diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c index 8cf0992a1e..272b46c91a 100644 --- a/nginx/modsecurity/ngx_http_modsecurity.c +++ b/nginx/modsecurity/ngx_http_modsecurity.c @@ -1108,7 +1108,7 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) { return ngx_http_next_header_filter(r); } - if (r != r->main || !cf->enable || ctx->complete) { + if (r != r->main || !cf->enable || ctx == NULL ||ctx->complete) { return ngx_http_next_header_filter(r); } @@ -1140,6 +1140,10 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) { } /* SecResponseBodyAccess on, process rules in body filter */ + + /* pretend we are ngx_http_header_filter */ + r->header_sent = 1; + r->filter_need_in_memory = 1; return NGX_OK; } @@ -1156,7 +1160,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity); ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); - if (r != r->main || !cf->enable || ctx->complete) { + if (r != r->main || !cf->enable || ctx == NULL || ctx->complete) { return ngx_http_next_body_filter(r, in); } @@ -1212,6 +1216,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) r->headers_out.content_length = NULL; /* header filter will set this */ } + r->header_sent = 0; rc = ngx_http_next_header_filter(r); if (rc == NGX_ERROR || rc > NGX_OK) { diff --git a/nginx/modsecurity/ngx_pool_context.c b/nginx/modsecurity/ngx_pool_context.c index 13ad3e9a87..b1a0607cd0 100644 --- a/nginx/modsecurity/ngx_pool_context.c +++ b/nginx/modsecurity/ngx_pool_context.c @@ -196,7 +196,7 @@ ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf) { ngx_pool_context_conf_t *pcf = conf; - ngx_conf_init_uint_value(pcf->size, NGX_POOL_CTX_SIZE); + ngx_conf_init_uint_value(pcf->size, cycle->connection_n); ngx_pool_context_hash_size = pcf->size;