Date: Wednesday, September 21, 2022 @ 15:30:26
Author: mtorromeo
Revision: 1306032
archrelease: copy trunk to community-x86_64
Added:
nginx-mod-naxsi/repos/community-x86_64/PKGBUILD
(from rev 1306031, nginx-mod-naxsi/trunk/PKGBUILD)
nginx-mod-naxsi/repos/community-x86_64/keys/
nginx-mod-naxsi/repos/community-x86_64/pcre2.patch
(from rev 1306031, nginx-mod-naxsi/trunk/pcre2.patch)
Deleted:
nginx-mod-naxsi/repos/community-x86_64/587-pcre2.patch
nginx-mod-naxsi/repos/community-x86_64/PKGBUILD
-----------------+
587-pcre2.patch | 268 ------------------------------------------------------
PKGBUILD | 94 +++++++++---------
pcre2.patch | 182 ++++++++++++++++++++++++++++++++++++
3 files changed, 228 insertions(+), 316 deletions(-)
Deleted: 587-pcre2.patch
===================================================================
--- 587-pcre2.patch 2022-09-21 15:30:18 UTC (rev 1306031)
+++ 587-pcre2.patch 2022-09-21 15:30:26 UTC (rev 1306032)
@@ -1,268 +0,0 @@
-From 5046ff477cf4216950ad6bb5a84869700578534b Mon Sep 17 00:00:00 2001
-From: laluigino <[email protected]>
-Date: Fri, 11 Feb 2022 13:21:22 +0100
-Subject: [PATCH 1/3] Fix: use pcre2 when building with nginx >= 1.21.5
-
-I've tried to compile naxsi 1.3 as module for nginx 1.21.6, and got the error:
-
-error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct
pcre2_real_code_8'}
- 205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
-
-I found this issue report: Ref: https://github.com/nbs-system/naxsi/issues/580
-then i tried to solve the pcre2 compatibility issue.
-
-I've included an helper function that is 'copied' from:
https://github.com/nginx/nginx/blob/master/src/core/ngx_regex.c#L393
-that it is called in place of 'pcre_exec' when nginx_version >= 1021005
-
-Not sure if this is the best solution, but I managed to build naxsi 1.3 as
module for nginx 1.21.6 succesfully, and it seems to work well.
-
-I'm not used to develop in C anymore (since 25 years ago, at least!), but I
hope that this patch I made can help anybody else.
----
- naxsi_src/naxsi_runtime.c | 80 ++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 78 insertions(+), 2 deletions(-)
-
-diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
-index b63da5b9..f7961be8 100644
---- a/naxsi_src/naxsi_runtime.c
-+++ b/naxsi_src/naxsi_runtime.c
-@@ -181,6 +181,73 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
- unsigned char*
- ngx_utf8_check(ngx_str_t* str);
-
-+/*
-+ * variables to use pcre2
-+ */
-+static pcre2_match_data *ngx_pcre2_match_data;
-+static ngx_uint_t ngx_pcre2_match_data_size;
-+
-+/*
-+ * helper function to use pcre2
-+ */
-+ngx_int_t
-+ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str, unsigned int len,
ngx_int_t tmp_idx, int *captures, ngx_uint_t size)
-+{
-+ size_t *ov;
-+ ngx_int_t rc;
-+ ngx_uint_t n, i;
-+
-+ /*
-+ * The pcre2_match() function might allocate memory for backtracking
-+ * frames, typical allocations are from 40k and above. So the allocator
-+ * is configured to do direct allocations from heap during matching.
-+ */
-+
-+ if (ngx_pcre2_match_data == NULL
-+ || size > ngx_pcre2_match_data_size)
-+ {
-+ /*
-+ * Allocate a match data if not yet allocated or smaller than
-+ * needed.
-+ */
-+
-+ if (ngx_pcre2_match_data) {
-+ pcre2_match_data_free(ngx_pcre2_match_data);
-+ }
-+
-+ ngx_pcre2_match_data_size = size;
-+ ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);
-+
-+ if (ngx_pcre2_match_data == NULL) {
-+ rc = PCRE2_ERROR_NOMEMORY;
-+ goto failed;
-+ }
-+ }
-+
-+ rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);
-+
-+ if (rc < 0) {
-+ goto failed;
-+ }
-+
-+ n = pcre2_get_ovector_count(ngx_pcre2_match_data);
-+ ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);
-+
-+ if (n > size / 3) {
-+ n = size / 3;
-+ }
-+
-+ for (i = 0; i < n; i++) {
-+ captures[i * 2] = ov[i * 2];
-+ captures[i * 2 + 1] = ov[i * 2 + 1];
-+ }
-+
-+failed:
-+
-+ return rc;
-+
-+}
-+
- /*
- ** in : string to inspect, associated rule
- ** does : apply the rule on the string, return 1 if matched,
-@@ -201,7 +268,14 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str,
ngx_http_rule_t* rl, ngx_int_
- tmp_idx = 0;
- len = str->len;
- while
--#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
-+#if defined nginx_version && (nginx_version >= 1021005)
-+ (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
-+ str->data,
-+ str->len,
-+ tmp_idx,
-+ captures,
-+ 30)) >= 0)
-+#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
- (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
- 0,
- (const char*)str->data,
-@@ -496,7 +570,9 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx,
unsigned char* str, unsigne
- int match;
- int captures[30];
-
--#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
-+#if defined nginx_version && (nginx_version >= 1021005)
-+ match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
-+#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
- match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0,
captures, 1);
- #elif defined nginx_version && (nginx_version > 1001011)
- match = pcre_exec(rx->regex->pcre, 0, (const char*)str, len, 0, 0,
captures, 1);
-
-From 61466698c4afb6d52cd0c8bee3309ac5e5ee53ab Mon Sep 17 00:00:00 2001
-From: laluigino <[email protected]>
-Date: Fri, 11 Feb 2022 18:30:30 +0100
-Subject: [PATCH 2/3] Added a check for nginx_version >= 1021005
-
-Added a check for nginx_version >= 1021005 to avoid helper function definition
on older versions
----
- naxsi_src/naxsi_runtime.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
-index f7961be8..c2956375 100644
---- a/naxsi_src/naxsi_runtime.c
-+++ b/naxsi_src/naxsi_runtime.c
-@@ -181,6 +181,7 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
- unsigned char*
- ngx_utf8_check(ngx_str_t* str);
-
-+#if defined nginx_version && (nginx_version >= 1021005)
- /*
- * variables to use pcre2
- */
-@@ -247,6 +248,7 @@ ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str,
unsigned int len, ngx_int_t
- return rc;
-
- }
-+#endif
-
- /*
- ** in : string to inspect, associated rule
-
-From 545c8953f95ffce368f219b932039eb0a0daf1c0 Mon Sep 17 00:00:00 2001
-From: Danila Vershinin <[email protected]>
-Date: Tue, 22 Feb 2022 12:32:10 +0300
-Subject: [PATCH 3/3] Use NGX_PCRE2 conditional
-
-Update naxsi.h
-
-Don't include pcre.h in order for compilation to work both against pcre and
pcre2
-
-Fix pcre vs pcre2 compilation
----
- naxsi_src/naxsi.h | 1 -
- naxsi_src/naxsi_config.c | 9 ++++++++-
- naxsi_src/naxsi_runtime.c | 4 ++--
- naxsi_src/naxsi_utils.c | 8 ++++++++
- 4 files changed, 18 insertions(+), 4 deletions(-)
-
-diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
-index 53df1bd8..b2f5c1a5 100644
---- a/naxsi_src/naxsi.h
-+++ b/naxsi_src/naxsi.h
-@@ -19,7 +19,6 @@
- #include <ngx_http.h>
- #include <ngx_http_core_module.h>
- #include <ngx_md5.h>
--#include <pcre.h>
-
- extern ngx_module_t ngx_http_naxsi_module;
-
-diff --git a/naxsi_src/naxsi_config.c b/naxsi_src/naxsi_config.c
-index 4ea15567..6d2f0e23 100644
---- a/naxsi_src/naxsi_config.c
-+++ b/naxsi_src/naxsi_config.c
-@@ -322,8 +322,11 @@ naxsi_zone(ngx_conf_t* r, ngx_str_t* tmp,
ngx_http_rule_t* rule)
-
- custom_rule->target_rx = ngx_pcalloc(r->pool,
sizeof(ngx_regex_compile_t));
- return_value_if(!custom_rule->target_rx, NGX_CONF_ERROR);
--
-+#if (NGX_PCRE2)
-+ custom_rule->target_rx->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- custom_rule->target_rx->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- custom_rule->target_rx->pattern = custom_rule->target;
- custom_rule->target_rx->pool = r->pool;
- custom_rule->target_rx->err.len = 0;
-@@ -442,7 +445,11 @@ naxsi_rx(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
- ha.len = tmp->len - strlen(RX_T);
- rgc = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
- return_value_if(!rgc, NGX_CONF_ERROR);
-+#if (NGX_PCRE2)
-+ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- rgc->pattern = ha;
- rgc->pool = r->pool;
- rgc->err.len = 0;
-diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
-index c2956375..33c20e27 100644
---- a/naxsi_src/naxsi_runtime.c
-+++ b/naxsi_src/naxsi_runtime.c
-@@ -270,7 +270,7 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str,
ngx_http_rule_t* rl, ngx_int_
- tmp_idx = 0;
- len = str->len;
- while
--#if defined nginx_version && (nginx_version >= 1021005)
-+#if (NGX_PCRE2)
- (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
- str->data,
- str->len,
-@@ -572,7 +572,7 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx,
unsigned char* str, unsigne
- int match;
- int captures[30];
-
--#if defined nginx_version && (nginx_version >= 1021005)
-+#if (NGX_PCRE2)
- match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
- #elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
- match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0,
captures, 1);
-diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
-index e3d6f185..d2ecedec 100644
---- a/naxsi_src/naxsi_utils.c
-+++ b/naxsi_src/naxsi_utils.c
-@@ -800,7 +800,11 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
- ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
- rgc =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
- if (rgc) {
-+#if (NGX_PCRE2)
-+ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
- rgc->pool = cf->pool;
- rgc->err.len = 0;
-@@ -816,7 +820,11 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
- ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
- rgc =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
- if (rgc) {
-+#if (NGX_PCRE2)
-+ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
- rgc->pool = cf->pool;
- rgc->err.len = 0;
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-09-21 15:30:18 UTC (rev 1306031)
+++ PKGBUILD 2022-09-21 15:30:26 UTC (rev 1306032)
@@ -1,48 +0,0 @@
-# Maintainer: Massimiliano Torromeo <[email protected]>
-
-pkgname=nginx-mod-naxsi
-pkgver=1.3
-pkgrel=6
-_modname=naxsi
-pkgdesc='Nginx Anti XSS & SQL Injection'
-arch=('x86_64')
-depends=('nginx')
-makedepends=('nginx-src')
-url="https://github.com/nbs-system/naxsi";
-license=('GPL3')
-backup=('etc/nginx/naxsi_core.rules')
-source=(
-
https://github.com/nbs-system/$_modname/archive/$pkgver/$_modname-$pkgver.tar.gz
- 587-pcre2.patch
-)
-validpgpkeys=(B0F4253373F8F6F510D42178520A9993A1C052F8) # Maxim Dounin
<[email protected]>
-sha256sums=('439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628'
- 'e99f3c96e53599c0c7d1a124f422d6a878be1c571b1c29d1e9f72edd34eabe01')
-
-prepare() {
- mkdir -p $srcdir/build
- cd $srcdir/build
-
- ln -sf /usr/src/nginx/auto
- ln -sf /usr/src/nginx/src
-
- # pcre2 patch
- cd $srcdir/$_modname-$pkgver
- patch -Np1 < $srcdir/587-pcre2.patch
-}
-
-build() {
- cd $srcdir/build
- /usr/src/nginx/configure --with-compat
--add-dynamic-module=../$_modname-$pkgver/naxsi_src
- make modules
-}
-
-package() {
- cd $srcdir/build/objs
- for mod in *.so; do
- install -Dm755 $mod "$pkgdir"/usr/lib/nginx/modules/$mod
- done
-
- cd "$srcdir"/$_modname-$pkgver
- install -Dm644 naxsi_config/naxsi_core.rules
"$pkgdir"/etc/nginx/naxsi_core.rules
-}
Copied: nginx-mod-naxsi/repos/community-x86_64/PKGBUILD (from rev 1306031,
nginx-mod-naxsi/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-09-21 15:30:26 UTC (rev 1306032)
@@ -0,0 +1,46 @@
+# Maintainer: Massimiliano Torromeo <[email protected]>
+
+pkgname=nginx-mod-naxsi
+pkgver=1.3
+pkgrel=7
+_modname=naxsi
+pkgdesc='Nginx Anti XSS & SQL Injection'
+arch=('x86_64')
+depends=('nginx')
+makedepends=('nginx-src')
+url="https://github.com/nbs-system/naxsi";
+license=('GPL3')
+backup=('etc/nginx/naxsi_core.rules')
+source=(https://github.com/nbs-system/$_modname/archive/$pkgver/$_modname-$pkgver.tar.gz
+ pcre2.patch)
+validpgpkeys=(B0F4253373F8F6F510D42178520A9993A1C052F8) # Maxim Dounin
<[email protected]>
+sha256sums=('439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628'
+ 'd02832f606488f72a3e1dfd1381f157dffcbed44e67563b4c0086d2d806425ef')
+
+prepare() {
+ mkdir -p "$srcdir"/build
+ cd "$srcdir"/build
+
+ ln -sf /usr/src/nginx/auto
+ ln -sf /usr/src/nginx/src
+
+ # pcre2 patch
+ cd "$srcdir"/$_modname-$pkgver
+ patch -Np1 < ../pcre2.patch
+}
+
+build() {
+ cd "$srcdir"/build
+ /usr/src/nginx/configure --with-compat
--add-dynamic-module=../$_modname-$pkgver/naxsi_src
+ make modules
+}
+
+package() {
+ cd "$srcdir"/build/objs
+ for mod in *.so; do
+ install -Dm755 "$mod" "$pkgdir/usr/lib/nginx/modules/$mod"
+ done
+
+ cd "$srcdir"/$_modname-$pkgver
+ install -Dm644 naxsi_config/naxsi_core.rules
"$pkgdir"/etc/nginx/naxsi_core.rules
+}
Copied: nginx-mod-naxsi/repos/community-x86_64/pcre2.patch (from rev 1306031,
nginx-mod-naxsi/trunk/pcre2.patch)
===================================================================
--- pcre2.patch (rev 0)
+++ pcre2.patch 2022-09-21 15:30:26 UTC (rev 1306032)
@@ -0,0 +1,182 @@
+diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
+index 0f61d95..d7ce716 100644
+--- a/naxsi_src/naxsi.h
++++ b/naxsi_src/naxsi.h
+@@ -19,7 +19,6 @@
+ #include <ngx_http.h>
+ #include <ngx_http_core_module.h>
+ #include <ngx_md5.h>
+-#include <pcre.h>
+
+ extern ngx_module_t ngx_http_naxsi_module;
+
+@@ -497,6 +496,17 @@ typedef struct ngx_http_nx_json_s
+ #define LIBINJ_SQL_T "d:libinj_sql"
+ #define NEGATIVE_T "negative"
+
++#if defined nginx_version && (nginx_version >= 1021005)
++// after 1.21.5 NGX_REGEX_MULTILINE is present.
++#define NAXSI_REGEX_OPTIONS (NGX_REGEX_CASELESS | NGX_REGEX_MULTILINE)
++#else
++#if (NGX_PCRE2)
++#define NAXSI_REGEX_OPTIONS (PCRE2_CASELESS | PCRE2_MULTILINE)
++#else
++#define NAXSI_REGEX_OPTIONS (PCRE_CASELESS | PCRE_MULTILINE)
++#endif
++#endif
++
+ /*
+ ** name of hardcoded variables to
+ ** change behavior of naxsi at runtime
+diff --git a/naxsi_src/naxsi_config.c b/naxsi_src/naxsi_config.c
+index 4ea1556..4b5b3cd 100644
+--- a/naxsi_src/naxsi_config.c
++++ b/naxsi_src/naxsi_config.c
+@@ -323,7 +323,7 @@ naxsi_zone(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
+ custom_rule->target_rx = ngx_pcalloc(r->pool,
sizeof(ngx_regex_compile_t));
+ return_value_if(!custom_rule->target_rx, NGX_CONF_ERROR);
+
+- custom_rule->target_rx->options = PCRE_CASELESS | PCRE_MULTILINE;
++ custom_rule->target_rx->options = NAXSI_REGEX_OPTIONS;
+ custom_rule->target_rx->pattern = custom_rule->target;
+ custom_rule->target_rx->pool = r->pool;
+ custom_rule->target_rx->err.len = 0;
+@@ -442,7 +442,8 @@ naxsi_rx(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
+ ha.len = tmp->len - strlen(RX_T);
+ rgc = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
+ return_value_if(!rgc, NGX_CONF_ERROR);
+- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++
++ rgc->options = NAXSI_REGEX_OPTIONS;
+ rgc->pattern = ha;
+ rgc->pool = r->pool;
+ rgc->err.len = 0;
+diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
+index eccdce3..eff5390 100644
+--- a/naxsi_src/naxsi_runtime.c
++++ b/naxsi_src/naxsi_runtime.c
+@@ -181,6 +181,75 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
+ unsigned char*
+ ngx_utf8_check(ngx_str_t* str);
+
++#if defined nginx_version && (nginx_version >= 1021005)
++/*
++ * variables to use pcre2
++ */
++static pcre2_match_data *ngx_pcre2_match_data;
++static ngx_uint_t ngx_pcre2_match_data_size;
++
++/*
++ * helper function to use pcre2
++ */
++ngx_int_t
++ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str, unsigned int len,
ngx_int_t tmp_idx, int *captures, ngx_uint_t size)
++{
++ size_t *ov;
++ ngx_int_t rc;
++ ngx_uint_t n, i;
++
++ /*
++ * The pcre2_match() function might allocate memory for backtracking
++ * frames, typical allocations are from 40k and above. So the allocator
++ * is configured to do direct allocations from heap during matching.
++ */
++
++ if (ngx_pcre2_match_data == NULL
++ || size > ngx_pcre2_match_data_size)
++ {
++ /*
++ * Allocate a match data if not yet allocated or smaller than
++ * needed.
++ */
++
++ if (ngx_pcre2_match_data) {
++ pcre2_match_data_free(ngx_pcre2_match_data);
++ }
++
++ ngx_pcre2_match_data_size = size;
++ ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);
++
++ if (ngx_pcre2_match_data == NULL) {
++ rc = PCRE2_ERROR_NOMEMORY;
++ goto failed;
++ }
++ }
++
++ rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);
++
++ if (rc < 0) {
++ goto failed;
++ }
++
++ n = pcre2_get_ovector_count(ngx_pcre2_match_data);
++ ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);
++
++ if (n > size / 3) {
++ n = size / 3;
++ }
++
++ for (i = 0; i < n; i++) {
++ captures[i * 2] = ov[i * 2];
++ captures[i * 2 + 1] = ov[i * 2 + 1];
++ }
++
++failed:
++
++ return rc;
++
++}
++#endif
++
+ /*
+ ** in : string to inspect, associated rule
+ ** does : apply the rule on the string, return 1 if matched,
+@@ -201,7 +270,14 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str,
ngx_http_rule_t* rl, ngx_int_
+ tmp_idx = 0;
+ len = str->len;
+ while
+-#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
++#if (NGX_PCRE2)
++ (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
++ str->data,
++ str->len,
++ tmp_idx,
++ captures,
++ 30)) >= 0)
++#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
+ (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
+ 0,
+ (const char*)str->data,
+@@ -496,7 +572,9 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx,
unsigned char* str, unsigne
+ int match;
+ int captures[30];
+
+-#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
++#if (NGX_PCRE2)
++ match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
++#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
+ match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0,
captures, 1);
+ #elif defined nginx_version && (nginx_version > 1001011)
+ match = pcre_exec(rx->regex->pcre, 0, (const char*)str, len, 0, 0,
captures, 1);
+diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
+index 445c487..d357617 100644
+--- a/naxsi_src/naxsi_utils.c
++++ b/naxsi_src/naxsi_utils.c
+@@ -800,7 +800,7 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
+ ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
+ rgc =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
+ if (rgc) {
+- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++ rgc->options = NAXSI_REGEX_OPTIONS;
+ rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
+ rgc->pool = cf->pool;
+ rgc->err.len = 0;
+@@ -816,7 +816,7 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
+ ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
+ rgc =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
+ if (rgc) {
+- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++ rgc->options = NAXSI_REGEX_OPTIONS;
+ rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
+ rgc->pool = cf->pool;
+ rgc->err.len = 0;
