//#define main_conf_debug static char * ngx_http_dummy_read_main_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_dummy_main_conf_t *alcf = conf; ngx_str_t *value; ngx_http_rule_t rule, *rule_r; ngx_http_custom_rule_location_t *location; unsigned int i; if (!alcf || !cf) return (NGX_CONF_ERROR); /* alloc a new rule */ value = cf->args->elts; /* parse the line, fill rule struct */ #ifdef main_conf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "XX-TOP READ CONF %s", value[0].data); #endif if (!ngx_strcmp(value[0].data, TOP_MAIN_BASIC_RULE_T)) { memset(&rule, 0, sizeof(ngx_http_rule_t)); if (ngx_http_dummy_cfg_parse_one_rule(cf/*, alcf*/, value, &rule, cf->args->nelts) != NGX_CONF_OK) { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } if (rule.br->headers) { #ifdef main_conf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in header rules", rule.rule_id); #endif if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in body match rules (POST/PUT) */ if (rule.br->body || rule.br->body_var) { #ifdef main_conf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in body rules", rule.rule_id); #endif if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in generic rules, as it's matching the URI */ if (rule.br->url) { #ifdef main_conf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in generic rules", rule.rule_id); #endif if (alcf->generic_rules == NULL) { alcf->generic_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->generic_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->generic_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in GET arg rules, but we should push in POST rules too */ if (rule.br->args_var || rule.br->args) { #ifdef main_conf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in GET rules", rule.rule_id); #endif if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in custom locations. It's a rule matching a VAR_NAME or an EXACT_URI : - GET_VAR, POST_VAR, URI */ if (rule.br->custom_location) { #ifdef main_conf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in custom_location rules", rule.rule_id); #endif location = rule.br->custom_locations->elts; for (i = 0; i < rule.br->custom_locations->nelts; i++) { if (location[i].args_var) { if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } if (location[i].body_var) { if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } if (location[i].headers_var) { if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } } } return (NGX_CONF_OK); } ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); }
//#define readconf_debug static char * ngx_http_dummy_read_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_dummy_loc_conf_t *alcf = conf, **bar; ngx_http_dummy_main_conf_t *main_cf; ngx_str_t *value; ngx_http_rule_t rule, *rule_r; ngx_http_check_rule_t *rule_c; ngx_http_custom_rule_location_t *location; unsigned int i; u_char *var_end; #ifdef readconf_debug if (cf) { value = cf->args->elts; ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "TOP READ CONF %V %V", &(value[0]), &(value[1])); } #endif if (!alcf || !cf) return (NGX_CONF_ERROR); value = cf->args->elts; main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module); if (!alcf->pushed) { bar = ngx_array_push(main_cf->locations); if (!bar) return (NGX_CONF_ERROR); *bar = alcf; alcf->pushed = 1; } /* store denied URL for location */ if (!ngx_strcmp(value[0].data, TOP_DENIED_URL_T) && value[1].len) { alcf->denied_url = ngx_pcalloc(cf->pool, sizeof(ngx_str_t)); if (!alcf->denied_url) return (NGX_CONF_ERROR); alcf->denied_url->data = ngx_pcalloc(cf->pool, value[1].len+1); if (!alcf->denied_url->data) return (NGX_CONF_ERROR); memcpy(alcf->denied_url->data, value[1].data, value[1].len); alcf->denied_url->len = value[1].len; return (NGX_CONF_OK); } /* it's a flagrule, just a hack to enable/disable mod */ if (!ngx_strcmp(value[0].data, TOP_ENABLED_FLAG_T)) { alcf->enabled = 1; return (NGX_CONF_OK); } /* it's a flagrule, just a hack to enable/disable mod */ if (!ngx_strcmp(value[0].data, TOP_DISABLED_FLAG_T)) { alcf->force_disabled = 1; return (NGX_CONF_OK); } /* it's a flagrule, currently just a hack to enable/disable learning mode */ if (!ngx_strcmp(value[0].data, TOP_LEARNING_FLAG_T)) { alcf->learning = 1; return (NGX_CONF_OK); } if (!ngx_strcmp(value[0].data, TOP_BASIC_RULE_T)) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "XX-TOP READ CONF %s", value[0].data); #endif memset(&rule, 0, sizeof(ngx_http_rule_t)); if (ngx_http_dummy_cfg_parse_one_rule(cf, value, &rule, cf->args->nelts) != NGX_CONF_OK) { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } /* push in whitelist rules, as it have a whitelist ID array */ if (rule.wl_id) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in whitelist rules", rule.rule_id); #endif if (alcf->whitelist_rules == NULL) { alcf->whitelist_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->whitelist_rules == NULL) { return NGX_CONF_ERROR; } } rule_r = ngx_array_push(alcf->whitelist_rules); if (!rule_r) { return (NGX_CONF_ERROR); } memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* else push in appropriate ruleset */ else { if (rule.br->headers) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in header rules", rule.rule_id); #endif if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in body match rules (POST/PUT) */ if (rule.br->body || rule.br->body_var) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in body rules", rule.rule_id); #endif if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in generic rules, as it's matching the URI */ if (rule.br->url) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in generic rules", rule.rule_id); #endif if (alcf->generic_rules == NULL) { alcf->generic_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->generic_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->generic_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in GET arg rules, but we should push in POST rules too */ if (rule.br->args_var || rule.br->args) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in GET rules", rule.rule_id); #endif if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in custom locations. It's a rule matching a VAR_NAME or an EXACT_URI : - GET_VAR, POST_VAR, URI */ if (rule.br->custom_location) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in custom_location rules", rule.rule_id); #endif location = rule.br->custom_locations->elts; for (i = 0; i < rule.br->custom_locations->nelts; i++) { if (location[i].args_var) { if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } if (location[i].body_var) { if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } if (location[i].headers_var) { if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } } } } return (NGX_CONF_OK); } /* this should be moved in a function, plus this code is not safe. */ else if (!ngx_strcmp(value[0].data, TOP_CHECK_RULE_T)) { #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "pushing rule %d in check rules", rule.rule_id); #endif i = 0; if (!alcf->check_rules) alcf->check_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_check_rule_t)); if (!alcf->check_rules) return (NGX_CONF_ERROR); rule_c = ngx_array_push(alcf->check_rules); if (!rule_c) return (NGX_CONF_ERROR); memset(rule_c, 0, sizeof(ngx_http_check_rule_t)); /* process the first word : score rule */ if (value[1].data[i] == '$') { #ifdef MDBG ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "XX-special score rule !"); #endif var_end = (u_char *) ngx_strchr((value[1].data)+i, ' '); if (!var_end) { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } rule_c->sc_tag.data = ngx_pcalloc(cf->pool, var_end - value[1].data +1); if (!rule_c->sc_tag.data) return (NGX_CONF_ERROR); memcpy(rule_c->sc_tag.data, value[1].data, (var_end - value[1].data)); i += (var_end - value[1].data) + 1; rule_c->sc_tag.len = (var_end - value[1].data); } else { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } // move to next word while (value[1].data[i] && value[1].data[i] == ' ') i++; // get the comparison type if (value[1].data[i] == '>' && value[1].data[i+1] == '=') rule_c->cmp = SUP_OR_EQUAL; else if (value[1].data[i] == '>' && value[1].data[i+1] != '=') rule_c->cmp = SUP; else if (value[1].data[i] == '<' && value[1].data[i+1] == '=') rule_c->cmp = INF_OR_EQUAL; else if (value[1].data[i] == '<' && value[1].data[i+1] != '=') rule_c->cmp = INF; else { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } // move to next word while (value[1].data[i] && !(value[1].data[i] >= '0' && value[1].data[i] <= '9') && (value[1].data[i] != '-')) i++; #ifdef readconf_debug ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "XX-special score in checkrule:%s from (%d)", value[1].data, atoi((const char *)value[1].data+i)); #endif // get the score rule_c->sc_score = atoi((const char *)(value[1].data+i)); /* process the second word : Action rule */ if (!ngx_strstr(value[2].data, "BLOCK")) rule_c->block = 1; else if (!ngx_strstr(value[2].data, "ALLOW")) rule_c->block = 1; else if (!ngx_strstr(value[2].data, "LOG")) rule_c->block = 1; else { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } return (NGX_CONF_OK); } ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); }
/* ** my hugly configuration parsing function. ** should be rewritten, cause code is hugly and not bof proof at all ** does : top level parsing config function, ** see foo_cfg_parse.c for stuff */ static char * ngx_http_dummy_read_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_dummy_loc_conf_t *alcf = conf, **bar; ngx_http_dummy_main_conf_t *main_cf; ngx_str_t *value; ngx_http_rule_t rule, *rule_r; ngx_http_custom_rule_location_t *location; unsigned int i; #ifdef _debug_readconf if (cf) { value = cf->args->elts; NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "TOP READ CONF %V %V", &(value[0]), &(value[1])); } #endif if (!alcf || !cf) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ value = cf->args->elts; main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module); if (!alcf->pushed) { bar = ngx_array_push(main_cf->locations); if (!bar) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ *bar = alcf; alcf->pushed = 1; } /* ** if it's a basic rule */ if (!ngx_strcmp(value[0].data, TOP_BASIC_RULE_T) || !ngx_strcmp(value[0].data, TOP_BASIC_RULE_N)) { memset(&rule, 0, sizeof(ngx_http_rule_t)); if (ngx_http_dummy_cfg_parse_one_rule(cf, value, &rule, cf->args->nelts) != NGX_CONF_OK) { /* LCOV_EXCL_START */ ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); /* LCOV_EXCL_STOP */ } /* push in whitelist rules, as it have a whitelist ID array */ if (rule.wlid_array && rule.wlid_array->nelts > 0) { if (alcf->whitelist_rules == NULL) { alcf->whitelist_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->whitelist_rules == NULL) { return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } } rule_r = ngx_array_push(alcf->whitelist_rules); if (!rule_r) { return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ } memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* else push in appropriate ruleset : it's a normal rule */ else { if (rule.br->headers) { if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in body match rules (POST/PUT) */ if (rule.br->body || rule.br->body_var) { if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in raw body match rules (POST/PUT) */ if (rule.br->raw_body) { NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in (read conf) raw_body rules", rule.rule_id); if (alcf->raw_body_rules == NULL) { alcf->raw_body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->raw_body_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->raw_body_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in generic rules, as it's matching the URI */ if (rule.br->url) { NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in generic rules", rule.rule_id); if (alcf->generic_rules == NULL) { alcf->generic_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->generic_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->generic_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in GET arg rules, but we should push in POST rules too */ if (rule.br->args_var || rule.br->args) { NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in GET rules", rule.rule_id); if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in custom locations. It's a rule matching a VAR_NAME or an EXACT_URI : - GET_VAR, POST_VAR, URI */ if (rule.br->custom_location) { NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in custom_location rules", rule.rule_id); location = rule.br->custom_locations->elts; for (i = 0; i < rule.br->custom_locations->nelts; i++) { if (location[i].args_var) { if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } if (location[i].body_var) { if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } if (location[i].headers_var) { if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } } } } return (NGX_CONF_OK); } ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); }
static char * ngx_http_naxsi_cr_loc_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_dummy_loc_conf_t *alcf = conf, **bar; ngx_http_dummy_main_conf_t *main_cf; ngx_str_t *value; ngx_http_check_rule_t *rule_c; unsigned int i; u_char *var_end; if (!alcf || !cf) return (NGX_CONF_ERROR); value = cf->args->elts; main_cf = ngx_http_conf_get_module_main_conf(cf, ngx_http_naxsi_module); if (!alcf->pushed) { bar = ngx_array_push(main_cf->locations); if (!bar) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ *bar = alcf; alcf->pushed = 1; } if (ngx_strcmp(value[0].data, TOP_CHECK_RULE_T) && ngx_strcmp(value[0].data, TOP_CHECK_RULE_N)) return (NGX_CONF_ERROR); /* #ifdef _debug_readconf */ /* ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, */ /* "pushing rule %d in check rules", rule.rule_id); */ /* #endif */ i = 0; if (!alcf->check_rules) alcf->check_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_check_rule_t)); if (!alcf->check_rules) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ rule_c = ngx_array_push(alcf->check_rules); if (!rule_c) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memset(rule_c, 0, sizeof(ngx_http_check_rule_t)); /* process the first word : score rule */ if (value[1].data[i] == '$') { var_end = (u_char *) ngx_strchr((value[1].data)+i, ' '); if (!var_end) { /* LCOV_EXCL_START */ ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); /* LCOV_EXCL_STOP */ } rule_c->sc_tag.len = var_end - value[1].data; rule_c->sc_tag.data = ngx_pcalloc(cf->pool, rule_c->sc_tag.len + 1); if (!rule_c->sc_tag.data) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_c->sc_tag.data, value[1].data, rule_c->sc_tag.len); i += rule_c->sc_tag.len + 1; } else { /* LCOV_EXCL_START */ ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); /* LCOV_EXCL_STOP */ } // move to next word while (value[1].data[i] && value[1].data[i] == ' ') i++; // get the comparison type if (value[1].data[i] == '>' && value[1].data[i+1] == '=') rule_c->cmp = SUP_OR_EQUAL; else if (value[1].data[i] == '>' && value[1].data[i+1] != '=') rule_c->cmp = SUP; else if (value[1].data[i] == '<' && value[1].data[i+1] == '=') rule_c->cmp = INF_OR_EQUAL; else if (value[1].data[i] == '<' && value[1].data[i+1] != '=') rule_c->cmp = INF; else { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } // move to next word while (value[1].data[i] && !(value[1].data[i] >= '0' && value[1].data[i] <= '9') && (value[1].data[i] != '-')) i++; NX_LOG_DEBUG(_debug_readconf, NGX_LOG_EMERG, cf, 0, "XX-special score in checkrule:%s from (%d)", value[1].data, atoi((const char *)value[1].data+i)); // get the score rule_c->sc_score = atoi((const char *)(value[1].data+i)); /* process the second word : Action rule */ if (ngx_strstr(value[2].data, "BLOCK")) rule_c->block = 1; else if (ngx_strstr(value[2].data,"ALLOW")) rule_c->allow = 1; else if (ngx_strstr(value[2].data, "LOG")) rule_c->log = 1; else if (ngx_strstr(value[2].data, "DROP")) rule_c->drop = 1; else { /* LCOV_EXCL_START */ ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); /* LCOV_EXCL_STOP */ } return (NGX_CONF_OK); }
static char * ngx_http_dummy_read_main_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_dummy_main_conf_t *alcf = conf; ngx_str_t *value; ngx_http_rule_t rule, *rule_r; if (!alcf || !cf) return (NGX_CONF_ERROR); /* alloc a new rule */ value = cf->args->elts; /* parse the line, fill rule struct */ NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0, "XX-TOP READ CONF %s", value[0].data); if (ngx_strcmp(value[0].data, TOP_MAIN_BASIC_RULE_T) && ngx_strcmp(value[0].data, TOP_MAIN_BASIC_RULE_N)) { ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); } memset(&rule, 0, sizeof(ngx_http_rule_t)); if (ngx_http_dummy_cfg_parse_one_rule(cf/*, alcf*/, value, &rule, cf->args->nelts) != NGX_CONF_OK) { /* LCOV_EXCL_START */ ngx_http_dummy_line_conf_error(cf, value); return (NGX_CONF_ERROR); /* LCOV_EXCL_STOP */ } if (rule.br->headers || rule.br->headers_var) { NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in header rules", rule.rule_id); if (alcf->header_rules == NULL) { alcf->header_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->header_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->header_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in body match rules (POST/PUT) */ if (rule.br->body || rule.br->body_var) { NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in body rules", rule.rule_id); if (alcf->body_rules == NULL) { alcf->body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->body_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->body_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in raw body match rules (POST/PUT) xx*/ if (rule.br->raw_body) { NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in raw (main) body rules", rule.rule_id); if (alcf->raw_body_rules == NULL) { alcf->raw_body_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->raw_body_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->raw_body_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in generic rules, as it's matching the URI */ if (rule.br->url) { NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in generic rules", rule.rule_id); if (alcf->generic_rules == NULL) { alcf->generic_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->generic_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->generic_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } /* push in GET arg rules, but we should push in POST rules too */ if (rule.br->args_var || rule.br->args) { NX_LOG_DEBUG(_debug_main_conf, NGX_LOG_EMERG, cf, 0, "pushing rule %d in GET rules", rule.rule_id); if (alcf->get_rules == NULL) { alcf->get_rules = ngx_array_create(cf->pool, 2, sizeof(ngx_http_rule_t)); if (alcf->get_rules == NULL) return NGX_CONF_ERROR; /* LCOV_EXCL_LINE */ } rule_r = ngx_array_push(alcf->get_rules); if (!rule_r) return (NGX_CONF_ERROR); /* LCOV_EXCL_LINE */ memcpy(rule_r, &rule, sizeof(ngx_http_rule_t)); } return (NGX_CONF_OK); }