[Mod-security-developers] ModSecurity Nginx, regular request can't be response, and deny action can‘t return status code which defined in the SecRule

[yorkng z. <yor...@gm...>]

hi, Alan
2.7-iis-nginx works at nginx release-1.1.20(Ubuntu 12.04)
regular request can't be response, i use curl like
**
$curl http://localhost/
<html>
<head><title>500 Internal Server Error</title></head>
<body bgcolor="white">
<center><h1>500 Internal Server Error</h1></center>
<hr><center>nginx/1.1.20</center>
</body>
</html>

my config file

*conf/nginx.conf*

server {
   listen          80;
   server_name     192.168.10.34;
   location / {
        root html;
        index index.html;
        ModSecurityConfig /opt/2.7-iis-nginx/conf.d/ModSec.data;
        ModSecurityEnabled On;
   }

*conf.d/ModSec.data*

SecRuleEngine on
SecRule REQUEST_URI "secret" "id:999, phase:1,deny,status:403"

i use GDB trace the code, i don't know why code like this:
--------------------------------------------------
400   if(status == DECLINED)
401   {
402     // this function would work here, but it is only internal
403     //ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
404     //return (NGX_DECLINED);
405
406     // If DECLINED, finalize connection (sent FIN) and return HTTP 500
407     ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "Invalid
Requ    est");
408     ngx_http_finalize_request(req, NGX_HTTP_INTERNAL_SERVER_ERROR);
409     return NGX_HTTP_INTERNAL_SERVER_ERROR;
410   }
413     return NGX_OK;
414 }
----------------------------------------------
when regular request happens, the status == DECLINED, why* return
NGX_HTTP_INTERNAL_SERVER_ERROR*? and the right code* return
(NGX_DECLINED)*is commented。


another pazzle，when the secrule match, the return code should return status
code defineded in SecRule, in this expemle, should return 403, but in the
source code,* return NGX_OK*, why?
i have check HTTP return status code defined in APACHE and NGINX, all
compliance the RFC 2616. so my patch bellow：


   if(status == DECLINED)
   {
     // this function would work here, but it is only internal
     //ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
-    //return (NGX_DECLINED);
+    return (NGX_DECLINED);

     // If DECLINED, finalize connection (sent FIN) and return HTTP 500
     ngx_log_error(NGX_LOG_INFO, req->connection->log, 0, "Invalid
Request");
     ngx_http_finalize_request(req, NGX_HTTP_INTERNAL_SERVER_ERROR);
     return NGX_HTTP_INTERNAL_SERVER_ERROR;
   }
-
-    return NGX_OK;
+   return status;
 }


Regards,

Yorkng