Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Environment:
Scope:
Apache receives SOAP requests and then proxies them to a target server. In the meantime Mod_security logs the entire request and response sequentially, thanks to SecRequestBodyAccess.
Issue:
If the client sends a chunked request big enough to force Mod_security to store the chunks on disk (more than 128 kB by default), the webserver generates two final chunk with zero instead of one.
The destination server behave like it received two requests, but the second one is sintactically uncorrected because it contains only an empty chunk.
This issue happens only when flag SecRequestBodyAccess is on, but I would like keep it enabled.
I tried to upgrade Apache to version 2.4, CentOS to version 7 but nothing changed.
Possible fix:
I checked out the code and I found the way to fix the problem:
In apache2_io.c at line 88 one more "if" is needed to prevent Mod_security to add an empty chunk in excess
I applied this fix in master, v2.9.1 tag and v2/master and it always worked out.
I ran all tests after my fix, and none failed.