From 50abc072c4534d6e5c01dca73233347b68d6eb22 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 3 Jun 2019 19:32:35 -0300 Subject: [PATCH] Make block action execution dependent of the SecEngine status --- src/rule.cc | 4 +- test/test-cases/regression/issue-1960.json | 41 +++++++++++++++++++ test/test-cases/regression/issue-960.json | 2 + test/test-cases/regression/secruleengine.json | 2 +- 4 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 test/test-cases/regression/issue-1960.json diff --git a/src/rule.cc b/src/rule.cc index 136faeac..bcca52fe 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -549,7 +549,7 @@ inline void Rule::getFinalVars(variables::Variables *vars, void Rule::executeAction(Transaction *trans, bool containsBlock, std::shared_ptr ruleMessage, Action *a, bool defaultContext) { - if (a->isDisruptive() == false) { + if (a->isDisruptive() == false && a->m_name != "block") { ms_dbg_a(trans, 9, "Running " \ "action: " + a->m_name); a->evaluate(this, trans, ruleMessage); @@ -569,7 +569,7 @@ void Rule::executeAction(Transaction *trans, return; } - ms_dbg_a(trans, 4, "Not running disruptive action: " \ + ms_dbg_a(trans, 4, "Not running any disruptive action (or block): " \ + a->m_name + ". SecRuleEngine is not On."); } diff --git a/test/test-cases/regression/issue-1960.json b/test/test-cases/regression/issue-1960.json new file mode 100644 index 00000000..d736d890 --- /dev/null +++ b/test/test-cases/regression/issue-1960.json @@ -0,0 +1,41 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"SecRuleEngine DetectionOnly with disruptive SecDefaultAction", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host": "localhost" + }, + "uri":"?a=a", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code":200, + "debug_log": "aoeuaoeu" + }, + "rules":[ + "SecRuleEngine DetectionOnly", + "SecDefaultAction \"phase:1,deny,status:403\"", + "SecRule ARGS \"@rx a\" \"id:1,phase:1,block" + ] + } +] diff --git a/test/test-cases/regression/issue-960.json b/test/test-cases/regression/issue-960.json index 812001bb..0fdb1cea 100644 --- a/test/test-cases/regression/issue-960.json +++ b/test/test-cases/regression/issue-960.json @@ -73,6 +73,7 @@ "http_code": 418 }, "rules": [ + "SecRuleEngine On", "SecDefaultAction \"phase:1,log,deny,status:418,tag:'Host: %{request_headers.host}'\"", "SecDefaultAction \"phase:2,log,deny,status:418,tag:'Host: %{request_headers.host}'\"", "SecAction \"id:'900012',phase:request,nolog,pass,t:none,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'\"", @@ -113,6 +114,7 @@ "http_code": 418 }, "rules": [ + "SecRuleEngine On", "SecDefaultAction \"phase:1,log,deny,status:418,tag:'Host: %{request_headers.host}'\"", "SecDefaultAction \"phase:2,log,deny,status:418,tag:'Host: %{request_headers.host}'\"", "SecAction \"id:'900012',phase:request,nolog,pass,t:none,setvar:'tx.allowed_methods=HEAD POST OPTIONS'\"", diff --git a/test/test-cases/regression/secruleengine.json b/test/test-cases/regression/secruleengine.json index 7ecf2caa..da69a914 100644 --- a/test/test-cases/regression/secruleengine.json +++ b/test/test-cases/regression/secruleengine.json @@ -34,7 +34,7 @@ "version_min":300000, "title":"Testing Disruptive actions (3/n)", "expected":{ - "http_code":404 + "http_code":200 }, "rules":[ "SecRuleEngine On",