Skip to content
This repository

Nginx Improved: modsec terminate handling #61

Merged
merged 1 commit into from over 1 year ago

2 participants

Chai Zhenhua Breno Silva
Chai Zhenhua

No description provided.

Breno Silva brenosilva merged commit 2094793 into from
Breno Silva

Applied!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Apr 04, 2013
Chai Zhenhua chaizhenhua Nginx Improved: modsec terminate handling ddd6bd2
This page is out of date. Refresh to see the latest.

Showing 1 changed file with 18 additions and 21 deletions. Show diff stats Hide diff stats

  1. +18 21 nginx/modsecurity/ngx_http_modsecurity.c
39 nginx/modsecurity/ngx_http_modsecurity.c
@@ -52,7 +52,6 @@ static ngx_int_t ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_cha
52 52 static ngx_int_t ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf);
53 53 static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
54 54 static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t *cycle);
55   -static void ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle);
56 55 static void *ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf);
57 56 static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child);
58 57 static char *ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
@@ -60,6 +59,7 @@ static char *ngx_http_modsecurity_enable(ngx_conf_t *cf, ngx_command_t *cmd, voi
60 59
61 60 static ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
62 61 static int ngx_http_modsecurity_drop_action(request_rec *r);
  62 +static void ngx_http_modsecurity_finalize(void *data);
63 63 static void ngx_http_modsecurity_cleanup(void *data);
64 64
65 65 static int ngx_http_modsecurity_save_headers_in_visitor(void *data, const char *key, const char *value);
@@ -113,8 +113,8 @@ ngx_module_t ngx_http_modsecurity = {
113 113 ngx_http_modsecurity_init_process, /* init process */
114 114 NULL, /* init thread */
115 115 NULL, /* exit thread */
116   - ngx_http_modsecurity_exit_process, /* exit process */
117   - ngx_http_modsecurity_exit_process, /* exit master */
  116 + NULL, /* exit process */
  117 + NULL, /* exit master */
118 118 NGX_MODULE_V1_PADDING
119 119 };
120 120
@@ -122,7 +122,6 @@ static ngx_http_output_header_filter_pt ngx_http_next_header_filter;
122 122 static ngx_http_output_body_filter_pt ngx_http_next_body_filter;
123 123
124 124 static ngx_http_upstream_t ngx_http_modsecurity_upstream;
125   -static ngx_uint_t ngx_http_modsecurity_term = 0;
126 125
127 126 static struct {
128 127 char *name;
@@ -883,7 +882,8 @@ modsec_pcre_free(void *ptr)
883 882 static ngx_int_t
884 883 ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
885 884 {
886   - server_rec *s;
  885 + server_rec *s;
  886 + ngx_pool_cleanup_t *cln;
887 887
888 888 /* XXX: temporary hack, nginx uses pcre as well and hijacks these two */
889 889 pcre_malloc = modsec_pcre_malloc;
@@ -898,6 +898,12 @@ ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
898 898 return NGX_ERROR;
899 899 }
900 900
  901 + cln = ngx_pool_cleanup_add(cf->pool, 0);
  902 + if (cln == NULL) {
  903 + return NGX_ERROR;
  904 + }
  905 + cln->handler = ngx_http_modsecurity_finalize;
  906 +
901 907 /* set host name */
902 908 s->server_hostname = ngx_palloc(cf->pool, ngx_cycle->hostname.len + 1);
903 909 if (s->server_hostname == NULL) {
@@ -911,6 +917,12 @@ ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
911 917 }
912 918
913 919
  920 +static void
  921 +ngx_http_modsecurity_finalize(void *data)
  922 +{
  923 + modsecTerminate();
  924 +}
  925 +
914 926
915 927 static ngx_int_t
916 928 ngx_http_modsecurity_init(ngx_conf_t *cf)
@@ -921,9 +933,6 @@ ngx_http_modsecurity_init(ngx_conf_t *cf)
921 933 modsecFinalizeConfig();
922 934
923 935 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
924   - if (cmcf == NULL) {
925   - return NGX_ERROR;
926   - }
927 936
928 937 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
929 938 if (h == NULL) {
@@ -946,25 +955,13 @@ ngx_http_modsecurity_init(ngx_conf_t *cf)
946 955 static ngx_int_t
947 956 ngx_http_modsecurity_init_process(ngx_cycle_t *cycle)
948 957 {
  958 + /* must set log hook here cf->log maybe changed */
949 959 modsecSetLogHook(cycle->log, modsecLog);
950 960 modsecInitProcess();
951 961 return NGX_OK;
952 962 }
953 963
954 964
955   -static void
956   -ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle)
957   -{
958   - /* ngx_single_process_cycle will call master and worker exit_process twice */
959   - if (ngx_http_modsecurity_term) {
960   - return;
961   - }
962   -
963   - ngx_http_modsecurity_term = 1;
964   - modsecTerminate();
965   -}
966   -
967   -
968 965 /*
969 966 ** [ENTRY POINT] does : this function called by nginx from the request handler
970 967 */

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.