mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
More regression updates.
This commit is contained in:
brectanus
188
apache2/t/regression/config/00-audit-directives.t
Normal file
188
apache2/t/regression/config/00-audit-directives.t
Normal file
@@ -0,0 +1,188 @@
|
||||
### SecAudit* directive tests
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditEngine On",
|
||||
conf => qq(
|
||||
SecAuditEngine On
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditEngine Off",
|
||||
conf => qq(
|
||||
SecAuditEngine Off
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
),
|
||||
match_log => {
|
||||
-audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditEngine RelevantOnly (pos)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecResponseBodyAccess On
|
||||
SecDefaultAction "phase:2,log,auditlog,pass"
|
||||
SecRule REQUEST_URI "." "phase:4,deny"
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^403$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditEngine RelevantOnly (neg)",
|
||||
conf => qq(
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecResponseBodyAccess On
|
||||
SecDefaultAction "phase:2,log,auditlog,pass"
|
||||
),
|
||||
match_log => {
|
||||
-audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogRelevantStatus (pos)",
|
||||
conf => qq(
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecAuditLogRelevantStatus "^4"
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^404$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/bogus",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogRelevantStatus (neg)",
|
||||
conf => qq(
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecAuditLogRelevantStatus "^4"
|
||||
),
|
||||
match_log => {
|
||||
-audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogParts (minimal)",
|
||||
conf => qq(
|
||||
SecAuditEngine On
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
SecAuditLogParts "AZ"
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/-A--.*-Z--/s, 1 ],
|
||||
-audit => [ qr/-[B-Y]--/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "application/x-www-form-urlencoded",
|
||||
],
|
||||
"a=1r&=2",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogParts (default)",
|
||||
conf => qq(
|
||||
SecAuditEngine On
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/-A--.*-B--.*-F--.*-H--.*-Z--/s, 1 ],
|
||||
-audit => [ qr/-[DEGIJK]--/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "application/x-www-form-urlencoded",
|
||||
],
|
||||
"a=1r&=2",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogParts (all)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecAuditEngine On
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
SecAuditLogParts "ABCDEFGHIJKZ"
|
||||
SecAction "phase:4,log,auditlog,allow"
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/-A--.*-B--.*-C--.*-F--.*-E--.*-H--.*-K--.*-Z--/s, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "application/x-www-form-urlencoded",
|
||||
],
|
||||
"a=1r&=2",
|
||||
),
|
||||
},
|
||||
Reference in New Issue
Block a user