diff --git a/src/rule.cc b/src/rule.cc index 64168a5c..13623ad5 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -699,7 +699,7 @@ bool Rule::evaluate(Transaction *trans, const std::string &value = v->getValue(); const std::string &key = v->getKeyWithCollection(); - if (exclusion.contains(v->getKeyWithCollection()) || + if (exclusion.contains(v->getKey()) || std::find_if(trans->m_ruleRemoveTargetById.begin(), trans->m_ruleRemoveTargetById.end(), [&, v, this](std::pair &m) -> bool { @@ -710,7 +710,7 @@ bool Rule::evaluate(Transaction *trans, v = NULL; continue; } - if (exclusion.contains(v->getKeyWithCollection()) || + if (exclusion.contains(v->getKey()) || std::find_if(trans->m_ruleRemoveTargetByTag.begin(), trans->m_ruleRemoveTargetByTag.end(), [&, v, trans, this](std::pair &m) -> bool { diff --git a/test/test-cases/regression/config-update-target-by-tag.json b/test/test-cases/regression/config-update-target-by-tag.json index a064a958..4061d52a 100644 --- a/test/test-cases/regression/config-update-target-by-tag.json +++ b/test/test-cases/regression/config-update-target-by-tag.json @@ -2,7 +2,7 @@ { "enabled":1, "version_min":300000, - "title":"SecRuleUpdateTargetByTag (1/4)", + "title":"SecRuleUpdateTargetByTag (1/6)", "client":{ "ip":"200.249.12.31", "port":123 @@ -42,7 +42,7 @@ { "enabled":1, "version_min":300000, - "title":"SecRuleUpdateTargetByTag (2/4)", + "title":"SecRuleUpdateTargetByTag (2/6)", "client":{ "ip":"200.249.12.31", "port":123 @@ -82,7 +82,7 @@ { "enabled":1, "version_min":300000, - "title":"SecRuleUpdateTargetByTag (3/4)", + "title":"SecRuleUpdateTargetByTag (3/6)", "client":{ "ip":"200.249.12.31", "port":123 @@ -122,7 +122,7 @@ { "enabled":1, "version_min":300000, - "title":"SecRuleUpdateTargetByTag (4/4)", + "title":"SecRuleUpdateTargetByTag (4/6)", "client":{ "ip":"200.249.12.31", "port":123 @@ -158,5 +158,85 @@ "SecRuleUpdateTargetByTag test !ARGS:/ke/", "SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"SecRuleUpdateTargetByTag Test (5/6) Regex with match anchored at beginning of Subject", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?key=value&ref=something", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRuleUpdateTargetByTag test !ARGS:'/(?!ref)/'", + "SecRule ARGS \"@contains value\" \"id:1,pass,t:trim,tag:'test',deny\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"SecRuleUpdateTargetByTag Test (6/6) Regex with match anchored at beginning of Subject", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*" + }, + "uri":"/?key=value&ref=something", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 200 + }, + "rules":[ + "SecRuleEngine On", + "SecRuleUpdateTargetByTag test !ARGS:'/^ref/'", + "SecRule ARGS \"@contains something\" \"id:1,pass,t:trim,tag:'test',deny\"" + ] } ]