This is a minimal implementation of the Apache module demonstrating the problem with interception of POST requests within a handler.
The module should intercept each POST request, analyse it, and if it contains the letter "Z", it should reply the web page with the text "The letter 'Z' was found!" back to the client and block further processing the request by other handlers (e.g. PHP). If the request doesn't contain such letter in the POST body, it should continue processing the request as usual.
The implementation is based on the Apache handler and auxiliary input filter to cache POST body for other handlers (e.g. PHP). It works in case of mod_php, mod_fcgid, but fails when PHP is set up as classic CGI (with Apache's Action directive).
To make running this module with ease, we prepared the dockerized environment to compile and run it:
docker build -t mod_poc .
docker run --rm --name mod_poc -p 8000:80 -ti mod_poc
Then open the following link with your web browser:
The testing page contains two forms. One of the form was handled by PHP running as FastCGI script, another one - by the PHP running as CGI.
Testing procedure (for each form):
- Enter any text without letter 'Z' in the field and press Submit button.
- The PHP output should appear displaying the same text. Now return back.
- Enter any text with letter 'Z' in the field and press Submit button.
- The text "The letter 'Z' was found!" should appear, it was generated by the mod_poc module instead of PHP.
As you can see, the FastCGI works correctly, but Classic CGI looses the form data, step 2 fails.
Please submit a pull request or email me at d.prochko@botguard.net if you can fix this issue. A suitable solution will be paid for.