Closed liudongmiao closed 2 years ago
Nginx handles error_page via ngx_http_internal_redirect, and audit log in ModSecurity-nginx is trigged in the next handler.
error_page
ngx_http_internal_redirect
ModSecurity-nginx
In nginx's code, it's harded to GET for non-HEAD, refers https://github.com/nginx/nginx/blob/master/src/http/ngx_http_special_response.c#L618-L621:
GET
HEAD
if (r->method != NGX_HTTP_HEAD) { r->method = NGX_HTTP_GET; r->method_name = ngx_http_core_get_method; }
This patch use method_name from request_line to fix this issue.
method_name
request_line
This should fix method name in https://github.com/SpiderLabs/ModSecurity-nginx/issues/182, and solve https://github.com/SpiderLabs/ModSecurity-nginx/issues/258.
Nginx handles
error_page
viangx_http_internal_redirect
, and audit log inModSecurity-nginx
is trigged in the next handler.In nginx's code, it's harded to
GET
for non-HEAD
, refers https://github.com/nginx/nginx/blob/master/src/http/ngx_http_special_response.c#L618-L621:This patch use
method_name
fromrequest_line
to fix this issue.This should fix method name in https://github.com/SpiderLabs/ModSecurity-nginx/issues/182, and solve https://github.com/SpiderLabs/ModSecurity-nginx/issues/258.