svrjs/modsecurity-integration
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: fix bug with Host header not sent to ModSecurity for HTTP/2 requests

Browse source
This commit is contained in:
Dorian Niemiec 2025-01-22 09:49:58 +01:00
parent 304664a9e9
commit ceea98db38
1 changed files with 23 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/index.js
View file

@ -421,16 +421,32 @@ module.exports = (req, res, logFacilities, config, next) => {
return processIntervention(); return processIntervention();
} }
let key = null; let headerIntervene = false;
req.rawHeaders.forEach((v) => { Object.keys(req.headers).every((key) => {
if (key === null) { if (typeof req.headers[key] == "string") {
key = v; securityResponse = transaction.addResponseHeader(key, req.headers[key]);
} else { if (typeof securityResponse === "object") {
transaction.addRequestHeader(key, v); headerIntervene = true;
key = null; return false;
}
} else if (Array.isArray(req.headers[key])) {
req.headers[key].every((value) => {
securityResponse = transaction.addResponseHeader(key, value);
if (typeof securityResponse === "object") {
headerIntervene = true;
return false;
}
return true;
});
if (headerIntervene) return false;
} }
return true;
}); });
if (headerIntervene) {
return processIntervention();
}
securityResponse = transaction.processRequestHeaders(); securityResponse = transaction.processRequestHeaders();
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
return processIntervention(); return processIntervention();