diff --git a/src/actions/phase.cc b/src/actions/phase.cc index 63ecd3a8..10aae31d 100644 --- a/src/actions/phase.cc +++ b/src/actions/phase.cc @@ -43,16 +43,15 @@ Phase::Phase(std::string action) } catch (...) { this->phase = 0; if (tolower(a) == "request") { - this->phase = this->phase + - ModSecurity::Phases::RequestHeadersPhase; + this->phase = ModSecurity::Phases::RequestHeadersPhase; m_secRulesPhase = 2; } if (tolower(a) == "response") { - this->phase = this->phase + ModSecurity::Phases::ResponseBodyPhase; + this->phase = ModSecurity::Phases::ResponseBodyPhase; m_secRulesPhase = 4; } if (tolower(a) == "logging") { - this->phase = this->phase + ModSecurity::Phases::LoggingPhase; + this->phase = ModSecurity::Phases::LoggingPhase; m_secRulesPhase = 5; } } @@ -60,17 +59,17 @@ Phase::Phase(std::string action) if (this->phase == 0) { /* Phase 0 is something new, we want to use as ConnectionPhase */ this->phase = ModSecurity::Phases::ConnectionPhase; - m_secRulesPhase = 2; + m_secRulesPhase = 1; } else { /* Otherwise we want to shift the rule to the correct phase */ m_secRulesPhase = phase; - this->phase = phase + ModSecurity::Phases::RequestHeadersPhase - 1; + this->phase = phase + 1; } } bool Phase::init(std::string *error) { - if (phase >= ModSecurity::Phases::NUMBER_OF_PHASES) { + if (phase > ModSecurity::Phases::NUMBER_OF_PHASES) { error->assign("Unknown phase: " + std::to_string(phase)); return false; } diff --git a/src/parser/driver.cc b/src/parser/driver.cc index 3a5ae3c9..71131fdf 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -50,7 +50,7 @@ int Driver::addSecMarker(std::string marker) { int Driver::addSecAction(Rule *rule) { - if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) { + if (rule->phase > ModSecurity::Phases::NUMBER_OF_PHASES) { parserError << "Unknown phase: " << std::to_string(rule->phase); parserError << std::endl; return false; @@ -62,7 +62,7 @@ int Driver::addSecAction(Rule *rule) { } int Driver::addSecRule(Rule *rule) { - if (rule->phase >= ModSecurity::Phases::NUMBER_OF_PHASES) { + if (rule->phase > ModSecurity::Phases::NUMBER_OF_PHASES) { parserError << "Unknown phase: " << std::to_string(rule->phase); parserError << std::endl; return false; diff --git a/test/test-cases/regression/action-id.json b/test/test-cases/regression/action-id.json index 99311b5f..c10d226e 100644 --- a/test/test-cases/regression/action-id.json +++ b/test/test-cases/regression/action-id.json @@ -134,7 +134,7 @@ "SecRuleEngine On", "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", - "SecRule ARGS \"@rx (value1)\" \"id:1,phase:2,pass,t:trim\"" + "SecRule ARGS \"@rx (value1)\" \"id:1,phase:3,pass,t:trim\"" ] }, { @@ -180,7 +180,7 @@ "SecRuleEngine On", "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", - "SecRule ARGS \"@rx (value1)\" \"id:'1',phase:2,pass,t:trim\"" + "SecRule ARGS \"@rx (value1)\" \"id:'1',phase:3,pass,t:trim\"" ] }, { diff --git a/test/test-cases/regression/actions.json b/test/test-cases/regression/actions.json index fa8a6cbe..1fbc32f4 100644 --- a/test/test-cases/regression/actions.json +++ b/test/test-cases/regression/actions.json @@ -249,7 +249,7 @@ "enabled": 1, "version_min": 300000, "version_max": 0, - "title": "actions :: phase:1,trim,status:500,deny", + "title": "actions :: phase:2,trim,status:500,deny", "client": { "ip": "200.249.12.31", "port": 2313 @@ -303,7 +303,7 @@ "SecRuleEngine On", "SecDebugLog \/tmp\/modsec_debug.log", "SecDebugLogLevel 9", - "SecRule ARGS \"@contains test\" \"id:1,phase:1,t:trim,status:500,deny\"" + "SecRule ARGS \"@contains test\" \"id:1,phase:2,t:trim,status:500,deny\"" ] }, {