|
From: De V. R. <Ric...@bm...> - 2006-02-15 00:14:02
|
Strange, I am running 1.9.2 on Apache 2.0.55 and my virtual includes appear to be just fine. To be quite honest with you, I am by default not using virtual includes, but for the sake of testing I temporarily enabled it, and did not see any issues. What apache version are you running? I assume you applied the "AddOutputFilter INCLUDES xxxx" directive to your httpd.conf? R -----Original Message----- From: mod...@li... [mailto:mod...@li...] On Behalf Of Ivan Ristic Sent: Tuesday, February 14, 2006 16:11 To: Jeff Taylor Cc: mod...@li... Subject: Re: [mod-security-users] Problems Upgrading from 1.8.7 to 1.9.2 with shtml "virtual" includes Jeff Taylor wrote: > I am having issues with one of my sites after upgrading to version 1.9.2 of=20 > mod_security. I did not change my mod_security file at all. =20 > The problem: all "virtual" includes (ie: <!--#include virtual=3D"/include/ > header.inc" --> ) do not work. No errors are generated in the html that is=20 > exported. No errors are generated in the apache error log. no errors are logged=20 > in the SecAuditLog. If i disable mod_security for this particular vhost=20 > everything works fine.=20 > There is no output (with SecFilterDebugLog set to level 9) that contains=20 > "header.inc" in it.=20 >=20 > I am getting this message for "footer.inc" however: =20 > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][2] Detection phase starting (request 9b64028): "GET /t.php=20 > HTTP/1.1" > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][9] Found msr (9b6a218) in r->main (9bb4488) > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][2] sec_check_access: Filtering off, not an initial request > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][9] sec_insert_filter: Starting > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][9] Found msr (9b6a218) in r->main (9bb4488) > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][2] scan_pre: Adding output filter > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][3] sec_filter_out: start > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][9] Found msr (9b6a218) in r->main (9bb4488) > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][3] sec_filter_out: Content-Type =3D "(null)" > [14/Feb/2006:16:28:02 --0500] [www1domain.domain/sid#9a4b580][rid#9b64028][/ > include/footer.inc][3] sec_filter_out: got 567 bytes, bufused=3D0, buflen=3D16384 Is this all? I would expect more messages here. ModSecurity is reading the output of footer.inc here, waiting for the end (EOS). Once that happens it is supposed to check the output and forward it further. Try disabling output filtering as a workaround. If you have more output in the debug log send me that (to my private address), along with your complete Apache configuration. I'll try to replicate the problem in my setup. --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D103432&bid=3D230486&dat=3D= 121642 _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users |
|
From: Ivan R. <iv...@we...> - 2006-02-15 00:32:24
|
De Vries, Richard wrote: > Strange, I am running 1.9.2 on Apache 2.0.55 and my virtual includes > appear to be just fine. > > To be quite honest with you, I am by default not using virtual includes, > but for the sake of testing I temporarily enabled it, and did not see > any issues. > > What apache version are you running? I assume you applied the > "AddOutputFilter INCLUDES xxxx" directive to your httpd.conf? I've replicated the same problem using the virtual() function from PHP. Perhaps you are not buffering output in your configuration? I've sent a fix to Jeff to try it out. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
|
From: Jeff T. <jt...@tc...> - 2006-02-17 20:37:35
|
Ivan Ristic <ivanr <at> webkreator.com> writes: > > I've replicated the same problem using the virtual() function from > PHP. Perhaps you are not buffering output in your configuration? > > I've sent a fix to Jeff to try it out. > The fix worked perfectly. Many thanks to Ivan for his quick and completely successful fix. In case anyone is experiencing this problem, this is the solution, straight from Ivan... Replace: ap_add_output_filter_handle(global_sec_filter_out, NULL, r, r->connection); with ap_add_output_filter_handle(global_sec_filter_out, msr->ctx_out, r, r- >connection); in the mod_security.c file. Thanks again. .jeff. |
