loc conf -- RuleSet is: \"%p\"", t->rules_set); + mmcf = (ngx_http_modsecurity_main_conf_t *) data; - old_pool = ngx_http_modsecurity_pcre_malloc_init(t->pool); - msc_rules_cleanup(t->rules_set); - msc_cleanup(t->modsec); + dd("deleting a main conf -- instance is: \"%p\"", mmcf->modsec); + + old_pool = ngx_http_modsecurity_pcre_malloc_init(mmcf->pool); + msc_cleanup(mmcf->modsec); ngx_http_modsecurity_pcre_malloc_done(old_pool); +} + - t->rules_set = NULL; - t->modsec = NULL; +static void +ngx_http_modsecurity_cleanup_rules(void *data) +{ + ngx_pool_t *old_pool; + ngx_http_modsecurity_conf_t *mcf; + + mcf = (ngx_http_modsecurity_conf_t *) data; + + dd("deleting a loc conf -- RuleSet is: \"%p\"", mcf->rules_set); + + old_pool = ngx_http_modsecurity_pcre_malloc_init(mcf->pool); + msc_rules_cleanup(mcf->rules_set); + ngx_http_modsecurity_pcre_malloc_done(old_pool); } diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c index f863cf8..05d7140 100644 --- a/src/ngx_http_modsecurity_pre_access.c +++ b/src/ngx_http_modsecurity_pre_access.c @@ -44,14 +44,14 @@ ngx_int_t ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) { #if 1 - ngx_http_modsecurity_ctx_t *ctx = NULL; - ngx_http_modsecurity_conf_t *cf; - ngx_pool_t *old_pool; + ngx_pool_t *old_pool; + ngx_http_modsecurity_ctx_t *ctx; + ngx_http_modsecurity_conf_t *mcf; dd("catching a new _preaccess_ phase handler"); - cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); - if (cf == NULL || cf->enable != 1) + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); + if (mcf == NULL || mcf->enable != 1) { dd("ModSecurity not enabled... returning"); return NGX_DECLINED; diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c index a0d9196..cd02438 100644 --- a/src/ngx_http_modsecurity_rewrite.c +++ b/src/ngx_http_modsecurity_rewrite.c @@ -23,12 +23,12 @@ ngx_int_t ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r) { - ngx_http_modsecurity_ctx_t *ctx = NULL; - ngx_http_modsecurity_conf_t *cf; - ngx_pool_t *old_pool; + ngx_pool_t *old_pool; + ngx_http_modsecurity_ctx_t *ctx; + ngx_http_modsecurity_conf_t *mcf; - cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); - if (cf == NULL || cf->enable != 1) { + mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module); + if (mcf == NULL || mcf->enable != 1) { dd("ModSecurity not enabled... returning"); return NGX_DECLINED; }