Removed SecDefineRemoteAddr and fixed Apache 2.4 mod_remoteip integration

2013-05-06 00:49:07 -04:00 · 2013-05-06 00:49:07 -04:00 · cd31b39ce1
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@ -159,9 +159,6 @@ void *create_directory_config(apr_pool_t *mp, char *path)
    /* xml external entity */
    dcfg->xml_external_entity = NOT_SET;

-    /* remote addr define */
-    dcfg->remote_define = NOT_SET_P;
-
    return dcfg;
 }

@ -601,10 +598,6 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
    merged->xml_external_entity = (child->xml_external_entity == NOT_SET
        ? parent->xml_external_entity : child->xml_external_entity);

-    /* remote add define */
-    merged->remote_define = (child->remote_define == NOT_SET_P
-        ? parent->remote_define : child->remote_define);
-
    return merged;
 }

@ -728,9 +721,6 @@ void init_directory_config(directory_config *dcfg)
    /* xml external entity */
    if (dcfg->xml_external_entity == NOT_SET) dcfg->xml_external_entity = 0;

-    /* remote addr define */
-    if (dcfg->remote_define == NOT_SET_P) dcfg->remote_define = "default";
-
 }

 /**
@ -2296,15 +2286,6 @@ static const char *cmd_web_app_id(cmd_parms *cmd, void *_dcfg, const char *p1)
    return NULL;
 }

-static const char *cmd_remote_addr_define(cmd_parms *cmd, void *_dcfg, const char *p1)
-{
-    directory_config *dcfg = (directory_config *)_dcfg;
-
-    dcfg->remote_define = p1;
-
-    return NULL;
-}
-
 static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1)
 {
    directory_config *dcfg = (directory_config *)_dcfg;
@ -3494,14 +3475,6 @@ const command_rec module_directives[] = {
        "id"
    ),

-    AP_INIT_TAKE1 (
-        "SecRemoteAddrDefine",
-        cmd_remote_addr_define,
-        NULL,
-        CMD_SCOPE_MAIN,
-        "Define a request header field to define remote addr"
-    ),
-
    AP_INIT_TAKE1 (
        "SecSensorId",
        cmd_sensor_id,
--- a/apache2/apache2_util.c
+++ b/apache2/apache2_util.c
@ -272,24 +272,9 @@ static void internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *
            "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", r->useragent_ip ? r->useragent_ip : r->connection->client_ip, str1,
            hostname, log_escape(msr->mp, r->uri), unique_id);
 #else
-        if(strcasecmp(msr->txcfg->remote_define, "default") == 0)   {
-            ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
-                    "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", r->connection->remote_ip, str1,
-                    hostname, log_escape(msr->mp, r->uri), unique_id);
-        } else  {
-            remote = (char *)apr_table_get(msr->r->headers_in, msr->txcfg->remote_define);
-            if(remote == NULL)  {
-                ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
-                        "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", r->connection->remote_ip, str1,
-                        hostname, log_escape(msr->mp, r->uri), unique_id);
-            } else  {
-                parse_remote = apr_pstrdup(msr->mp, remote);
-                str = apr_strtok(parse_remote, ",", &saved);
-                ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
-                        "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", str, str1,
-                        hostname, log_escape(msr->mp, r->uri), unique_id);
-            }
-        }
+        ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
+                "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", msr->remote_addr ? msr->remote_addr : r->connection->remote_ip, str1,
+                hostname, log_escape(msr->mp, r->uri), unique_id);
 #endif

        /* Add this message to the list. */
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@ -600,9 +600,6 @@ struct directory_config {

    /* xml */
    int                 xml_external_entity;
-
-    /* remote addr */
-    const char          *remote_define;
 };

 struct error_message_t {
--- a/apache2/re_variables.c
+++ b/apache2/re_variables.c
@ -713,35 +713,14 @@ static int var_useragent_ip_generate(modsec_rec *msr, msre_var *var, msre_rule *
 static int var_remote_addr_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
    apr_table_t *vartab, apr_pool_t *mptmp)
 {
-    char *remote = NULL;
-    char *parse_remote = NULL;
-    char *saved = NULL;
-    char *str = NULL;
-
-    if(strcasecmp(msr->txcfg->remote_define, "default") == 0)   {
-        if (msr->txcfg->debuglog_level >= 9) {
-            msr_log(msr, 9, "Set variable \"%s\" to \"%s\".", var->name, msr->remote_addr);
-        }
+#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 3
+    if (ap_find_linked_module("mod_remoteip.c") != NULL) {
+        if(msr->r->useragent_ip != NULL) msr->remote_addr = apr_pstrdup(msr->mp, msr->r->useragent_ip);
        return var_simple_generate(var, vartab, mptmp, msr->remote_addr);
-    } else  {
-        remote = (char *)apr_table_get(msr->r->headers_in, msr->txcfg->remote_define);
-        if(remote == NULL)  {
-            if (msr->txcfg->debuglog_level >= 9) {
-                msr_log(msr, 9, "Request header \"%s\" not present setting variable \"%s\" to \"%s\".", msr->txcfg->remote_define,
-                    var->name, msr->remote_addr);
-            }
-            return var_simple_generate(var, vartab, mptmp, msr->remote_addr);
-        } else  {
-            parse_remote = apr_pstrdup(msr->mp, remote);
-            str = apr_strtok(parse_remote, ",", &saved);
-            msr->remote_addr = apr_pstrdup(msr->mp, str);
-            if (msr->txcfg->debuglog_level >= 9) {
-                msr_log(msr, 9, "Request header \"%s\" is present setting variable \"%s\" to \"%s\".", msr->txcfg->remote_define,
-                    var->name, msr->remote_addr);
-            }
-            return var_simple_generate(var, vartab, mptmp, msr->remote_addr);
-        }
    }
+#endif
+
+    return var_simple_generate(var, vartab, mptmp, msr->remote_addr);
 }

 /* REMOTE_HOST */