Make block action execution dependent of the SecEngine status

2025-08-13 13:26:01 +03:00 · 2019-06-03 19:32:35 -03:00 · 2019-06-03 19:32:35 -03:00 · 50abc072c4
commit 50abc072c4
parent 1cc22966db
4 changed files with 46 additions and 3 deletions
--- a/src/rule.cc
+++ b/src/rule.cc
@ -549,7 +549,7 @@ inline void Rule::getFinalVars(variables::Variables *vars,
 void Rule::executeAction(Transaction *trans,
    bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
    Action *a, bool defaultContext) {
-    if (a->isDisruptive() == false) {
+    if (a->isDisruptive() == false && a->m_name != "block") {
        ms_dbg_a(trans, 9, "Running " \
            "action: " + a->m_name);
        a->evaluate(this, trans, ruleMessage);
@ -569,7 +569,7 @@ void Rule::executeAction(Transaction *trans,
        return;
    }

-    ms_dbg_a(trans, 4, "Not running disruptive action: " \
+    ms_dbg_a(trans, 4, "Not running any disruptive action (or block): " \
        + a->m_name + ". SecRuleEngine is not On.");
 }

--- a/test/test-cases/regression/issue-1960.json
+++ b/test/test-cases/regression/issue-1960.json
@ -0,0 +1,41 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"SecRuleEngine DetectionOnly with disruptive SecDefaultAction",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"?a=a",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200,
+      "debug_log": "aoeuaoeu"
+    },
+    "rules":[
+      "SecRuleEngine DetectionOnly",
+      "SecDefaultAction \"phase:1,deny,status:403\"",
+      "SecRule ARGS \"@rx a\" \"id:1,phase:1,block"
+    ]
+  }
+]
--- a/test/test-cases/regression/issue-960.json
+++ b/test/test-cases/regression/issue-960.json
@ -73,6 +73,7 @@
      "http_code": 418
    },
  "rules": [
+    "SecRuleEngine On",
    "SecDefaultAction \"phase:1,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecDefaultAction \"phase:2,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecAction \"id:'900012',phase:request,nolog,pass,t:none,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'\"",
@ -113,6 +114,7 @@
      "http_code": 418
    },
  "rules": [
+    "SecRuleEngine On",
    "SecDefaultAction \"phase:1,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecDefaultAction \"phase:2,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecAction \"id:'900012',phase:request,nolog,pass,t:none,setvar:'tx.allowed_methods=HEAD POST OPTIONS'\"",
--- a/test/test-cases/regression/secruleengine.json
+++ b/test/test-cases/regression/secruleengine.json
@ -34,7 +34,7 @@
    "version_min":300000,
    "title":"Testing Disruptive actions (3/n)",
    "expected":{
-      "http_code":404
+      "http_code":200
    },
    "rules":[
      "SecRuleEngine On",