[packages/nginx.git] / nginx-modsecurity-xheaders.patch

diff -ruNp modsecurity-2.9.0.orig/nginx/modsecurity/ngx_http_modsecurity.c modsecurity-2.9.0/nginx/modsecurity/ngx_http_modsecurity.c
--- modsecurity-2.9.0.orig/nginx/modsecurity/ngx_http_modsecurity.c	2015-02-12 20:08:31.000000000 +0100
+++ modsecurity-2.9.0/nginx/modsecurity/ngx_http_modsecurity.c	2015-07-31 23:34:31.601688075 +0200
@@ -28,6 +28,7 @@
 
 typedef struct {
     ngx_flag_t                  enable;
+    ngx_flag_t                  x_headers;
     directory_config            *config;
 
     ngx_str_t                   *file;
@@ -83,6 +84,12 @@ static ngx_command_t  ngx_http_modsecuri
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_modsecurity_loc_conf_t, enable),
     NULL },
+  { ngx_string("ModSecurityXHeaders"),
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1,
+    ngx_conf_set_flag_slot,
+    NGX_HTTP_LOC_CONF_OFFSET,
+    offsetof(ngx_http_modsecurity_loc_conf_t, x_headers),
+    NULL },
   ngx_null_command
 };
 
@@ -432,7 +439,11 @@ ngx_http_modsecurity_save_headers_in_vis
     }
 
     ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
+    h->lowcase_key[h->key.len] = '\0';
 
+    if (!ngx_strcmp(h->lowcase_key, "host"))
+        return 1;
+ 
     h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
 
     cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
@@ -737,8 +748,10 @@ ngx_http_modsecurity_save_headers_out_vi
     ngx_table_elt_t                *h, he;
     ngx_http_upstream_header_t     *hh;
     ngx_http_upstream_main_conf_t  *umcf;
+    ngx_table_elt_t                *tmp_header;
 
     umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
+    ngx_http_modsecurity_loc_conf_t *conf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
 
     h = &he;
 
@@ -755,6 +768,19 @@ ngx_http_modsecurity_save_headers_out_vi
 
     ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
 
+    if (conf->x_headers) {
+        h->lowcase_key[h->key.len] = '\0';
+        if (h->lowcase_key[0] == 'x' &&
+            h->lowcase_key[1] == '-') {
+
+            tmp_header = ngx_list_push(&r->headers_out.headers);
+            tmp_header->key = h->key;
+            tmp_header->value = h->value;
+            tmp_header->hash = 1;
+            return 1;
+        }
+    }
+
     h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
 
     hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
@@ -810,6 +836,7 @@ ngx_http_modsecurity_create_loc_conf(ngx
 
     conf->config = NGX_CONF_UNSET_PTR;
     conf->enable = NGX_CONF_UNSET;
+    conf->x_headers = NGX_CONF_UNSET;
 
     return conf;
 }
@@ -823,6 +850,7 @@ ngx_http_modsecurity_merge_loc_conf(ngx_
     ngx_http_modsecurity_loc_conf_t  *conf = child;
 
     ngx_conf_merge_value(conf->enable, prev->enable, 0);
+    ngx_conf_merge_value(conf->x_headers, prev->x_headers, 0);
     ngx_conf_merge_ptr_value(conf->config, prev->config, NULL);
 
     if (conf->enable && conf->config == NULL) {
Commit	Line	Data
7ce2935c AO	1	diff -ruNp modsecurity-2.9.0.orig/nginx/modsecurity/ngx_http_modsecurity.c modsecurity-2.9.0/nginx/modsecurity/ngx_http_modsecurity.c
	2	--- modsecurity-2.9.0.orig/nginx/modsecurity/ngx_http_modsecurity.c 2015-02-12 20:08:31.000000000 +0100
	3	+++ modsecurity-2.9.0/nginx/modsecurity/ngx_http_modsecurity.c 2015-07-31 23:34:31.601688075 +0200
	4	@@ -28,6 +28,7 @@
	5
	6	typedef struct {
	7	ngx_flag_t enable;
	8	+ ngx_flag_t x_headers;
	9	directory_config *config;
	10
	11	ngx_str_t *file;
	12	@@ -83,6 +84,12 @@ static ngx_command_t ngx_http_modsecuri
	13	NGX_HTTP_LOC_CONF_OFFSET,
	14	offsetof(ngx_http_modsecurity_loc_conf_t, enable),
	15	NULL },
	16	+ { ngx_string("ModSecurityXHeaders"),
	17	+ NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_HTTP_SIF_CONF\|NGX_HTTP_LOC_CONF\|NGX_HTTP_LIF_CONF\|NGX_CONF_TAKE1,
	18	+ ngx_conf_set_flag_slot,
	19	+ NGX_HTTP_LOC_CONF_OFFSET,
	20	+ offsetof(ngx_http_modsecurity_loc_conf_t, x_headers),
	21	+ NULL },
	22	ngx_null_command
	23	};
	24
	25	@@ -432,7 +439,11 @@ ngx_http_modsecurity_save_headers_in_vis
	26	}
	27
	28	ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
	29	+ h->lowcase_key[h->key.len] = '\0';
	30
	31	+ if (!ngx_strcmp(h->lowcase_key, "host"))
	32	+ return 1;
	33	+
	34	h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
	35
	36	cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
	37	@@ -737,8 +748,10 @@ ngx_http_modsecurity_save_headers_out_vi
	38	ngx_table_elt_t *h, he;
	39	ngx_http_upstream_header_t *hh;
	40	ngx_http_upstream_main_conf_t *umcf;
	41	+ ngx_table_elt_t *tmp_header;
	42
	43	umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
	44	+ ngx_http_modsecurity_loc_conf_t *conf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
	45
	46	h = &he;
	47
	48	@@ -755,6 +768,19 @@ ngx_http_modsecurity_save_headers_out_vi
	49
	50	ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
	51
	52	+ if (conf->x_headers) {
	53	+ h->lowcase_key[h->key.len] = '\0';
	54	+ if (h->lowcase_key[0] == 'x' &&
	55	+ h->lowcase_key[1] == '-') {
	56	+
	57	+ tmp_header = ngx_list_push(&r->headers_out.headers);
	58	+ tmp_header->key = h->key;
	59	+ tmp_header->value = h->value;
	60	+ tmp_header->hash = 1;
	61	+ return 1;
	62	+ }
	63	+ }
	64	+
65	h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
66
67	hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
68	@@ -810,6 +836,7 @@ ngx_http_modsecurity_create_loc_conf(ngx
69
70	conf->config = NGX_CONF_UNSET_PTR;
71	conf->enable = NGX_CONF_UNSET;
72	+ conf->x_headers = NGX_CONF_UNSET;
73
74	return conf;
75	}
76	@@ -823,6 +850,7 @@ ngx_http_modsecurity_merge_loc_conf(ngx_
77	ngx_http_modsecurity_loc_conf_t *conf = child;
78
79	ngx_conf_merge_value(conf->enable, prev->enable, 0);
80	+ ngx_conf_merge_value(conf->x_headers, prev->x_headers, 0);
81	ngx_conf_merge_ptr_value(conf->config, prev->config, NULL);
82
83	if (conf->enable && conf->config == NULL) {