//#define main_conf_debug
static char *
ngx_http_dummy_read_main_conf(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf)
{
ngx_http_dummy_main_conf_t *alcf = conf;
ngx_str_t *value;
ngx_http_rule_t rule, *rule_r;
ngx_http_custom_rule_location_t *location;
unsigned int i;
if (!alcf || !cf)
return (NGX_CONF_ERROR); /* alloc a new rule */
value = cf->args->elts;
/* parse the line, fill rule struct */
#ifdef main_conf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"XX-TOP READ CONF %s", value[0].data);
#endif
if (!ngx_strcmp(value[0].data, TOP_MAIN_BASIC_RULE_T)) {
memset(&rule, 0, sizeof(ngx_http_rule_t));
if (ngx_http_dummy_cfg_parse_one_rule(cf/*, alcf*/, value, &rule,
cf->args->nelts) != NGX_CONF_OK) {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
if (rule.br->headers) {
#ifdef main_conf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in header rules", rule.rule_id);
#endif
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in body match rules (POST/PUT) */
if (rule.br->body || rule.br->body_var) {
#ifdef main_conf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in body rules", rule.rule_id);
#endif
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in generic rules, as it's matching the URI */
if (rule.br->url) {
#ifdef main_conf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in generic rules", rule.rule_id);
#endif
if (alcf->generic_rules == NULL) {
alcf->generic_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->generic_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->generic_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in GET arg rules, but we should push in POST rules too */
if (rule.br->args_var || rule.br->args) {
#ifdef main_conf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in GET rules", rule.rule_id);
#endif
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in custom locations. It's a rule matching a VAR_NAME or an EXACT_URI :
- GET_VAR, POST_VAR, URI */
if (rule.br->custom_location) {
#ifdef main_conf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in custom_location rules",
rule.rule_id);
#endif
location = rule.br->custom_locations->elts;
for (i = 0; i < rule.br->custom_locations->nelts; i++) {
if (location[i].args_var) {
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
if (location[i].body_var) {
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
if (location[i].headers_var) {
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
}
}
return (NGX_CONF_OK);
}
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
//#define readconf_debug
static char *
ngx_http_dummy_read_conf(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf)
{
ngx_http_dummy_loc_conf_t *alcf = conf, **bar;
ngx_http_dummy_main_conf_t *main_cf;
ngx_str_t *value;
ngx_http_rule_t rule, *rule_r;
ngx_http_check_rule_t *rule_c;
ngx_http_custom_rule_location_t *location;
unsigned int i;
u_char *var_end;
#ifdef readconf_debug
if (cf) {
value = cf->args->elts;
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "TOP READ CONF %V %V",
&(value[0]), &(value[1]));
}
#endif
if (!alcf || !cf)
return (NGX_CONF_ERROR);
value = cf->args->elts;
main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module);
if (!alcf->pushed) {
bar = ngx_array_push(main_cf->locations);
if (!bar)
return (NGX_CONF_ERROR);
*bar = alcf;
alcf->pushed = 1;
}
/* store denied URL for location */
if (!ngx_strcmp(value[0].data, TOP_DENIED_URL_T) && value[1].len) {
alcf->denied_url = ngx_pcalloc(cf->pool, sizeof(ngx_str_t));
if (!alcf->denied_url)
return (NGX_CONF_ERROR);
alcf->denied_url->data = ngx_pcalloc(cf->pool, value[1].len+1);
if (!alcf->denied_url->data)
return (NGX_CONF_ERROR);
memcpy(alcf->denied_url->data, value[1].data, value[1].len);
alcf->denied_url->len = value[1].len;
return (NGX_CONF_OK);
}
/* it's a flagrule, just a hack to enable/disable mod */
if (!ngx_strcmp(value[0].data, TOP_ENABLED_FLAG_T)) {
alcf->enabled = 1;
return (NGX_CONF_OK);
}
/* it's a flagrule, just a hack to enable/disable mod */
if (!ngx_strcmp(value[0].data, TOP_DISABLED_FLAG_T)) {
alcf->force_disabled = 1;
return (NGX_CONF_OK);
}
/* it's a flagrule, currently just a hack to enable/disable learning mode */
if (!ngx_strcmp(value[0].data, TOP_LEARNING_FLAG_T)) {
alcf->learning = 1;
return (NGX_CONF_OK);
}
if (!ngx_strcmp(value[0].data, TOP_BASIC_RULE_T)) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "XX-TOP READ CONF %s",
value[0].data);
#endif
memset(&rule, 0, sizeof(ngx_http_rule_t));
if (ngx_http_dummy_cfg_parse_one_rule(cf, value, &rule,
cf->args->nelts) != NGX_CONF_OK)
{
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
/* push in whitelist rules, as it have a whitelist ID array */
if (rule.wl_id) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in whitelist rules",
rule.rule_id);
#endif
if (alcf->whitelist_rules == NULL) {
alcf->whitelist_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->whitelist_rules == NULL) {
return NGX_CONF_ERROR;
}
}
rule_r = ngx_array_push(alcf->whitelist_rules);
if (!rule_r) {
return (NGX_CONF_ERROR);
}
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* else push in appropriate ruleset */
else {
if (rule.br->headers) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in header rules",
rule.rule_id);
#endif
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in body match rules (POST/PUT) */
if (rule.br->body || rule.br->body_var) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in body rules", rule.rule_id);
#endif
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in generic rules, as it's matching the URI */
if (rule.br->url) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in generic rules",
rule.rule_id);
#endif
if (alcf->generic_rules == NULL) {
alcf->generic_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->generic_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->generic_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in GET arg rules, but we should push in POST rules too */
if (rule.br->args_var || rule.br->args) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in GET rules", rule.rule_id);
#endif
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in custom locations. It's a rule matching a VAR_NAME or an EXACT_URI :
- GET_VAR, POST_VAR, URI */
if (rule.br->custom_location) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in custom_location rules",
rule.rule_id);
#endif
location = rule.br->custom_locations->elts;
for (i = 0; i < rule.br->custom_locations->nelts; i++) {
if (location[i].args_var) {
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
if (location[i].body_var) {
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
if (location[i].headers_var) {
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR;
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR);
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
}
}
}
return (NGX_CONF_OK);
}
/* this should be moved in a function, plus this code is not safe. */
else if (!ngx_strcmp(value[0].data, TOP_CHECK_RULE_T)) {
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"pushing rule %d in check rules", rule.rule_id);
#endif
i = 0;
if (!alcf->check_rules)
alcf->check_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_check_rule_t));
if (!alcf->check_rules)
return (NGX_CONF_ERROR);
rule_c = ngx_array_push(alcf->check_rules);
if (!rule_c) return (NGX_CONF_ERROR);
memset(rule_c, 0, sizeof(ngx_http_check_rule_t));
/* process the first word : score rule */
if (value[1].data[i] == '$') {
#ifdef MDBG
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "XX-special score rule !");
#endif
var_end = (u_char *) ngx_strchr((value[1].data)+i, ' ');
if (!var_end) {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
rule_c->sc_tag.data = ngx_pcalloc(cf->pool, var_end - value[1].data +1);
if (!rule_c->sc_tag.data)
return (NGX_CONF_ERROR);
memcpy(rule_c->sc_tag.data, value[1].data, (var_end - value[1].data));
i += (var_end - value[1].data) + 1;
rule_c->sc_tag.len = (var_end - value[1].data);
}
else {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
// move to next word
while (value[1].data[i] && value[1].data[i] == ' ')
i++;
// get the comparison type
if (value[1].data[i] == '>' && value[1].data[i+1] == '=')
rule_c->cmp = SUP_OR_EQUAL;
else if (value[1].data[i] == '>' && value[1].data[i+1] != '=')
rule_c->cmp = SUP;
else if (value[1].data[i] == '<' && value[1].data[i+1] == '=')
rule_c->cmp = INF_OR_EQUAL;
else if (value[1].data[i] == '<' && value[1].data[i+1] != '=')
rule_c->cmp = INF;
else {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
// move to next word
while (value[1].data[i] && !(value[1].data[i] >= '0' &&
value[1].data[i] <= '9') && (value[1].data[i] != '-'))
i++;
#ifdef readconf_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"XX-special score in checkrule:%s from (%d)",
value[1].data, atoi((const char *)value[1].data+i));
#endif
// get the score
rule_c->sc_score = atoi((const char *)(value[1].data+i));
/* process the second word : Action rule */
if (!ngx_strstr(value[2].data, "BLOCK"))
rule_c->block = 1;
else if (!ngx_strstr(value[2].data, "ALLOW"))
rule_c->block = 1;
else if (!ngx_strstr(value[2].data, "LOG"))
rule_c->block = 1;
else {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
return (NGX_CONF_OK);
}
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
/*
** my hugly configuration parsing function.
** should be rewritten, cause code is hugly and not bof proof at all
** does : top level parsing config function,
** see foo_cfg_parse.c for stuff
*/
static char *
ngx_http_dummy_read_conf(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf)
{
ngx_http_dummy_loc_conf_t *alcf = conf, **bar;
ngx_http_dummy_main_conf_t *main_cf;
ngx_str_t *value;
ngx_http_rule_t rule, *rule_r;
ngx_http_custom_rule_location_t *location;
unsigned int i;
#ifdef _debug_readconf
if (cf) {
value = cf->args->elts;
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "TOP READ CONF %V %V",
&(value[0]), &(value[1]));
}
#endif
if (!alcf || !cf)
return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
value = cf->args->elts;
main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module);
if (!alcf->pushed) {
bar = ngx_array_push(main_cf->locations);
if (!bar)
return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
*bar = alcf;
alcf->pushed = 1;
}
/*
** if it's a basic rule
*/
if (!ngx_strcmp(value[0].data, TOP_BASIC_RULE_T) ||
!ngx_strcmp(value[0].data, TOP_BASIC_RULE_N)) {
memset(&rule, 0, sizeof(ngx_http_rule_t));
if (ngx_http_dummy_cfg_parse_one_rule(cf, value, &rule,
cf->args->nelts) != NGX_CONF_OK)
{
/* LCOV_EXCL_START */
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
/* LCOV_EXCL_STOP */
}
/* push in whitelist rules, as it have a whitelist ID array */
if (rule.wlid_array && rule.wlid_array->nelts > 0) {
if (alcf->whitelist_rules == NULL) {
alcf->whitelist_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->whitelist_rules == NULL) {
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
}
rule_r = ngx_array_push(alcf->whitelist_rules);
if (!rule_r) {
return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
}
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* else push in appropriate ruleset : it's a normal rule */
else {
if (rule.br->headers) {
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in body match rules (POST/PUT) */
if (rule.br->body || rule.br->body_var) {
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in raw body match rules (POST/PUT) */
if (rule.br->raw_body) {
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in (read conf) raw_body rules", rule.rule_id);
if (alcf->raw_body_rules == NULL) {
alcf->raw_body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->raw_body_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->raw_body_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in generic rules, as it's matching the URI */
if (rule.br->url) {
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in generic rules",
rule.rule_id);
if (alcf->generic_rules == NULL) {
alcf->generic_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->generic_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->generic_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in GET arg rules, but we should push in POST rules too */
if (rule.br->args_var || rule.br->args) {
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in GET rules", rule.rule_id);
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in custom locations. It's a rule matching a VAR_NAME or an EXACT_URI :
- GET_VAR, POST_VAR, URI */
if (rule.br->custom_location) {
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in custom_location rules",
rule.rule_id);
location = rule.br->custom_locations->elts;
for (i = 0; i < rule.br->custom_locations->nelts; i++) {
if (location[i].args_var) {
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
if (location[i].body_var) {
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
if (location[i].headers_var) {
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
}
}
}
return (NGX_CONF_OK);
}
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
static char *
ngx_http_naxsi_cr_loc_conf(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf)
{
ngx_http_dummy_loc_conf_t *alcf = conf, **bar;
ngx_http_dummy_main_conf_t *main_cf;
ngx_str_t *value;
ngx_http_check_rule_t *rule_c;
unsigned int i;
u_char *var_end;
if (!alcf || !cf)
return (NGX_CONF_ERROR);
value = cf->args->elts;
main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module);
if (!alcf->pushed) {
bar = ngx_array_push(main_cf->locations);
if (!bar)
return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
*bar = alcf;
alcf->pushed = 1;
}
if (ngx_strcmp(value[0].data, TOP_CHECK_RULE_T) &&
ngx_strcmp(value[0].data, TOP_CHECK_RULE_N))
return (NGX_CONF_ERROR);
/* #ifdef _debug_readconf */
/* ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, */
/* "pushing rule %d in check rules", rule.rule_id); */
/* #endif */
i = 0;
if (!alcf->check_rules)
alcf->check_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_check_rule_t));
if (!alcf->check_rules)
return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
rule_c = ngx_array_push(alcf->check_rules);
if (!rule_c) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memset(rule_c, 0, sizeof(ngx_http_check_rule_t));
/* process the first word : score rule */
if (value[1].data[i] == '$') {
var_end = (u_char *) ngx_strchr((value[1].data)+i, ' ');
if (!var_end) { /* LCOV_EXCL_START */
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
/* LCOV_EXCL_STOP */
}
rule_c->sc_tag.len = var_end - value[1].data;
rule_c->sc_tag.data = ngx_pcalloc(cf->pool, rule_c->sc_tag.len + 1);
if (!rule_c->sc_tag.data)
return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_c->sc_tag.data, value[1].data, rule_c->sc_tag.len);
i += rule_c->sc_tag.len + 1;
} else {
/* LCOV_EXCL_START */
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
/* LCOV_EXCL_STOP */
}
// move to next word
while (value[1].data[i] && value[1].data[i] == ' ')
i++;
// get the comparison type
if (value[1].data[i] == '>' && value[1].data[i+1] == '=')
rule_c->cmp = SUP_OR_EQUAL;
else if (value[1].data[i] == '>' && value[1].data[i+1] != '=')
rule_c->cmp = SUP;
else if (value[1].data[i] == '<' && value[1].data[i+1] == '=')
rule_c->cmp = INF_OR_EQUAL;
else if (value[1].data[i] == '<' && value[1].data[i+1] != '=')
rule_c->cmp = INF;
else {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
// move to next word
while (value[1].data[i] && !(value[1].data[i] >= '0' &&
value[1].data[i] <= '9') && (value[1].data[i] != '-'))
i++;
NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0,
"XX-special score in checkrule:%s from (%d)",
value[1].data, atoi((const char *)value[1].data+i));
// get the score
rule_c->sc_score = atoi((const char *)(value[1].data+i));
/* process the second word : Action rule */
if (ngx_strstr(value[2].data, "BLOCK"))
rule_c->block = 1;
else if (ngx_strstr(value[2].data,"ALLOW"))
rule_c->allow = 1;
else if (ngx_strstr(value[2].data, "LOG"))
rule_c->log = 1;
else if (ngx_strstr(value[2].data, "DROP"))
rule_c->drop = 1;
else {
/* LCOV_EXCL_START */
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
/* LCOV_EXCL_STOP */
}
return (NGX_CONF_OK);
}
static char *
ngx_http_dummy_read_main_conf(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf)
{
ngx_http_dummy_main_conf_t *alcf = conf;
ngx_str_t *value;
ngx_http_rule_t rule, *rule_r;
if (!alcf || !cf)
return (NGX_CONF_ERROR); /* alloc a new rule */
value = cf->args->elts;
/* parse the line, fill rule struct */
NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0,
"XX-TOP READ CONF %s", value[0].data);
if (ngx_strcmp(value[0].data, TOP_MAIN_BASIC_RULE_T) &&
ngx_strcmp(value[0].data, TOP_MAIN_BASIC_RULE_N)) {
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
}
memset(&rule, 0, sizeof(ngx_http_rule_t));
if (ngx_http_dummy_cfg_parse_one_rule(cf/*, alcf*/, value, &rule,
cf->args->nelts) != NGX_CONF_OK) {
/* LCOV_EXCL_START */
ngx_http_dummy_line_conf_error(cf, value);
return (NGX_CONF_ERROR);
/* LCOV_EXCL_STOP */
}
if (rule.br->headers || rule.br->headers_var) {
NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in header rules", rule.rule_id);
if (alcf->header_rules == NULL) {
alcf->header_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->header_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->header_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in body match rules (POST/PUT) */
if (rule.br->body || rule.br->body_var) {
NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in body rules", rule.rule_id);
if (alcf->body_rules == NULL) {
alcf->body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->body_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->body_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in raw body match rules (POST/PUT) xx*/
if (rule.br->raw_body) {
NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in raw (main) body rules", rule.rule_id);
if (alcf->raw_body_rules == NULL) {
alcf->raw_body_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->raw_body_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->raw_body_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in generic rules, as it's matching the URI */
if (rule.br->url) {
NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in generic rules", rule.rule_id);
if (alcf->generic_rules == NULL) {
alcf->generic_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->generic_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->generic_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
/* push in GET arg rules, but we should push in POST rules too */
if (rule.br->args_var || rule.br->args) {
NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0,
"pushing rule %d in GET rules", rule.rule_id);
if (alcf->get_rules == NULL) {
alcf->get_rules = ngx_array_create(cf->pool, 2,
sizeof(ngx_http_rule_t));
if (alcf->get_rules == NULL)
return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */
}
rule_r = ngx_array_push(alcf->get_rules);
if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */
memcpy(rule_r, &rule, sizeof(ngx_http_rule_t));
}
return (NGX_CONF_OK);
}
