Improves SecRemoteRules messages on IIS

IIS was not displaying correctly the error messages and the amount of
loaded rules while the operator SecRemoteRules was used.

Author: Felipe Zimmerle

apache2/mod_security2.c

@@ -752,7 +752,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
                     real_server_signature);
         }
 
-#ifndef WIN32
+#ifndef VERSION_IIS
         if (status_engine_state != STATUS_ENGINE_DISABLED) {
             msc_status_engine_call();
         }
@@ -767,18 +767,12 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
     /**
      * Checking if it is not the first time that we are in this very function.
      * We want to show the messages below during the start and the reload.
-     *
-     * Turns out that IIS version does not hit it twice, thus, we have to show
-     * the message in the first (and unique) opportunity.
      */
-#ifdef VERSION_IIS
-    if (first_time == 1)
-    {
-#else
+#ifndef VERSION_IIS
     if (first_time != 1)
     {
-#endif
 #ifdef WITH_REMOTE_RULES
+
         if (remote_rules_server != NULL)
         {
             if (remote_rules_server->amount_of_rules == 1)
@@ -804,6 +798,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
                 remote_rules_fail_message);
         }
     }
+#endif
 
     srand((unsigned int)(time(NULL) * getpid()));
 

iis/mymodule.cpp

@@ -797,8 +797,12 @@ CMyHttpModule::OnBeginRequest(
 					goto Finished;
 				}
 
-				modsecStatusEngineCall();
-
+				modsecReportRemoteLoadedRules();
+				if (this->status_call_already_sent == false)
+				{
+					this->status_call_already_sent = true;
+					modsecStatusEngineCall();
+				}
 			}
 			delete apppath;
 		}
@@ -1254,6 +1258,8 @@ CMyHttpModule::CMyHttpModule()
     GetSystemInfo(&sysInfo);
     m_dwPageSize = sysInfo.dwPageSize;
 
+    this->status_call_already_sent = false;
+
 	InitializeCriticalSection(&m_csLock);
 
 	modsecSetLogHook(this, Log);

iis/mymodule.h

@@ -52,6 +52,7 @@ class CMyHttpModule : public CHttpModule
     void Dispose();
 
     BOOL WriteEventViewerLog(LPCSTR szNotification, WORD category = EVENTLOG_INFORMATION_TYPE);
+    BOOL status_call_already_sent;
 };
 
 #endif

standalone/api.c

@@ -705,7 +705,7 @@ const char *modsecIsServerSignatureAvailale(void) {
     return new_server_signature;
 }
 
-#ifdef WIN32
+#ifdef VERSION_IIS
 void modsecStatusEngineCall()
 {
     if (status_engine_state != STATUS_ENGINE_DISABLED) {
@@ -717,4 +717,34 @@ void modsecStatusEngineCall()
             "SecStatusEngine to On.\n");
     }
 }
+
+void modsecReportRemoteLoadedRules()
+{
+#ifdef WITH_REMOTE_RULES
+    if (remote_rules_server != NULL)
+    {
+        if (remote_rules_server->amount_of_rules == 1)
+        {
+            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+                "ModSecurity: Loaded %d rule from: '%s'.",
+                remote_rules_server->amount_of_rules,
+                remote_rules_server->uri);
+        }
+        else
+        {
+            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+                "ModSecurity: Loaded %d rules from: '%s'.",
+                remote_rules_server->amount_of_rules,
+                remote_rules_server->uri);
+        }
+    }
+#endif
+    if (remote_rules_fail_message != NULL)
+    {
+        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, "ModSecurity: " \
+            "Problems loading external resources: %s",
+            remote_rules_fail_message);
+    }
+
+}
 #endif

standalone/api.h

@@ -119,8 +119,9 @@ void modsecSetConfigForIISRequestBody(request_rec *r);
 
 const char *modsecIsServerSignatureAvailale(void);
 
-#ifdef WIN32
+#ifdef VERSION_IIS
 void modsecStatusEngineCall(void);
+void modsecReportRemoteLoadedRules(void);
 #endif
 
 #ifdef __cplusplus