Skip to content

Commit 72a3389

Browse files
brenosilvabrenosilva
committed
Merge pull request #65 from chaizhenhua/remotes/trunk
Nginx Improved: if "SecResponseBodyAccess off" do not copy response body...
2 parents 3da87da + e553761 commit 72a3389

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

nginx/modsecurity/ngx_http_modsecurity.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1077,16 +1077,17 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) {
10771077
const char *location;
10781078
ngx_table_elt_t *h;
10791079
ngx_int_t rc;
1080-
1080+
10811081

10821082
cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
10831083
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
10841084

1085+
/* already processed, checking redirect action. */
10851086
if (ctx && ctx->complete
10861087
&& r->err_status >= NGX_HTTP_MOVED_PERMANENTLY
10871088
&& r->err_status < 308) {
10881089

1089-
/* 3XX load redirect location header so that we can do redirec in phase 3,4 */
1090+
/* 3XX load redirect location header so that we can do redirect in phase 3,4 */
10901091
location = apr_table_get(ctx->req->headers_out, "Location");
10911092

10921093
if (location == NULL) {
@@ -1113,7 +1114,8 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) {
11131114

11141115
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: header filter");
11151116

1116-
if (r->method == NGX_HTTP_HEAD || r->header_only) {
1117+
/* header only or SecResponseBodyAccess off */
1118+
if (r->header_only || (!modsecIsResponseBodyAccessEnabled(ctx->req)) ) {
11171119

11181120
ctx->complete = 1;
11191121

@@ -1126,17 +1128,18 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) {
11261128
rc = ngx_http_modsecurity_status(r, modsecProcessResponse(ctx->req));
11271129

11281130
if (rc != NGX_DECLINED) {
1129-
return rc;
1131+
return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc);
11301132
}
11311133

11321134
if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK
11331135
|| ngx_http_modsecurity_save_headers_out(r) != NGX_OK) {
1134-
return NGX_HTTP_INTERNAL_SERVER_ERROR;
1136+
return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
11351137
}
11361138

11371139
return ngx_http_next_header_filter(r);
11381140
}
11391141

1142+
/* SecResponseBodyAccess on, process rules in body filter */
11401143
return NGX_OK;
11411144
}
11421145

0 commit comments

Comments
 (0)