ngx_int_t ngx_http_neteye_security_body_filter(ngx_http_request_t *r, ngx_chain_t *in) { ngx_int_t i = 1, ret; ngx_http_neteye_security_response_body_pt handler; ngx_http_neteye_security_module_t *module; ngx_http_ns_ctx_t *ctx; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye security response body begins, handler number: %d", nr_response_body_chain); if (ngx_http_ns_test_bypass_all(r)) { return ngx_http_next_body_filter(r, in); } if (nr_response_body_chain == 0) { return ngx_http_next_body_filter(r, in); } ctx = ngx_http_ns_get_request_ctx(r); if (ctx == NULL) { return ngx_http_next_body_filter(r, in); } while (1) { module = response_body_chain[i]; if (module && !ngx_http_ns_jump_bit_is_set(r, module->id)) { handler = module->response_body_handler; ret = handler(r, in); } else { i++; if (i > max_response_body_chain) { /* all handlers have been called */ break; } continue; } ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye security response body: %d - %s(ret: %d)", module->id, module->name, ret); /* terminate current process in nginx */ if (ret == NGX_DONE) { return NGX_DONE; } /* skip other handlers */ if (ret == NGX_OK) { break; } if (ret == NGX_ERROR) { ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "Request denied by handler: %d - %s", module->id, module->name); return NGX_ERROR; } /* some internal error */ if (ret >= 400) { return ret; } if (ngx_http_ns_test_bypass_all(r)) { break; } /* next handler in the list */ if (ret == NGX_DECLINED) { i++; if (i > max_response_body_chain) { /* all handlers have been called */ break; } continue; } /* jump to another handler, ret is the new handler id */ if (ret > max_response_body_chain || ret < 0) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "jump to unkown handler"); return NGX_ERROR; } else { if (response_body_chain[i] == NULL) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "jump to unkown handler"); return NGX_ERROR; } i = ret; } } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye security response body ends without any deny action"); return ngx_http_next_body_filter(r, in); }
ngx_int_t ngx_http_cp_header_handler(ngx_http_request_t *r) { ngx_table_elt_t *h; ngx_list_part_t *part; ngx_http_upstream_t *u; ngx_uint_t i, j, cmp_len; u_char *start, *end, *p; ngx_str_t cookie, cookie_name; ngx_str_t neteye_cookie; ngx_http_cp_loc_conf_t *cplcf; ngx_uint_t magic; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "cookie poison header handler"); if (ngx_http_session_test_bypass(r)) { return NGX_DECLINED; } if (ngx_http_ns_test_bypass_all(r)) { return NGX_DECLINED; } cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cookie_poisoning_module); if (cplcf->enabled != 1) { /* Cookie Poison not enabled */ return NGX_DECLINED; } u = r->upstream; if (u) { part = &u->headers_in.headers.part; } else { /* response from local */ part = &r->headers_out.headers.part; } if (part == NULL) { /* Have no headers */ return NGX_DECLINED; } memset(&cookie, 0, sizeof(ngx_str_t)); memset(&cookie_name, 0, sizeof(ngx_str_t)); memset(&neteye_cookie, 0, sizeof(ngx_str_t)); h = part->elts; for (i = 0; ; i++) { if (i >= part->nelts) { if (part->next == NULL) { break; } part = part->next; h = part->elts; i = 0; } if (h[i].key.len != strlen("Set-Cookie")) { continue; } if (!memcmp(h[i].key.data, "Set-Cookie", h[i].key.len)) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "found set cookie"); start = p = h[i].value.data; end = h[i].value.data + h[i].value.len; for (j = 0; j < h[i].value.len; j++, p++) { if (*p == ' ' || *p == '=') { cookie_name.data = start; cookie_name.len = p - start; /* store this cookie's value to cookie */ if (*p == ' ') { for (; *p != '='; p++) ; } p++; cookie.data = p; for (; *p != ';' && p < end; p++) ; cookie.len = p - cookie.data; if (cookie.len == 0) { break; } cmp_len = cookie.len >= strlen("deleted") ? strlen("deleted") : cookie.len; if (!strncmp((char *)cookie.data, "deleted", cmp_len)) { /* update monitored cookies in session*/ ngx_http_cp_delete_monitored_cookies(r, &cookie_name); break; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "cookie_name: %V, cookie_data: %V", &cookie_name, &cookie); /* md5 the cookie_data, and add it to the header */ magic = ngx_random(); if (ngx_http_cp_gen_cookie_data(r, &cookie, &neteye_cookie, magic) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye_cookie_data: %V", &neteye_cookie); /* update monitored cookies in session*/ ngx_http_cp_update_monitored_cookies(r, &cookie_name, &neteye_cookie, magic); break; } } } } return NGX_DECLINED; }
static ngx_int_t ngx_http_neteye_security_request_handler(ngx_http_request_t *r) { ngx_int_t i = 1, ret; ngx_http_neteye_security_request_pt handler; ngx_http_neteye_security_module_t *module; ngx_http_ns_loc_conf_t *nlcf; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye security phase begins, handler number: %d", nr_request_chain); if (ngx_http_ns_test_bypass_all(r)) { return NGX_DECLINED; } if (nr_request_chain == 0) { return NGX_DECLINED; } nlcf = ngx_http_get_module_loc_conf(r, ngx_http_neteye_security_module); if (r->internal && !nlcf->force) { return NGX_DECLINED; } if (ngx_http_ns_ctx_init(r) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } if (ngx_http_ns_request_ctx_not_inited(r) && ngx_http_ns_request_ctx_init(r) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } while (1) { module = request_chain[i]; if (r->se_handler != NULL) { if (module == NULL || r->se_handler != module->request_handler) { i++; continue; } r->se_handler = NULL; } if (module && !ngx_http_ns_jump_bit_is_set(r, module->id)) { handler = module->request_handler; ret = handler(r); } else { i++; if (i > max_request_chain) { /* all handlers have been called */ break; } continue; } ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye security handler: %d - %s(ret: %d)", module->id, module->name, ret); /* terminate current process in nginx */ if (ret == NGX_DONE) { return NGX_DONE; } /* skip other handlers */ if (ret == NGX_OK) { break; } if (ret == NGX_ERROR) { ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "Request denied by handler: %d - %s", module->id, module->name); return NGX_ERROR; } if (ngx_http_ns_test_bypass_all(r)) { break; } /* next handler in the list */ if (ret == NGX_DECLINED) { i++; if (i > max_request_chain) { /* all handlers have been called */ break; } continue; } if (ret < 0) { return ret; } /* some internal error */ if (ret >= 400) { return ret; } /* jump to another handler, ret is the new handler id */ if (ret > max_request_chain) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "jump to unkown handler"); return NGX_ERROR; } else { if (request_chain[i] == NULL) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "jump to unkown handler"); return NGX_ERROR; } i = ret; } } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye security phase ends without any deny action"); return NGX_DECLINED; }
static ngx_int_t ngx_http_cp_handler(ngx_http_request_t *r) { ngx_http_cp_loc_conf_t *cplcf; ngx_str_t cookie, cookie_name; ngx_str_t neteye_cookie; #if (NGX_DEBUG) ngx_str_t cookie_magic; #endif ngx_int_t ret; ngx_uint_t i, j; ngx_table_elt_t **h; u_char *start, *end, *p; ngx_http_cp_monitored_cookie_t *m_cookie; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "cookie poison handler begin"); if (ngx_http_session_test_bypass(r)) { return NGX_DECLINED; } cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cookie_poisoning_module); if (!cplcf->enabled) { return NGX_DECLINED; } if (ngx_http_ns_test_bypass_all(r)) { return NGX_DECLINED; } memset(&cookie, 0, sizeof(ngx_str_t)); memset(&cookie_name, 0, sizeof(ngx_str_t)); memset(&neteye_cookie, 0, sizeof(ngx_str_t)); h = r->headers_in.cookies.elts; for (i = 0; i < r->headers_in.cookies.nelts; i++) { start = p = h[i]->value.data; end = start + h[i]->value.len; /* skip the spaces at head */ for (; start < end && *start == ' '; start++) { } if (start == end) { /* no more in this value */ continue; } for (j = 0; j < h[i]->value.len; j++, p++) { if (*p == '=') { cookie_name.data = start; cookie_name.len = p - start; if (cookie_name.len == strlen(NGX_HTTP_SESSION_DEFAULT_COOKIE)) { if (!memcmp(cookie_name.data, NGX_HTTP_SESSION_DEFAULT_COOKIE, strlen(NGX_HTTP_SESSION_DEFAULT_COOKIE))) { goto next; } } /* store this cookie's value to cookie */ ret = ngx_http_parse_multi_header_lines(&r->headers_in.cookies, &cookie_name, &cookie); if (ret == NGX_DECLINED || cookie.len == 0) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "BIG ERROR!"); goto next; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "cookie_name: %V, cookie_data: %V", &cookie_name, &cookie); m_cookie = ngx_http_cp_check_cookie(r, &cookie_name); if (m_cookie != NULL) { /* this cookie is monitored */ if (ngx_http_cp_gen_cookie_data(r, &cookie, &neteye_cookie, m_cookie->magic) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } #if (NGX_DEBUG) cookie_magic.data = m_cookie->cookie_magic; cookie_magic.len = NGX_HTTP_CP_MD5_LEN; ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "neteye_cookie_data: %V, expected: %V", &neteye_cookie, &cookie_magic); #endif if (memcmp(m_cookie->cookie_magic, neteye_cookie.data, NGX_HTTP_CP_MD5_LEN)) { /* not matched, do action */ ret = ngx_http_cp_do_action(r, &cookie_name, &cookie); if (ret != NGX_OK) { return ret; } } } else { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "cookie is not monitored"); } next: for (; start < end && *start != ';'; start++) { } if (start == end) { /* no more in this value */ break; } /* *start == ';' */ start++; for (; start < end && *start == ' '; start++) { } if (start == end) { /* no more in this value */ break; } p = start; } } } return NGX_DECLINED; }