Make block action execution dependent of the SecEngine status

2025-09-29 19:24:29 +03:00 · 2019-06-03 19:32:35 -03:00
parent 1cc22966db
commit 50abc072c4
4 changed files with 46 additions and 3 deletions
--- a/test/test-cases/regression/issue-1960.json
+++ b/test/test-cases/regression/issue-1960.json
@@ -0,0 +1,41 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"SecRuleEngine DetectionOnly with disruptive SecDefaultAction",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"?a=a",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200,
+      "debug_log": "aoeuaoeu"
+    },
+    "rules":[
+      "SecRuleEngine DetectionOnly",
+      "SecDefaultAction \"phase:1,deny,status:403\"",
+      "SecRule ARGS \"@rx a\" \"id:1,phase:1,block"
+    ]
+  }
+]
--- a/test/test-cases/regression/issue-960.json
+++ b/test/test-cases/regression/issue-960.json
@@ -73,6 +73,7 @@
      "http_code": 418
    },
  "rules": [
+    "SecRuleEngine On",
    "SecDefaultAction \"phase:1,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecDefaultAction \"phase:2,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecAction \"id:'900012',phase:request,nolog,pass,t:none,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'\"",
@@ -113,6 +114,7 @@
      "http_code": 418
    },
  "rules": [
+    "SecRuleEngine On",
    "SecDefaultAction \"phase:1,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecDefaultAction \"phase:2,log,deny,status:418,tag:'Host: %{request_headers.host}'\"",
    "SecAction \"id:'900012',phase:request,nolog,pass,t:none,setvar:'tx.allowed_methods=HEAD POST OPTIONS'\"",
--- a/test/test-cases/regression/secruleengine.json
+++ b/test/test-cases/regression/secruleengine.json
@@ -34,7 +34,7 @@
    "version_min":300000,
    "title":"Testing Disruptive actions (3/n)",
    "expected":{
-      "http_code":404
+      "http_code":200
    },
    "rules":[
      "SecRuleEngine On",