From 7f0eced5bc2e83bf2c0adbf935004a8c4e5cc5af Mon Sep 17 00:00:00 2001
From: Allan Boll <allanbo@microsoft.com>
Date: Tue, 16 Apr 2019 14:19:57 -0700
Subject: [PATCH] ModSec on IIS: Block on bad config (#111)

* ModSec on IIS: Block on bad config
---
 iis/moduleconfig.h |  2 ++
 iis/mymodule.cpp   | 23 +++++++++++++++++++----
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/iis/moduleconfig.h b/iis/moduleconfig.h
index e4f149b3..e7da87a4 100644
--- a/iis/moduleconfig.h
+++ b/iis/moduleconfig.h
@@ -71,6 +71,8 @@ class MODSECURITY_STORED_CONTEXT : public IHttpStoredContext
 
     directory_config* config = nullptr;
 
+    bool configLoadingFailed = false;
+
 private:
     HRESULT 
     GetBooleanPropertyValue( 
diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp
index 6fbac986..8b8901cb 100644
--- a/iis/mymodule.cpp
+++ b/iis/mymodule.cpp
@@ -798,7 +798,9 @@ CMyHttpModule::OnBeginRequest(IHttpContext* httpContext, IHttpEventProvider* pro
     HRESULT hr = MODSECURITY_STORED_CONTEXT::GetConfig(httpContext, &config);
     if (FAILED(hr))
     {
-        return RQ_NOTIFICATION_CONTINUE;
+        httpContext->GetResponse()->SetStatus(500, "WAF internal error. Unable to get config.");
+        httpContext->SetRequestHandled();
+        return RQ_NOTIFICATION_FINISH_REQUEST;
     }
 
     // If module is disabled, don't go any further
@@ -808,6 +810,19 @@ CMyHttpModule::OnBeginRequest(IHttpContext* httpContext, IHttpEventProvider* pro
         return RQ_NOTIFICATION_CONTINUE;
     }
 
+    auto reportConfigurationError = [config, httpContext] {
+        config->configLoadingFailed = true;
+        httpContext->GetResponse()->SetStatus(500, "WAF internal error. Invalid configuration.");
+        httpContext->SetRequestHandled();
+        return RQ_NOTIFICATION_FINISH_REQUEST;
+    };
+
+    // If we previously failed to load the config, don't spam the event log by trying and failing again
+    if (config->configLoadingFailed)
+    {
+        return reportConfigurationError();
+    }
+
     if (config->config == nullptr)
     {
         char *path;
@@ -816,7 +831,7 @@ CMyHttpModule::OnBeginRequest(IHttpContext* httpContext, IHttpEventProvider* pro
         hr = config->GlobalWideCharToMultiByte(config->GetPath(), wcslen(config->GetPath()), &path, &pathlen);
         if (FAILED(hr))
         {
-            return RQ_NOTIFICATION_FINISH_REQUEST;
+            return reportConfigurationError();
         }
 
         config->config = modsecGetDefaultConfig();
@@ -829,7 +844,7 @@ CMyHttpModule::OnBeginRequest(IHttpContext* httpContext, IHttpEventProvider* pro
         if (FAILED(hr))
         {
             delete path;
-            return RQ_NOTIFICATION_FINISH_REQUEST;
+            return reportConfigurationError();
         }
 
         if (path[0] != 0)
@@ -841,7 +856,7 @@ CMyHttpModule::OnBeginRequest(IHttpContext* httpContext, IHttpEventProvider* pro
                 WriteEventViewerLog(err, EVENTLOG_ERROR_TYPE);
                 delete apppath;
                 delete path;
-                return RQ_NOTIFICATION_CONTINUE;
+                return reportConfigurationError();
             }
 
             modsecReportRemoteLoadedRules();