Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Nginx Improved: modsec terminate handling #61

Merged
merged 1 commit into from

2 participants

@chaizhenhua

No description provided.

@brenosilva brenosilva merged commit 2094793 into SpiderLabs:remotes/trunk
@brenosilva

Applied!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 4, 2013
  1. @chaizhenhua
This page is out of date. Refresh to see the latest.
Showing with 18 additions and 21 deletions.
  1. +18 −21 nginx/modsecurity/ngx_http_modsecurity.c
View
39 nginx/modsecurity/ngx_http_modsecurity.c
@@ -52,7 +52,6 @@ static ngx_int_t ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_cha
static ngx_int_t ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf);
static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t *cycle);
-static void ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle);
static void *ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child);
static char *ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
@@ -60,6 +59,7 @@ static char *ngx_http_modsecurity_enable(ngx_conf_t *cf, ngx_command_t *cmd, voi
static ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
static int ngx_http_modsecurity_drop_action(request_rec *r);
+static void ngx_http_modsecurity_finalize(void *data);
static void ngx_http_modsecurity_cleanup(void *data);
static int ngx_http_modsecurity_save_headers_in_visitor(void *data, const char *key, const char *value);
@@ -113,8 +113,8 @@ ngx_module_t ngx_http_modsecurity = {
ngx_http_modsecurity_init_process, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
- ngx_http_modsecurity_exit_process, /* exit process */
- ngx_http_modsecurity_exit_process, /* exit master */
+ NULL, /* exit process */
+ NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
@@ -122,7 +122,6 @@ static ngx_http_output_header_filter_pt ngx_http_next_header_filter;
static ngx_http_output_body_filter_pt ngx_http_next_body_filter;
static ngx_http_upstream_t ngx_http_modsecurity_upstream;
-static ngx_uint_t ngx_http_modsecurity_term = 0;
static struct {
char *name;
@@ -883,7 +882,8 @@ modsec_pcre_free(void *ptr)
static ngx_int_t
ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
{
- server_rec *s;
+ server_rec *s;
+ ngx_pool_cleanup_t *cln;
/* XXX: temporary hack, nginx uses pcre as well and hijacks these two */
pcre_malloc = modsec_pcre_malloc;
@@ -898,6 +898,12 @@ ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
return NGX_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+ cln->handler = ngx_http_modsecurity_finalize;
+
/* set host name */
s->server_hostname = ngx_palloc(cf->pool, ngx_cycle->hostname.len + 1);
if (s->server_hostname == NULL) {
@@ -911,6 +917,12 @@ ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
}
+static void
+ngx_http_modsecurity_finalize(void *data)
+{
+ modsecTerminate();
+}
+
static ngx_int_t
ngx_http_modsecurity_init(ngx_conf_t *cf)
@@ -921,9 +933,6 @@ ngx_http_modsecurity_init(ngx_conf_t *cf)
modsecFinalizeConfig();
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
- if (cmcf == NULL) {
- return NGX_ERROR;
- }
h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
if (h == NULL) {
@@ -946,25 +955,13 @@ ngx_http_modsecurity_init(ngx_conf_t *cf)
static ngx_int_t
ngx_http_modsecurity_init_process(ngx_cycle_t *cycle)
{
+ /* must set log hook here cf->log maybe changed */
modsecSetLogHook(cycle->log, modsecLog);
modsecInitProcess();
return NGX_OK;
}
-static void
-ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle)
-{
- /* ngx_single_process_cycle will call master and worker exit_process twice */
- if (ngx_http_modsecurity_term) {
- return;
- }
-
- ngx_http_modsecurity_term = 1;
- modsecTerminate();
-}
-
-
/*
** [ENTRY POINT] does : this function called by nginx from the request handler
*/
Something went wrong with that request. Please try again.