575
575
ngx_http_request_t *r,
576
576
ngx_array_t *ostr, ngx_str_t **ret_uri)
578
u_int /*len,*/ sz_left, sub, offset = 0, seed = 0, i;
578
u_int sz_left, sub, psub, offset = 0, seed = 0, i;
579
579
ngx_str_t *fragment, *tmp_uri;
580
580
const char *fmt_base = "ip=%.*s&server=%.*s&uri=%.*s&learning=%d&vers=%.*s&total_processed=%zu&total_blocked=%zu";
581
581
const char *fmt_rm = "&zone%d=%s&id%d=%d&var_name%d=%.*s";
641
642
** This one would not fit :
642
643
** append a seed to the current fragment,
643
** store it, and start a new one
644
** and start a new one
645
646
if (sub >= sz_left)
648
** if event's len alone cannot fit in maximum size,
649
** truncate it. Don't even warn the user, as
650
** it has no chance of being legitimate,
652
if (sub >= MAX_LINE_SIZE - MAX_SEED_LEN) {
653
sub = snprintf((char *)fragment->data+offset, sz_left,
654
fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i,
655
mr[i].name->len, mr[i].name->data);
656
offset += (sz_left-1);
659
** if it's the only one, don't append a seed,
660
** this would cause fake missing lines
662
if (i+1 >= ctx->matched->nelts)
665
/* else, append it to next fragment. */
668
/* not real random, just to avoid collisions,
650
** not real random, just to avoid collisions,
669
651
** seed are used as link, as 2 random seeds can be
670
652
** present per string
681
663
sub = snprintf((char *)fragment->data, MAX_SEED_LEN, "seed_end=%d", seed);
682
664
sz_left = MAX_LINE_SIZE - sub;
666
/* if it did not fit because the event itself is too big,
667
truncate it, and append to the new fragment */
668
if (psub > MAX_LINE_SIZE - MAX_SEED_LEN - 1) {
669
sub = snprintf((char *)fragment->data+offset, sz_left,
670
fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i,
671
mr[i].name->len, mr[i].name->data);
672
offset = sz_left - 1;
686
678
sub = snprintf((char *)fragment->data+offset, sz_left,
688
680
mr[i].name->len, mr[i].name->data);
684
} while(i < ctx->matched->nelts);
686
ngx_log_error(NGX_LOG_ERR, r->connection->log,
687
0, "NAXSI_FMT: NOTHING TO MATCH ?!");
694
fragment->len = offset+sub;
689
fragment->len = offset;
695
690
return (NGX_HTTP_OK);