Add an Option to Skip Body Inspections ( Closes #343 ) #356
Conversation
|
Hi @thekief, thanks for this PR, I think this is quite useful.
If I suggest suggest a method:
For the response body skip:
You can add cross checking too (eg. the first mentioned rule above executes in |
|
Sorry for getting back so late. I created configurations, but as I'm terrible with nginx tests using Perl, may I just send you the configurations? 😅 |
|
The abbreviation for |
|
|
@HanadaLee thank you for looking over the changes. I use |
|
@thekief could you rebase your PR? Then we can find some solution for testing. |
thekief
force-pushed
the
skip-body-inspection
branch
from
5b6773f to
be595e7
Compare
|
Done. I also had to add another commit to address the number of directives mentioned in the readme. |
thekief
force-pushed
the
skip-body-inspection
branch
from
34d6b15 to
1d4d37a
Compare
|
3 participants
As dicussed in the issue, I would like to add 2 new directives that allow to skip the body inspection. There are a few usecases, where, e.g. encrypted data is set, and no useful inspection can be made.
While denying the body access may skip the inspection, it still results in the caching of data. Subsequently, there is an unneeded amount of resource consumption, memory, as well as time, involved.
While it would be cleaner to expose an API that allows users of
libmodsecurityto check, if a path, e.g. has a reqeust body check, this involves a lot more work. The approach taken in this PR, shifts the functionality to that is only necessitates changes in thenginxmodule.Regarding Tests: As for tests, I'm a bit unsure what the best way would be to test it. One way would be to try to upload a file, e.g. 100MB, to a location and check when the first data reaches it. If the body inspection is disabled, the first bytes will arrive much sooner, as the
nginxmodule caches the body until it's fully received otherwise and only then forwards the data.