From 19cdb477b8cee1966ad95278d168ae90a93df663 Mon Sep 17 00:00:00 2001 From: Benjamin Chenebault <3688186+bench@users.noreply.github.com> Date: Wed, 16 Mar 2022 19:06:31 +0100 Subject: [PATCH] feat: do not display internal information on error (#3) Signed-off-by: Benjamin Chenebault Co-authored-by: Benjamin Chenebault --- modsecurity.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modsecurity.go b/modsecurity.go index 5120b12..42b24b2 100644 --- a/modsecurity.go +++ b/modsecurity.go @@ -7,7 +7,9 @@ import ( "fmt" "io" "io/ioutil" + "log" "net/http" + "os" "time" ) @@ -31,6 +33,7 @@ type Modsecurity struct { next http.Handler modSecurityUrl string name string + logger *log.Logger } // New created a new Modsecurity plugin. @@ -43,6 +46,7 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h modSecurityUrl: config.ModSecurityUrl, next: next, name: name, + logger: log.New(os.Stdout, "", log.LstdFlags), }, nil } @@ -58,7 +62,8 @@ func (a *Modsecurity) ServeHTTP(rw http.ResponseWriter, req *http.Request) { // in the request. body, err := ioutil.ReadAll(req.Body) if err != nil { - http.Error(rw, err.Error(), http.StatusInternalServerError) + a.logger.Printf("fail to read incoming request: %s", err.Error()) + http.Error(rw, "", http.StatusBadGateway) return } @@ -71,7 +76,8 @@ func (a *Modsecurity) ServeHTTP(rw http.ResponseWriter, req *http.Request) { proxyReq, err := http.NewRequest(req.Method, url, bytes.NewReader(body)) if err != nil { - http.Error(rw, err.Error(), http.StatusBadRequest) + a.logger.Printf("fail to prepare forwarded request: %s", err.Error()) + http.Error(rw, "", http.StatusBadGateway) return } @@ -84,7 +90,8 @@ func (a *Modsecurity) ServeHTTP(rw http.ResponseWriter, req *http.Request) { resp, err := httpClient.Do(proxyReq) if err != nil { - http.Error(rw, err.Error(), http.StatusBadGateway) + a.logger.Printf("fail to send HTTP request to modsec: %s", err.Error()) + http.Error(rw, "", http.StatusBadGateway) return } defer resp.Body.Close()