diff --git a/headers/modsecurity/intervention.h b/headers/modsecurity/intervention.h index af88e85813..7df28907cf 100644 --- a/headers/modsecurity/intervention.h +++ b/headers/modsecurity/intervention.h @@ -26,6 +26,7 @@ typedef struct ModSecurityIntervention_t { char *url; char *log; int disruptive; + int severity; } ModSecurityIntervention; #ifdef __cplusplus @@ -34,6 +35,7 @@ namespace intervention { i->status = 200; i->pause = 0; i->disruptive = 0; + i->severity = 0; } static void clean(ModSecurityIntervention_t *i) { diff --git a/src/actions/disruptive/allow.cc b/src/actions/disruptive/allow.cc index 59e17374a1..4021dea454 100644 --- a/src/actions/disruptive/allow.cc +++ b/src/actions/disruptive/allow.cc @@ -55,6 +55,9 @@ bool Allow::evaluate(RuleWithActions *rule, Transaction *transaction) { + allowTypeToName(m_allowType)); transaction->m_allowType = m_allowType; + if (rule->hasSeverity()) { + transaction->m_it.severity = rule->severity(); + } return true; } diff --git a/src/actions/disruptive/deny.cc b/src/actions/disruptive/deny.cc index e105d65127..49cd67dbe9 100644 --- a/src/actions/disruptive/deny.cc +++ b/src/actions/disruptive/deny.cc @@ -41,6 +41,9 @@ bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction, rm->m_isDisruptive = true; transaction->m_it.log = strdup( rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + if (rule->hasSeverity()) { + transaction->m_it.severity = rule->severity(); + } return true; } diff --git a/src/actions/disruptive/drop.cc b/src/actions/disruptive/drop.cc index 18a3b55280..d37a5cb8c9 100644 --- a/src/actions/disruptive/drop.cc +++ b/src/actions/disruptive/drop.cc @@ -46,6 +46,9 @@ bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction, rm->m_isDisruptive = true; transaction->m_it.log = strdup( rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + if (rule->hasSeverity()) { + transaction->m_it.severity = rule->severity(); + } return true; } diff --git a/src/actions/disruptive/pass.cc b/src/actions/disruptive/pass.cc index e0f038c4cb..2ffa8c9b8c 100644 --- a/src/actions/disruptive/pass.cc +++ b/src/actions/disruptive/pass.cc @@ -35,6 +35,9 @@ bool Pass::evaluate(RuleWithActions *rule, Transaction *transaction, intervention::reset(&transaction->m_it); ms_dbg_a(transaction, 8, "Running action pass"); + if (rule->hasSeverity()) { + transaction->m_it.severity = rule->severity(); + } return true; } diff --git a/src/actions/disruptive/redirect.cc b/src/actions/disruptive/redirect.cc index ac2993b4c0..7458e066f1 100644 --- a/src/actions/disruptive/redirect.cc +++ b/src/actions/disruptive/redirect.cc @@ -50,6 +50,9 @@ bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction, rm->m_isDisruptive = true; transaction->m_it.log = strdup( rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + if (rule->hasSeverity()) { + transaction->m_it.severity = rule->severity(); + } return true; } diff --git a/src/transaction.cc b/src/transaction.cc index 678a89d9de..3987789b73 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1066,6 +1066,7 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) { "reject the request"); m_it.status = 403; m_it.disruptive = true; + m_it.severity = 0; } else { ms_dbg(5, "Not rejecting the request as the engine is " \ "not Enabled"); @@ -1325,6 +1326,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) { "the request"); m_it.status = 403; m_it.disruptive = true; + m_it.severity = 0; } else { ms_dbg(5, "Not rejecting the request as the engine is " \ "not Enabled"); @@ -1484,6 +1486,7 @@ bool Transaction::intervention(ModSecurityIntervention *it) { } intervention::reset(&m_it); } + it->severity = m_it.severity; return it->disruptive; }