/* ** This function sets up handlers for ACCESS_PHASE, ** and will call the hashtable creation function ** (whitelist aggregation) */ static ngx_int_t ngx_http_dummy_init(ngx_conf_t *cf) { ngx_http_handler_pt *h; ngx_http_core_main_conf_t *cmcf; ngx_http_dummy_main_conf_t *main_cf; ngx_http_dummy_loc_conf_t **loc_cf; unsigned int i; cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module); if (cmcf == NULL || main_cf == NULL) return (NGX_ERROR); /* Register for access phase */ //h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); h = ngx_array_push(&cmcf->phases[NGX_HTTP_REWRITE_PHASE].handlers); if (h == NULL) return (NGX_ERROR); *h = ngx_http_dummy_access_handler; /* Go with each locations registred in the srv_conf. */ loc_cf = main_cf->locations->elts; for (i = 0; i < main_cf->locations->nelts; i++) { if(ngx_http_dummy_create_hashtables_n(loc_cf[i], cf) != NGX_OK) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "WhiteList Hash building failed"); return (NGX_ERROR); } } return (NGX_OK); }
/* ** This function sets up handlers for ACCESS_PHASE, ** and will call the hashtable creation function ** (whitelist aggregation) */ static ngx_int_t ngx_http_dummy_init(ngx_conf_t *cf) { ngx_http_handler_pt *h; ngx_http_core_main_conf_t *cmcf; ngx_http_dummy_main_conf_t *main_cf; ngx_http_dummy_loc_conf_t **loc_cf; unsigned int i; cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module); if (cmcf == NULL || main_cf == NULL) return (NGX_ERROR); /* Register for access phase */ //h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); h = ngx_array_push(&cmcf->phases[NGX_HTTP_REWRITE_PHASE].handlers); if (h == NULL) return (NGX_ERROR); *h = ngx_http_dummy_access_handler; /* Go with each locations registred in the srv_conf. */ loc_cf = main_cf->locations->elts; for (i = 0; i < main_cf->locations->nelts; i++) { /* if (!loc_cf[i]->body_rules && !loc_cf[i]->get_rules && !loc_cf[i]->header_rules) { */ /* ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, */ /* "naxsi: No body rules, did you forget naxsi_core.rules ?"); */ /* } */ /* precompute hash for dynamic variable look-up */ /* loc_cf[i].flag_disable.data = ngx_pcalloc(cf->pool, strlen(RT_DISABLE)+1); */ /* ngx_memcpy(loc_cf[i].flag_disable.data, RT_DISABLE, strlen(RT_DISABLE)) */ /* loc_cf[i].flag_disable.len = strlen(RT_DISABLE); */ loc_cf[i]->flag_enable_h = ngx_hash_key_lc((u_char *)RT_ENABLE, strlen(RT_ENABLE)); loc_cf[i]->flag_learning_h = ngx_hash_key_lc((u_char *)RT_LEARNING, strlen(RT_LEARNING)); loc_cf[i]->flag_post_action_h = ngx_hash_key_lc((u_char *)RT_POST_ACTION, strlen(RT_POST_ACTION)); if(ngx_http_dummy_create_hashtables_n(loc_cf[i], cf) != NGX_OK) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "WhiteList Hash building failed"); return (NGX_ERROR); } } return (NGX_OK); }
/* ** This function sets up handlers for ACCESS_PHASE, ** and will call the hashtable creation function ** (whitelist aggregation) */ static ngx_int_t ngx_http_dummy_init(ngx_conf_t *cf) { ngx_http_handler_pt *h; ngx_http_core_main_conf_t *cmcf; ngx_http_dummy_main_conf_t *main_cf; ngx_http_dummy_loc_conf_t **loc_cf; unsigned int i; cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module); if (cmcf == NULL || main_cf == NULL) return (NGX_ERROR); /*LCOV_EXCL_LINE*/ /* Register for access phase */ h = ngx_array_push(&cmcf->phases[NGX_HTTP_REWRITE_PHASE].handlers); if (h == NULL) return (NGX_ERROR); /*LCOV_EXCL_LINE*/ *h = ngx_http_dummy_access_handler; /* Go with each locations registred in the srv_conf. */ loc_cf = main_cf->locations->elts; for (i = 0; i < main_cf->locations->nelts; i++) { if (loc_cf[i]->enabled && (!loc_cf[i]->denied_url || loc_cf[i]->denied_url->len <= 0)) { /* LCOV_EXCL_START */ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "Missing DeniedURL, abort."); return (NGX_ERROR); /* LCOV_EXCL_STOP */ } loc_cf[i]->flag_enable_h = ngx_hash_key_lc((u_char *)RT_ENABLE, strlen(RT_ENABLE)); loc_cf[i]->flag_learning_h = ngx_hash_key_lc((u_char *)RT_LEARNING, strlen(RT_LEARNING)); loc_cf[i]->flag_post_action_h = ngx_hash_key_lc((u_char *)RT_POST_ACTION, strlen(RT_POST_ACTION)); loc_cf[i]->flag_extensive_log_h = ngx_hash_key_lc((u_char *)RT_EXTENSIVE_LOG, strlen(RT_EXTENSIVE_LOG)); loc_cf[i]->flag_libinjection_xss_h = ngx_hash_key_lc((u_char *)RT_LIBINJECTION_XSS, strlen(RT_LIBINJECTION_XSS)); loc_cf[i]->flag_libinjection_sql_h = ngx_hash_key_lc((u_char *)RT_LIBINJECTION_SQL, strlen(RT_LIBINJECTION_SQL)); if(ngx_http_dummy_create_hashtables_n(loc_cf[i], cf) != NGX_OK) { /* LCOV_EXCL_START */ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "WhiteList Hash building failed"); return (NGX_ERROR); /* LCOV_EXCL_STOP */ } } /* initialize prng (used for fragmented logs) */ srandom(time(0) * getpid()); /* ** initalise internal rules for libinjection sqli/xss ** (needs proper special scores) */ nx_int__libinject_sql = ngx_pcalloc(cf->pool, sizeof(ngx_http_rule_t)); nx_int__libinject_xss = ngx_pcalloc(cf->pool, sizeof(ngx_http_rule_t)); if (!nx_int__libinject_xss || !nx_int__libinject_sql) return (NGX_ERROR); nx_int__libinject_sql->sscores = ngx_array_create(cf->pool, 2, sizeof(ngx_http_special_score_t)); nx_int__libinject_xss->sscores = ngx_array_create(cf->pool, 2, sizeof(ngx_http_special_score_t)); if (!nx_int__libinject_sql->sscores || !nx_int__libinject_xss->sscores ) return (NGX_ERROR); /* LCOV_EXCL_LINE */ /* internal ID sqli - 17*/ nx_int__libinject_sql->rule_id = 17; /* internal ID xss - 18*/ nx_int__libinject_xss->rule_id = 18; /* libinjection sqli/xss - special score init */ ngx_http_special_score_t *libjct_sql = ngx_array_push(nx_int__libinject_sql->sscores); ngx_http_special_score_t *libjct_xss = ngx_array_push(nx_int__libinject_xss->sscores); if (!libjct_sql || !libjct_xss) return (NGX_ERROR); /* LCOV_EXCL_LINE */ libjct_sql->sc_tag = ngx_pcalloc(cf->pool, sizeof(ngx_str_t)); libjct_xss->sc_tag = ngx_pcalloc(cf->pool, sizeof(ngx_str_t)); if (!libjct_sql->sc_tag || !libjct_xss->sc_tag) return (NGX_ERROR); /* LCOV_EXCL_LINE */ libjct_sql->sc_tag->data = ngx_pcalloc(cf->pool, 18 /* LIBINJECTION_SQL */); libjct_xss->sc_tag->data = ngx_pcalloc(cf->pool, 18 /* LIBINJECTION_XSS */); if (!libjct_sql->sc_tag->data || !libjct_xss->sc_tag->data) return (NGX_ERROR); /* LCOV_EXCL_LINE */ strncpy((char *)libjct_sql->sc_tag->data, (char *)"$LIBINJECTION_SQL", 17); strncpy((char *)libjct_xss->sc_tag->data, (char *)"$LIBINJECTION_XSS", 17); libjct_xss->sc_tag->len = 17; libjct_sql->sc_tag->len = 17; libjct_sql->sc_score = 8; libjct_xss->sc_score = 8; return (NGX_OK); }