From 6e24e60a029ce5822190ea69139ff3b0a7d6d28c Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Tue, 14 Apr 2020 11:33:17 -0300
Subject: [PATCH] Adds new method for rule merge

IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
---
 CHANGES                                       |    6 +-
 .../reading_logs_via_rule_message.h           |   15 +-
 .../using_bodies_in_chunks/simple_request.cc  |   14 +-
 headers/modsecurity/actions/action.h          |    2 +-
 headers/modsecurity/modsecurity.h             |    2 +-
 headers/modsecurity/rule.h                    |   15 +-
 headers/modsecurity/rule_marker.h             |    5 -
 headers/modsecurity/rule_message.h            |  260 +--
 headers/modsecurity/rule_unconditional.h      |    2 +-
 headers/modsecurity/rule_with_actions.h       |  321 +++-
 headers/modsecurity/rule_with_operator.h      |   14 +-
 headers/modsecurity/rules.h                   |    3 +
 headers/modsecurity/transaction.h             |   60 +-
 src/actions/accuracy.cc                       |    1 -
 src/actions/accuracy.h                        |    1 +
 src/actions/audit_log.cc                      |    7 +-
 src/actions/audit_log.h                       |    2 +-
 src/actions/block.cc                          |   10 +-
 src/actions/block.h                           |    2 +-
 src/actions/chain.cc                          |    2 +-
 src/actions/data/status.cc                    |    2 +-
 src/actions/data/status.h                     |    2 +-
 src/actions/disruptive/deny.cc                |    6 +-
 src/actions/disruptive/deny.h                 |    2 +-
 src/actions/disruptive/drop.cc                |    6 +-
 src/actions/disruptive/drop.h                 |    2 +-
 src/actions/disruptive/pass.cc                |    2 +-
 src/actions/disruptive/pass.h                 |    2 +-
 src/actions/disruptive/redirect.cc            |    6 +-
 src/actions/disruptive/redirect.h             |    2 +-
 src/actions/init_col.h                        |    2 +-
 src/actions/log.cc                            |    4 +-
 src/actions/log.h                             |    2 +-
 src/actions/log_data.cc                       |    4 +-
 src/actions/log_data.h                        |    4 +-
 src/actions/maturity.cc                       |    1 -
 src/actions/maturity.h                        |    1 +
 src/actions/msg.cc                            |    4 +-
 src/actions/msg.h                             |    4 +-
 src/actions/no_audit_log.cc                   |    6 +-
 src/actions/no_audit_log.h                    |    2 +-
 src/actions/no_log.cc                         |    3 +-
 src/actions/no_log.h                          |    2 +-
 src/actions/rev.cc                            |    1 -
 src/actions/rev.h                             |    3 +-
 src/actions/set_env.h                         |    2 +-
 src/actions/set_rsc.h                         |    2 +-
 src/actions/set_sid.h                         |    2 +-
 src/actions/set_uid.h                         |    2 +-
 src/actions/set_var.h                         |    4 +-
 src/actions/severity.cc                       |   12 +-
 src/actions/severity.h                        |    2 +-
 src/actions/tag.cc                            |    4 +-
 src/actions/tag.h                             |    4 +-
 src/actions/ver.cc                            |    1 -
 src/audit_log/audit_log.cc                    |    7 +-
 src/modsecurity.cc                            |    4 +-
 src/operators/begins_with.cc                  |    2 +-
 src/operators/begins_with.h                   |    2 +-
 src/operators/contains.cc                     |    2 +-
 src/operators/contains.h                      |    2 +-
 src/operators/contains_word.cc                |    2 +-
 src/operators/contains_word.h                 |    2 +-
 src/operators/detect_sqli.cc                  |    2 +-
 src/operators/detect_sqli.h                   |    2 +-
 src/operators/detect_xss.cc                   |    2 +-
 src/operators/detect_xss.h                    |    2 +-
 src/operators/ends_with.cc                    |    2 +-
 src/operators/ends_with.h                     |    2 +-
 src/operators/operator.cc                     |    2 +-
 src/operators/operator.h                      |    6 +-
 src/operators/pm.cc                           |    4 +-
 src/operators/pm.h                            |    2 +-
 src/operators/rbl.cc                          |    2 +-
 src/operators/rbl.h                           |    2 +-
 src/operators/rx.cc                           |    2 +-
 src/operators/rx.h                            |    2 +-
 src/operators/rx_global.cc                    |    2 +-
 src/operators/rx_global.h                     |    2 +-
 src/operators/validate_byte_range.cc          |    2 +-
 src/operators/validate_byte_range.h           |    2 +-
 src/operators/validate_url_encoding.cc        |    2 +-
 src/operators/validate_url_encoding.h         |    2 +-
 src/operators/validate_utf8_encoding.cc       |    2 +-
 src/operators/validate_utf8_encoding.h        |    2 +-
 src/operators/verify_cc.cc                    |    2 +-
 src/operators/verify_cc.h                     |    2 +-
 src/operators/verify_cpf.cc                   |    2 +-
 src/operators/verify_cpf.h                    |    2 +-
 src/operators/verify_ssn.cc                   |    2 +-
 src/operators/verify_ssn.h                    |    2 +-
 src/operators/verify_svnr.cc                  |    2 +-
 src/operators/verify_svnr.h                   |    2 +-
 src/operators/within.cc                       |    2 +-
 src/operators/within.h                        |    2 +-
 src/parser/driver.cc                          |   71 +-
 src/parser/seclang-parser.cc                  | 1573 +++++++++--------
 src/parser/seclang-parser.yy                  |   27 +-
 src/rule_message.cc                           |   37 +-
 src/rule_script.cc                            |   11 +-
 src/rule_script.h                             |   13 +-
 src/rule_unconditional.cc                     |   11 +-
 src/rule_with_actions.cc                      |  396 ++---
 src/rule_with_operator.cc                     |   64 +-
 src/rules_set.cc                              |   40 +
 src/rules_set_phases.cc                       |   24 +-
 src/transaction.cc                            |   71 +-
 src/variables/rule.h                          |   58 +-
 test/cppcheck_suppressions.txt                |    4 +-
 .../config-update-action-by-id.json           |    4 +-
 test/test-cases/regression/issue-1528.json    |    4 +-
 test/test-cases/regression/issue-1844.json    |   22 +-
 test/test-cases/regression/issue-2296.json    |   12 +-
 .../regression/offset-variable.json           |  286 ++-
 test/test-cases/regression/operator-rx.json   |    5 +-
 .../regression/variable-ARGS_POST_NAMES.json  |   17 +-
 116 files changed, 2116 insertions(+), 1581 deletions(-)

diff --git a/CHANGES b/CHANGES
index d8156478..912a1519 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
-
+ 
+  - IMPORTANT: SecDefaultAction behaves changing: SecDefaultAction specified
+    on a child configuration will overwrite the ones specified on the parent;
+    Previously it was concatenating.
+    [@zimmerle]
   - Using std::shared_ptr instead of generates its own references counters
     for Rules and related.
     [@zimmerle]
diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
index 58cbba8b..98e0a0ec 100644
--- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@@ -176,21 +176,22 @@ class ReadingLogsViaRuleMessage {
             return;
         }
 
-        const modsecurity::RuleMessage *ruleMessage = \
-            reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev);
+        modsecurity::RuleMessage ruleMessage(
+            *reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev));
 
-        std::cout << "Rule Id: " << std::to_string(ruleMessage->m_ruleId);
-        std::cout << " phase: " << std::to_string(ruleMessage->m_phase);
+
+        std::cout << "Rule Id: " << std::to_string(ruleMessage.getRuleId());
+        std::cout << " phase: " << std::to_string(ruleMessage.getPhase());
         std::cout << std::endl;
-        if (ruleMessage->m_isDisruptive) {
+        if (ruleMessage.isDisruptive()) {
             std::cout << " * Disruptive action: ";
-            std::cout << modsecurity::RuleMessage::log(ruleMessage);
+            std::cout << modsecurity::RuleMessage::log(&ruleMessage);
             std::cout << std::endl;
             std::cout << " ** %d is meant to be informed by the webserver.";
             std::cout << std::endl;
         } else {
             std::cout << " * Match, but no disruptive action: ";
-            std::cout << modsecurity::RuleMessage::log(ruleMessage);
+            std::cout << modsecurity::RuleMessage::log(&ruleMessage);
             std::cout << std::endl;
         }
     }
diff --git a/examples/using_bodies_in_chunks/simple_request.cc b/examples/using_bodies_in_chunks/simple_request.cc
index 0f555622..87899fcb 100644
--- a/examples/using_bodies_in_chunks/simple_request.cc
+++ b/examples/using_bodies_in_chunks/simple_request.cc
@@ -69,21 +69,21 @@ static void logCb(void *data, const void *ruleMessagev) {
         return;
     }
 
-    const modsecurity::RuleMessage *ruleMessage = \
-        reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev);
+    modsecurity::RuleMessage ruleMessage(
+        *reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev));
 
-    std::cout << "Rule Id: " << std::to_string(ruleMessage->m_ruleId);
-    std::cout << " phase: " << std::to_string(ruleMessage->m_phase);
+    std::cout << "Rule Id: " << std::to_string(ruleMessage.getRuleId());
+    std::cout << " phase: " << std::to_string(ruleMessage.getPhase());
     std::cout << std::endl;
-    if (ruleMessage->m_isDisruptive) {
+    if (ruleMessage.isDisruptive()) {
         std::cout << " * Disruptive action: ";
-        std::cout << modsecurity::RuleMessage::log(ruleMessage);
+        std::cout << modsecurity::RuleMessage::log(&ruleMessage);
         std::cout << std::endl;
         std::cout << " ** %d is meant to be informed by the webserver.";
         std::cout << std::endl;
     } else {
         std::cout << " * Match, but no disruptive action: ";
-        std::cout << modsecurity::RuleMessage::log(ruleMessage);
+        std::cout << modsecurity::RuleMessage::log(&ruleMessage);
         std::cout << std::endl;
     }
 }
diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h
index 374b77d6..f5791e39 100644
--- a/headers/modsecurity/actions/action.h
+++ b/headers/modsecurity/actions/action.h
@@ -78,7 +78,7 @@ class Action {
         Transaction *transaction);
     virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
     virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> ruleMessage) {
+        RuleMessage &ruleMessage) {
         return evaluate(rule, transaction);
     }
     virtual bool init(std::string *error) { return true; }
diff --git a/headers/modsecurity/modsecurity.h b/headers/modsecurity/modsecurity.h
index 2c8e195e..c1457406 100644
--- a/headers/modsecurity/modsecurity.h
+++ b/headers/modsecurity/modsecurity.h
@@ -292,7 +292,7 @@ class ModSecurity {
      */
     void setServerLogCb(ModSecLogCb cb, int properties);
 
-    void serverLog(void *data, std::shared_ptr<RuleMessage> rm);
+    void serverLog(void *data, RuleMessage *rm);
 
     const std::string& getConnectorInformation() const;
 
diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h
index b10e0556..2805d5de 100644
--- a/headers/modsecurity/rule.h
+++ b/headers/modsecurity/rule.h
@@ -57,13 +57,17 @@ using TransformationResult = std::pair<std::shared_ptr<std::string>,
 using TransformationResults = std::list<TransformationResult>;
 
 using Transformation = actions::transformations::Transformation;
-using Transformations = std::vector<Transformation *>;
+using Transformations = std::vector<std::shared_ptr<Transformation> >;
+using TransformationsPtr = std::vector<Transformation *>;
 
 using Actions = std::vector<actions::Action *>;
 
-using Tags = std::vector<actions::Tag *>;
-using SetVars = std::vector<actions::SetVar *>;
-using MatchActions = std::vector<actions::Action *>;
+using Tags = std::vector<std::shared_ptr<actions::Tag> >;
+using TagsPtr = std::vector<actions::Tag *>;
+using SetVars = std::vector<std::shared_ptr<actions::SetVar> >;
+using SetVarsPtr = std::vector<actions::SetVar *>;
+using MatchActions = std::vector<std::shared_ptr<actions::Action > >;
+using MatchActionsPtr = std::vector<actions::Action *>;
 
 class Rule {
  public:
@@ -88,9 +92,6 @@ class Rule {
 
     virtual bool evaluate(Transaction *transaction) = 0;
 
-    virtual bool evaluate(Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) = 0;
-
     std::shared_ptr<std::string> getFileName() const {
         return m_fileName;
     }
diff --git a/headers/modsecurity/rule_marker.h b/headers/modsecurity/rule_marker.h
index b8b835ef..6aa1205d 100644
--- a/headers/modsecurity/rule_marker.h
+++ b/headers/modsecurity/rule_marker.h
@@ -55,11 +55,6 @@ class RuleMarker : public Rule {
         return *this;
     }
 
-    virtual bool evaluate(Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override {
-        return evaluate(transaction);
-    }
-
     virtual bool evaluate(Transaction *transaction) override {
         if (transaction->isInsideAMarker()) {
             if (*transaction->getCurrentMarker() == *m_name) {
diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h
index 51eca0e8..7901a13e 100644
--- a/headers/modsecurity/rule_message.h
+++ b/headers/modsecurity/rule_message.h
@@ -42,120 +42,47 @@ class RuleMessage {
         ClientLogMessageInfo = 4
     };
 
-    /**
-     *
-     * FIXME: RuleMessage is currently too big, doing a lot of
-     * unnecessary data duplication. Needs to be shrink down.
-     *
-     */
-    RuleMessage(RuleWithActions *rule, Transaction *trans) :
-        m_accuracy(rule->m_accuracy),
-        m_clientIpAddress(trans->m_clientIpAddress),
-        m_data(""),
-        m_id(trans->m_id),
-        m_isDisruptive(false),
-        m_match(""),
-        m_maturity(rule->m_maturity),
-        m_message(""),
-        m_noAuditLog(false),
-        m_phase(rule->getPhase() - 1),
-        m_reference(""),
-        m_rev(rule->m_rev),
-        m_rule(rule),
-        m_ruleFile(rule->getFileName()),
-        m_ruleId(rule->m_ruleId),
-        m_ruleLine(rule->getLineNumber()),
-        m_saveMessage(true),
-        m_serverIpAddress(trans->m_serverIpAddress),
-        m_severity(0),
-        m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded),
-        m_ver(rule->m_ver),
-        m_tags()
-    { }
 
-    explicit RuleMessage(RuleMessage *rule) :
-        m_accuracy(rule->m_accuracy),
-        m_clientIpAddress(rule->m_clientIpAddress),
-        m_data(rule->m_data),
-        m_id(rule->m_id),
-        m_isDisruptive(rule->m_isDisruptive),
-        m_match(rule->m_match),
-        m_maturity(rule->m_maturity),
-        m_message(rule->m_message),
-        m_noAuditLog(rule->m_noAuditLog),
-        m_phase(rule->m_phase),
-        m_reference(rule->m_reference),
-        m_rev(rule->m_rev),
-        m_rule(rule->m_rule),
-        m_ruleFile(rule->m_ruleFile),
-        m_ruleId(rule->m_ruleId),
-        m_ruleLine(rule->m_ruleLine),
-        m_saveMessage(rule->m_saveMessage),
-        m_serverIpAddress(rule->m_serverIpAddress),
-        m_severity(rule->m_severity),
-        m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
-        m_ver(rule->m_ver),
-        m_tags(rule->m_tags)
-    { }
-
-    RuleMessage(const RuleMessage& ruleMessage)
-        : m_accuracy(ruleMessage.m_accuracy),
-        m_clientIpAddress(ruleMessage.m_clientIpAddress),
-        m_data(ruleMessage.m_data),
-        m_id(ruleMessage.m_id),
-        m_isDisruptive(ruleMessage.m_isDisruptive),
-        m_match(ruleMessage.m_match),
-        m_maturity(ruleMessage.m_maturity),
-        m_message(ruleMessage.m_message),
-        m_noAuditLog(ruleMessage.m_noAuditLog),
-        m_phase(ruleMessage.m_phase),
-        m_reference(ruleMessage.m_reference),
-        m_rev(ruleMessage.m_rev),
-        m_rule(ruleMessage.m_rule),
-        m_ruleFile(ruleMessage.m_ruleFile),
-        m_ruleId(ruleMessage.m_ruleId),
-        m_ruleLine(ruleMessage.m_ruleLine),
-        m_saveMessage(ruleMessage.m_saveMessage),
-        m_serverIpAddress(ruleMessage.m_serverIpAddress),
+    explicit RuleMessage(const RuleMessage &ruleMessage) :
         m_severity(ruleMessage.m_severity),
-        m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded),
-        m_ver(ruleMessage.m_ver),
-        m_tags(ruleMessage.m_tags)
+        m_tags(),
+        m_data(ruleMessage.m_data),
+        m_match(ruleMessage.m_match),
+        m_message(ruleMessage.m_message),
+        m_reference(ruleMessage.m_reference),
+        m_transaction(ruleMessage.m_transaction),
+        m_rule(ruleMessage.m_rule)
+    { }
+
+
+    explicit RuleMessage(Transaction *transaction) :
+        m_severity(0),
+        m_tags(),
+        m_data(""),
+        m_match(""),
+        m_message(""),
+        m_reference(""),
+        m_transaction(transaction),
+        m_rule(nullptr)
     { }
 
     RuleMessage &operator=(const RuleMessage& ruleMessage) {
-        m_accuracy = ruleMessage.m_accuracy;
-        m_clientIpAddress = ruleMessage.m_clientIpAddress;
-        m_data = ruleMessage.m_data;
-        m_id = ruleMessage.m_id;
-        m_isDisruptive = ruleMessage.m_isDisruptive;
-        m_match = ruleMessage.m_match;
-        m_maturity = ruleMessage.m_maturity;
-        m_message = ruleMessage.m_message;
-        m_noAuditLog = ruleMessage.m_noAuditLog;
-        m_phase = ruleMessage.m_phase;
-        m_reference = ruleMessage.m_reference;
-        m_rev = ruleMessage.m_rev;
-        m_rule = ruleMessage.m_rule;
-        m_ruleFile = ruleMessage.m_ruleFile;
-        m_ruleId = ruleMessage.m_ruleId;
-        m_ruleLine = ruleMessage.m_ruleLine;
-        m_saveMessage = ruleMessage.m_saveMessage;
-        m_serverIpAddress = ruleMessage.m_serverIpAddress;
         m_severity = ruleMessage.m_severity;
-        m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded;
-        m_ver = ruleMessage.m_ver;
         m_tags = ruleMessage.m_tags;
+        m_data = ruleMessage.m_data;
+        m_match = ruleMessage.m_match;
+        m_message = ruleMessage.m_message;
+        m_reference = ruleMessage.m_reference;
+        m_transaction = ruleMessage.m_transaction;
+        m_rule = ruleMessage.m_rule;
         return *this;
     }
 
     void clean() {
         m_data = "";
         m_match = "";
-        m_isDisruptive = false;
         m_reference = "";
         m_severity = 0;
-        m_ver = "";
     }
 
     std::string log() {
@@ -183,29 +110,122 @@ class RuleMessage {
     static std::string _details(const RuleMessage *rm);
     static std::string _errorLogTail(const RuleMessage *rm);
 
-    int m_accuracy;
-    std::shared_ptr<std::string> m_clientIpAddress;
-    std::string m_data;
-    std::shared_ptr<std::string> m_id;
-    bool m_isDisruptive;
-    std::string m_match;
-    int m_maturity;
-    std::string m_message;
-    bool m_noAuditLog;
-    int m_phase;
-    std::string m_reference;
-    std::string m_rev;
-    RuleWithActions *m_rule;
-    std::shared_ptr<std::string> m_ruleFile;
-    int m_ruleId;
-    int m_ruleLine;
-    bool m_saveMessage;
-    std::shared_ptr<std::string> m_serverIpAddress;
-    int m_severity;
-    std::shared_ptr<std::string> m_uriNoQueryStringDecoded;
-    std::string m_ver;
+    RuleWithActions *getRule() const {
+        return m_rule;
+    }
 
+    void setRule(RuleWithActions *rule) {
+        m_rule = rule;
+    }
+
+    bool isSettle() const {
+        return m_rule != nullptr;
+    }
+
+    int getRuleId() const {
+        if (m_rule) {
+            return m_rule->m_ruleId;
+        }
+        return -1;
+    }
+
+    int getPhase() const {
+        if (m_rule) {
+            return m_rule->getPhase();
+        }
+        return 0;
+    }
+
+    std::string getFileName() const {
+        if (m_rule) {
+            return *m_rule->getFileName().get();
+        }
+        return "";
+    }
+
+    int getLineNumber() const {
+        if (m_rule) {
+            return m_rule->getLineNumber();
+        }
+        return 0;
+    }
+
+    std::string getRev() const {
+        if (m_rule) {
+            return m_rule->getRevision();
+        }
+        return "";
+    }
+
+    std::string getVer() const {
+        if (m_rule) {
+            return m_rule->getRevision();
+        }
+        return "";
+    }
+
+    int getMaturity() const {
+        if (m_rule) {
+            return m_rule->getMaturity();
+        }
+        return 0;
+    }
+
+    int getAccuracy() const {
+        if (m_rule) {
+            return m_rule->getAccuracy();
+        }
+        return 0;
+    }
+
+    std::string getClientIpAddress() const {
+        if (m_transaction) {
+            return *m_transaction->m_clientIpAddress.get();
+        }
+        return "";
+    }
+
+    std::string getServerIpAddress() const {
+        if (m_transaction) {
+            return *m_transaction->m_serverIpAddress.get();
+        }
+        return "";
+    }
+
+    std::string getRequestId() const {
+        if (m_transaction) {
+            return *m_transaction->m_id.get();
+        }
+        return "";
+    }
+
+    std::string getUri() const {
+        if (m_transaction) {
+            return *m_transaction->m_uri_no_query_string_decoded.get();
+        }
+        return "";
+    }
+
+    bool isDisruptive() const {
+        if (m_rule) {
+            return m_rule->hasDisruptiveAction();
+        }
+        return 0;
+    }
+
+    int m_severity;
     std::list<std::string> m_tags;
+
+    // Transaction
+    std::string m_data;
+    std::string m_match;
+
+    std::string m_message;
+    std::string m_reference;
+
+ private:
+    Transaction *m_transaction;
+    RuleWithActions *m_rule;
 };
 
 
diff --git a/headers/modsecurity/rule_unconditional.h b/headers/modsecurity/rule_unconditional.h
index c66fa7c1..b1ac0eb4 100644
--- a/headers/modsecurity/rule_unconditional.h
+++ b/headers/modsecurity/rule_unconditional.h
@@ -55,7 +55,7 @@ class RuleUnconditional : public RuleWithActions {
         return *this;
     }
 
-    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
+    virtual bool evaluate(Transaction *transaction) override;
 
  private:
 };
diff --git a/headers/modsecurity/rule_with_actions.h b/headers/modsecurity/rule_with_actions.h
index 4b7db43f..9de3c89e 100644
--- a/headers/modsecurity/rule_with_actions.h
+++ b/headers/modsecurity/rule_with_actions.h
@@ -37,6 +37,10 @@ namespace modsecurity {
 
 class RuleWithActions : public Rule {
  public:
+    int SEVERITY_NOT_SET = 10;
+    int ACCURACY_NOT_SET = 10;
+    int MATURITY_NOT_SET = 10;
+
     RuleWithActions(
         Actions *a,
         Transformations *t,
@@ -45,29 +49,47 @@ class RuleWithActions : public Rule {
 
     ~RuleWithActions();
 
-    RuleWithActions(const RuleWithActions& r)
+    RuleWithActions(const RuleWithActions &r)
         : Rule(r),
-        m_rev(r.m_rev),
-        m_ver(r.m_ver),
-        m_accuracy(r.m_accuracy),
-        m_maturity(r.m_maturity),
         m_ruleId(r.m_ruleId),
         m_chainedRuleChild(r.m_chainedRuleChild),
         m_chainedRuleParent(r.m_chainedRuleParent),
         m_disruptiveAction(r.m_disruptiveAction),
         m_logData(r.m_logData),
         m_msg(r.m_msg),
-        m_severity(r.m_severity),
         m_actionsRuntimePos(r.m_actionsRuntimePos),
         m_actionsSetVar(r.m_actionsSetVar),
         m_actionsTag(r.m_actionsTag),
+        m_defaultActionDisruptiveAction(r.m_defaultActionDisruptiveAction),
+        m_defaultActionLogData(r.m_defaultActionLogData),
+        m_defaultActionMsg(r.m_defaultActionMsg),
+        m_defaultActionActionsRuntimePos(r.m_defaultActionActionsRuntimePos),
+        m_defaultActionActionsSetVar(r.m_defaultActionActionsSetVar),
+        m_defaultActionActionsTag(r.m_defaultActionActionsTag),
         m_transformations(r.m_transformations),
+        m_defaultTransformations(r.m_defaultTransformations),
+        m_severity(r.m_severity),
+        m_revision(r.m_revision),
+        m_version(r.m_version),
+        m_accuracy(r.m_accuracy),
+        m_maturity(r.m_maturity),
         m_containsCaptureAction(r.m_containsCaptureAction),
+        m_containsLogAction(r.m_containsLogAction),
+        m_containsNoLogAction(r.m_containsNoLogAction),
         m_containsMultiMatchAction(r.m_containsMultiMatchAction),
         m_containsStaticBlockAction(r.m_containsStaticBlockAction),
-        m_isChained(r.m_isChained)
-    { }
-
+        m_defaultSeverity(r.m_defaultSeverity),
+        m_defaultRevision(r.m_defaultRevision),
+        m_defaultVersion(r.m_defaultVersion),
+        m_defaultAccuracy(r.m_defaultAccuracy),
+        m_defaultMaturity(r.m_defaultMaturity),
+        m_defaultContainsCaptureAction(r.m_defaultContainsCaptureAction),
+        m_defaultContainsLogAction(r.m_defaultContainsLogAction),
+        m_defaultContainsNoLogAction(r.m_defaultContainsNoLogAction),
+        m_defaultContainsMultiMatchAction(r.m_defaultContainsMultiMatchAction),
+        m_defaultContainsStaticBlockAction(r.m_defaultContainsStaticBlockAction),
+        m_isChained(r.m_isChained) { };
+#if 0
     RuleWithActions &operator=(const RuleWithActions& r) {
         Rule::operator = (r);
         m_rev = r.m_rev;
@@ -95,25 +117,21 @@ class RuleWithActions : public Rule {
 
         return *this;
     }
-
-    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
+#endif
 
     virtual bool evaluate(Transaction *transaction) override;
 
 
     void executeActionsIndependentOfChainedRuleResult(
         Transaction *trasn,
-        bool *containsDisruptive,
-        std::shared_ptr<RuleMessage> ruleMessage);
+        bool *containsDisruptive);
 
     void executeActionsAfterFullMatch(
         Transaction *trasn,
-        bool containsDisruptive,
-        std::shared_ptr<RuleMessage> ruleMessage);
+        bool containsDisruptive);
 
     void executeAction(Transaction *trans,
         bool containsBlock,
-        std::shared_ptr<RuleMessage> ruleMessage,
         actions::Action *a,
         bool context);
 
@@ -130,34 +148,193 @@ class RuleWithActions : public Rule {
         int *nth) const;
 
 
-    void performLogging(Transaction *trans,
-        std::shared_ptr<RuleMessage> ruleMessage,
-        bool lastLog = true,
-        bool chainedParentNull = false);
+    void addAction(actions::Action *a);
+    void addTransformation(std::shared_ptr<actions::transformations::Transformation> t) {
+        m_transformations.push_back(t);
+    }
+    void addDefaultAction(std::shared_ptr<actions::Action>);
+    void addDefaultTransformation(std::shared_ptr<actions::transformations::Transformation> t) {
+        m_defaultTransformations.push_back(t);
+    }
+
 
     std::vector<actions::Action *> getActionsByName(const std::string& name,
         Transaction *t);
-    bool containsTag(const std::string& name, Transaction *t);
+    bool containsTag(const std::string& name, Transaction *t) const;
     bool containsMsg(const std::string& name, Transaction *t);
 
-    inline bool isChained() const { return m_isChained == true; }
-    inline bool hasCaptureAction() const { return m_containsCaptureAction == true; }
-    inline void setChained(bool b) { m_isChained = b; }
-    inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; }
-    inline bool hasBlockAction() const { return m_containsStaticBlockAction == true; }
-    inline bool hasMultimatch() const { return m_containsMultiMatchAction == true; }
 
-    inline bool hasLogData() const { return m_logData != NULL; }
-    std::string logData(Transaction *t);
-    inline bool hasMsg() const { return m_msg != NULL; }
-    std::string msg(Transaction *t);
-    inline bool hasSeverity() const { return m_severity != NULL; }
-    int severity() const;
+    void clearDefaultActions() {
+        m_defaultSeverity = SEVERITY_NOT_SET;
+        m_defaultRevision = "";
+        m_defaultVersion = "";
+        m_defaultAccuracy = ACCURACY_NOT_SET;
+        m_defaultMaturity = MATURITY_NOT_SET;
+        m_defaultContainsCaptureAction = false;
+        m_defaultContainsLogAction = false;
+        m_defaultContainsNoLogAction = false;
+        m_defaultContainsMultiMatchAction = false;
+        m_defaultContainsStaticBlockAction = false;
+        m_defaultActionLogData = nullptr;
+        m_defaultActionMsg = nullptr;
+        m_defaultActionActionsSetVar.clear();
+        m_defaultActionActionsTag.clear();
+        m_defaultActionActionsRuntimePos.clear();
+        m_defaultActionDisruptiveAction = nullptr;
+        m_defaultActionActionsRuntimePos.clear();
+        m_defaultTransformations.clear();
+    }
 
-    std::string m_rev;
-    std::string m_ver;
-    int m_accuracy;
-    int m_maturity;
+    Transformations getTransformation() const {
+        Transformations dst;
+        for (auto &a : m_defaultTransformations) {
+            dst.push_back(a);
+        }
+        for (auto &a : m_transformations) {
+            dst.push_back(a);
+        }
+        return dst;
+    }
+
+    TransformationsPtr getTransformationPtr() const {
+        TransformationsPtr dst;
+        for (auto &a : m_defaultTransformations) {
+            dst.push_back(a.get());
+        }
+        for (auto &a : m_transformations) {
+            dst.push_back(a.get());
+        }
+        return dst;
+    }
+
+    SetVars getSetVarsActions() const {
+        SetVars dst;
+        for (auto &a : m_defaultActionActionsSetVar) {
+            dst.push_back(a);
+        }
+        for (auto &a : m_actionsSetVar) {
+            dst.push_back(a);
+        }
+        return dst;
+    }
+
+    SetVarsPtr getSetVarsActionsPtr() const {
+        SetVarsPtr dst;
+        for (auto &a : m_defaultActionActionsSetVar) {
+            dst.push_back(a.get());
+        }
+        for (auto &a : m_actionsSetVar) {
+            dst.push_back(a.get());
+        }
+        return dst;
+    }
+
+    MatchActionsPtr getMatchActionsPtr() const {
+        MatchActionsPtr dst;
+        for (auto &a : m_defaultActionActionsRuntimePos) {
+            dst.push_back(a.get());
+        }
+        for (auto &a : m_actionsRuntimePos) {
+            dst.push_back(a.get());
+        }
+        return dst;
+    }
+
+    MatchActions getMatchActions() const {
+        MatchActions dst;
+        for (auto &a : m_defaultActionActionsRuntimePos) {
+            dst.push_back(a);
+        }
+        for (auto &a : m_actionsRuntimePos) {
+            dst.push_back(a);
+        }
+        return dst;
+    }
+
+    inline bool hasChainAction() const { return m_isChained == true; }
+    inline void setHasChainAction(bool b) { m_isChained = b; }
+    inline bool hasChainedParent() const { return m_chainedRuleParent != nullptr; }
+    inline bool hasChainedChild() const { return m_chainedRuleChild.get() != nullptr; }
+
+    inline bool hasCaptureAction() const { return m_containsCaptureAction || m_defaultContainsCaptureAction; }
+
+    inline bool hasDisruptiveAction() const { return m_disruptiveAction != nullptr || m_defaultActionDisruptiveAction != nullptr; }
+    inline void setDisruptiveAction(std::shared_ptr<actions::Action> a) { m_disruptiveAction = a; }
+    inline std::shared_ptr<actions::Action> getDisruptiveAction() const { return m_disruptiveAction; }
+
+    inline bool hasBlockAction() const { return m_containsStaticBlockAction || m_defaultContainsStaticBlockAction; }
+    inline void setHasBlockAction(bool b) { m_containsStaticBlockAction = b; }
+
+    inline bool hasMultimatchAction() const { return m_containsMultiMatchAction || m_defaultContainsMultiMatchAction; }
+
+    inline bool hasLogAction() const { return m_containsLogAction == true; }
+    inline void setHasLogAction(bool b) { m_containsLogAction = b; }
+    inline bool hasNoLogAction() const { return m_containsNoLogAction == true; }
+    inline void setHasNoLogAction(bool b) { m_containsNoLogAction = b; }
+
+    inline bool hasLogDataAction() const { return m_logData != nullptr || m_defaultActionLogData != nullptr; }
+    inline std::shared_ptr<actions::LogData> getLogDataAction() const { return m_logData; }
+    std::string getLogData(/*const */Transaction *t);
+    inline void setLogDataAction(std::shared_ptr<actions::LogData> data) { m_logData = data; }
+
+    inline bool hasMessageAction() const { return m_msg != nullptr || m_defaultActionMsg != nullptr; }
+    inline std::shared_ptr<actions::Msg> getMessageAction() const { return m_msg; }
+    inline void setMessageAction(std::shared_ptr<actions::Msg> msg) { m_msg = msg; }
+    std::string getMessage(/*const */Transaction *t);
+
+
+    inline bool hasSeverityAction() const { return m_severity != SEVERITY_NOT_SET || m_defaultSeverity != SEVERITY_NOT_SET; }
+    inline int getSeverity() const { return (m_severity != SEVERITY_NOT_SET)?m_severity:m_defaultSeverity; }
+    inline void setDefaultActionSeverity(unsigned int severity) { m_defaultSeverity = severity; }
+    inline void setSeverity(unsigned int severity) { m_severity = severity; }
+
+    inline bool hasRevisionAction() const { return m_revision != ""; }
+    inline std::string getRevision() const { return m_revision; };
+    inline void setRevision(const std::string &revision) { m_revision.assign(revision); }
+
+    inline bool hasVersionAction() const { return m_version != ""; }
+    inline std::string getVersion() const { return m_version; };
+    inline void setVersion(const std::string &version) { m_version.assign(version); }
+
+    inline bool hasAccuracyAction() const { return m_accuracy != ACCURACY_NOT_SET || m_defaultAccuracy != ACCURACY_NOT_SET; }
+    inline int getAccuracy() const { return m_accuracy; }
+    inline void setAccuracy(unsigned int accuracy) { m_accuracy = accuracy; }
+
+    inline bool hasMaturityAction() const { return m_maturity != MATURITY_NOT_SET || m_defaultMaturity != MATURITY_NOT_SET; }
+    inline int getMaturity() const { return m_maturity; }
+    inline void setDefaultActionMaturity(unsigned int maturity) { m_defaultMaturity = maturity; }
+    inline void setMaturity(unsigned int maturity) { m_maturity = maturity; }
+
+    inline bool hasTagAction() const { return m_actionsTag.size() > 0; }
+    inline void setTags(Tags tags) {
+        for (auto tag : tags) {
+            m_actionsTag.push_back(tag);
+        }
+    }
+    inline void cleanTags() {
+        m_actionsTag.clear();
+    }
+    Tags getTagsAction() const {
+        Tags dst;
+        for (auto &a : m_defaultActionActionsTag) {
+            dst.push_back(a);
+        }
+        for (auto &a : m_actionsTag) {
+            dst.push_back(a);
+        }
+        return dst;
+    }
+
+    TagsPtr getTagsActionPtr() const {
+        TagsPtr dst;
+        for (auto &a : m_defaultActionActionsTag) {
+            dst.push_back(a.get());
+        }
+        for (auto &a : m_actionsTag) {
+            dst.push_back(a.get());
+        }
+        return dst;
+    }
 
 
     int64_t m_ruleId;
@@ -167,20 +344,82 @@ class RuleWithActions : public Rule {
 
  private:
     /* actions */
-    actions::Action *m_disruptiveAction;
-    actions::LogData *m_logData;
-    actions::Msg *m_msg;
-    actions::Severity *m_severity;
+    std::shared_ptr<actions::Action> m_disruptiveAction;
+    std::shared_ptr<actions::LogData> m_logData;
+    std::shared_ptr<actions::Msg> m_msg;
     MatchActions m_actionsRuntimePos;
     SetVars m_actionsSetVar;
     Tags m_actionsTag;
 
+    /* actions || SecDefaultAction */
+    std::shared_ptr<actions::Action> m_defaultActionDisruptiveAction;
+    std::shared_ptr<actions::LogData> m_defaultActionLogData;
+    std::shared_ptr<actions::Msg> m_defaultActionMsg;
+    MatchActions m_defaultActionActionsRuntimePos;
+    SetVars m_defaultActionActionsSetVar;
+    Tags m_defaultActionActionsTag;
+
     /* actions > transformations */
     Transformations m_transformations;
 
+    /* actions > transformations || SecDefaultAction */
+    Transformations m_defaultTransformations;
+
+
+    /* || */
+    /**
+     * 0 - EMERGENCY: is generated from correlation of anomaly
+     *                scoring data where there is an inbound
+     *                attack and an outbound leakage.
+     * 1 - ALERT: is generated from correlation where there is
+     *                an inbound attack and an outbound application
+     *                level error.
+     * 2 - CRITICAL: Anomaly Score of 5. Is the highest severity
+     *               level possible without correlation. It is
+     *               normally generated by the web attack rules
+     *               (40 level files).
+     * 3 - ERROR: Error - Anomaly Score of 4. Is generated mostly
+     *            from outbound leakage rules (50 level files).
+     * 4 - WARNING: Anomaly Score of 3. Is generated by malicious
+     *              client rules (35 level files).
+     * 5 - NOTICE: Anomaly Score of 2. Is generated by the Protocol
+     *             policy and anomaly files.
+     * 6 - INFO
+     * 7 - DEBUG
+     **/
+    unsigned int m_severity:3;
+
+    std::string m_revision;
+    std::string m_version;
+
+    /**
+     * 1-9 where 9 is very strong and 1 has many false positives
+     */
+    unsigned int m_accuracy:3;
+    /**
+     * 1-9 where 9 is extensively tested and 1 is a brand new experimental rule
+     */
+    unsigned int m_maturity:3;
+
+
     bool m_containsCaptureAction:1;
+    bool m_containsLogAction:1;
+    bool m_containsNoLogAction:1;
     bool m_containsMultiMatchAction:1;
     bool m_containsStaticBlockAction:1;
+
+    /* || SecDefaultAction */
+    unsigned int m_defaultSeverity:3;
+    std::string m_defaultRevision;
+    std::string m_defaultVersion;
+    unsigned int m_defaultAccuracy:3;
+    unsigned int m_defaultMaturity:3;
+    bool m_defaultContainsCaptureAction:1;
+    bool m_defaultContainsLogAction:1;
+    bool m_defaultContainsNoLogAction:1;
+    bool m_defaultContainsMultiMatchAction:1;
+    bool m_defaultContainsStaticBlockAction:1;
+
     bool m_isChained:1;
 };
 
diff --git a/headers/modsecurity/rule_with_operator.h b/headers/modsecurity/rule_with_operator.h
index a8868bcb..059c7173 100644
--- a/headers/modsecurity/rule_with_operator.h
+++ b/headers/modsecurity/rule_with_operator.h
@@ -45,10 +45,14 @@ class RuleWithOperator : public RuleWithActions {
         std::unique_ptr<std::string> fileName,
         int lineNumber);
 
+    RuleWithOperator(const RuleWithOperator &op)
+        : RuleWithActions(op),
+        m_variables(op.m_variables),
+        m_operator(op.m_operator) { };
+
     virtual ~RuleWithOperator();
 
-    bool evaluate(Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+    bool evaluate(Transaction *transaction) override;
 
     void getVariablesExceptions(Transaction *t,
         variables::Variables *exclusion, variables::Variables *addition);
@@ -56,7 +60,7 @@ class RuleWithOperator : public RuleWithActions {
         variables::Variables *eclusion, Transaction *trans);
 
     bool executeOperatorAt(Transaction *trasn, const std::string &key,
-        std::string value, std::shared_ptr<RuleMessage> rm);
+        std::string value);
 
     static void updateMatchedVars(Transaction *trasn, const std::string &key,
         const std::string &value);
@@ -70,8 +74,8 @@ class RuleWithOperator : public RuleWithActions {
     }
 
  private:
-    modsecurity::variables::Variables *m_variables;
-    operators::Operator *m_operator;
+    std::shared_ptr<modsecurity::variables::Variables> m_variables;
+    std::shared_ptr<operators::Operator> m_operator;
 };
 
 
diff --git a/headers/modsecurity/rules.h b/headers/modsecurity/rules.h
index 3c8ccff4..79264b08 100644
--- a/headers/modsecurity/rules.h
+++ b/headers/modsecurity/rules.h
@@ -80,11 +80,14 @@ class Rules {
         return true;
     }
 
+    void fixDefaultActions();
+
     size_t size() const { return m_rules.size(); }
     std::shared_ptr<Rule> operator[](int index) const { return m_rules[index]; }
     std::shared_ptr<Rule> at(int index) const { return m_rules[index]; }
 
     std::vector<std::shared_ptr<actions::Action> > m_defaultActions;
+    std::vector<std::shared_ptr<actions::transformations::Transformation> > m_defaultTransformations;
 
     std::vector<std::shared_ptr<Rule> > m_rules;
 };
diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
index 6d9949db..4f6d122a 100644
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -103,6 +103,7 @@ class ModSecurity;
 class Transaction;
 class RulesSet;
 class RuleMessage;
+class RuleWithActions;
 namespace actions {
 class Action;
 namespace disruptive {
@@ -319,8 +320,56 @@ class TransactionSecMarkerManagement {
     std::shared_ptr<std::string> m_marker;
 };
 
+class TransactionRuleMessageManagement {
+ public:
+    explicit TransactionRuleMessageManagement(Transaction *t)
+        : m_transaction(t),
+        m_noAuditLog(false) { 
+            messageNew();
+        };
+
+    RuleMessage *messageGetLast();
+    void messageNew();
+
+    void logMatchLastRuleOnTheChain(RuleWithActions *rule);
+
+    void messageSetNoAuditLog(bool a) {
+        m_noAuditLog = a;
+    }
+
+    bool messageSaveAuditLog() const {
+        return m_noAuditLog;
+    }
+
+    std::list<RuleMessage *> messageGetAll() {
+        std::list<RuleMessage *> messages;
+        for (RuleMessage *a : m_rulesMessages) {
+            messages.push_back(a);
+        }
+
+        return messages;
+    }
+
+    void messageClear() {
+        m_rulesMessages.clear();
+    }
+
+ private:
+    /**
+     * This variable holds all the messages asked to be save by the utilization
+     * of the actions: `log_data' and `msg'. These should be included on the
+     * auditlogs.
+     */
+    std::list<RuleMessage *> m_rulesMessages;
+
+    Transaction *m_transaction;
+    bool m_noAuditLog;
+};
+
+
 /** @ingroup ModSecurity_CPP_API */
-class Transaction : public TransactionAnchoredVariables, public TransactionSecMarkerManagement {
+class Transaction : public TransactionAnchoredVariables, public TransactionSecMarkerManagement, \
+    public TransactionRuleMessageManagement {
  public:
     Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData);
     Transaction(ModSecurity *transaction, RulesSet *rules, char *id,
@@ -400,7 +449,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
 #ifndef NO_LOGS
     void debug(int, std::string) const;
 #endif
-    void serverLog(std::shared_ptr<RuleMessage> rm);
+    void serverLog(RuleMessage *rm);
 
     int getRuleEngineState() const;
 
@@ -529,13 +578,6 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
      */
     std::list< std::pair<int, std::string> > m_auditLogModifier;
 
-    /**
-     * This variable holds all the messages asked to be save by the utilization
-     * of the actions: `log_data' and `msg'. These should be included on the
-     * auditlogs.
-     */
-    std::list<modsecurity::RuleMessage> m_rulesMessages;
-
     /**
      * Holds the request body, in case of any.
      */
diff --git a/src/actions/accuracy.cc b/src/actions/accuracy.cc
index c8cfca72..152ab05d 100644
--- a/src/actions/accuracy.cc
+++ b/src/actions/accuracy.cc
@@ -40,7 +40,6 @@ bool Accuracy::init(std::string *error) {
 
 
 bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
-    rule->m_accuracy = m_accuracy;
     return true;
 }
 
diff --git a/src/actions/accuracy.h b/src/actions/accuracy.h
index f787af19..0933f4f1 100644
--- a/src/actions/accuracy.h
+++ b/src/actions/accuracy.h
@@ -35,6 +35,7 @@ class Accuracy : public Action {
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
+    int getAccuracy() const { return m_accuracy; }
 
  private:
     int m_accuracy;
diff --git a/src/actions/audit_log.cc b/src/actions/audit_log.cc
index c628ac23..7b64ddcb 100644
--- a/src/actions/audit_log.cc
+++ b/src/actions/audit_log.cc
@@ -28,11 +28,8 @@ namespace actions {
 
 
 bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
-    rm->m_noAuditLog = false;
-    ms_dbg_a(transaction, 9, "Saving transaction to logs");
-    rm->m_saveMessage = true;
-
+    RuleMessage &rm) {
+    transaction->messageSetNoAuditLog(false);
     return true;
 }
 
diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h
index d870de2a..3a814968 100644
--- a/src/actions/audit_log.h
+++ b/src/actions/audit_log.h
@@ -36,7 +36,7 @@ class AuditLog : public Action {
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 };
 
 
diff --git a/src/actions/block.cc b/src/actions/block.cc
index a6b91480..07d61643 100644
--- a/src/actions/block.cc
+++ b/src/actions/block.cc
@@ -30,16 +30,8 @@ namespace actions {
 
 
 bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     ms_dbg_a(transaction, 8, "Marking request as disruptive.");
-
-    for (auto &a : transaction->m_rules->m_rulesSetPhases[rule->getPhase()]->m_defaultActions) {
-        if (a->isDisruptive() == false) {
-            continue;
-        }
-        a->evaluate(rule, transaction, rm);
-    }
-
     return true;
 }
 
diff --git a/src/actions/block.h b/src/actions/block.h
index 7c40bbd8..b32e864c 100644
--- a/src/actions/block.h
+++ b/src/actions/block.h
@@ -36,7 +36,7 @@ class Block : public Action {
     explicit Block(const std::string &action) : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 };
 
 
diff --git a/src/actions/chain.cc b/src/actions/chain.cc
index 197f861f..dddf8cce 100644
--- a/src/actions/chain.cc
+++ b/src/actions/chain.cc
@@ -26,7 +26,7 @@ namespace actions {
 
 
 bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
-    rule->setChained(true);
+    rule->setHasChainAction(true);
     return true;
 }
 
diff --git a/src/actions/data/status.cc b/src/actions/data/status.cc
index 94299738..5c2b8627 100644
--- a/src/actions/data/status.cc
+++ b/src/actions/data/status.cc
@@ -39,7 +39,7 @@ bool Status::init(std::string *error) {
 
 
 bool Status::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     transaction->m_it.status = m_status;
     return true;
 }
diff --git a/src/actions/data/status.h b/src/actions/data/status.h
index d792247d..b61b4a2a 100644
--- a/src/actions/data/status.h
+++ b/src/actions/data/status.h
@@ -38,7 +38,7 @@ class Status : public Action {
 
     bool init(std::string *error) override;
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 
     int m_status;
 };
diff --git a/src/actions/disruptive/deny.cc b/src/actions/disruptive/deny.cc
index e105d651..6dfe4245 100644
--- a/src/actions/disruptive/deny.cc
+++ b/src/actions/disruptive/deny.cc
@@ -29,7 +29,7 @@ namespace disruptive {
 
 
 bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     ms_dbg_a(transaction, 8, "Running action deny");
 
     if (transaction->m_it.status == 200) {
@@ -38,9 +38,9 @@ bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
 
     transaction->m_it.disruptive = true;
     intervention::freeLog(&transaction->m_it);
-    rm->m_isDisruptive = true;
+    rm.setRule(rule);
     transaction->m_it.log = strdup(
-        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+        rm.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
 
     return true;
 }
diff --git a/src/actions/disruptive/deny.h b/src/actions/disruptive/deny.h
index fb841a49..a11d41bb 100644
--- a/src/actions/disruptive/deny.h
+++ b/src/actions/disruptive/deny.h
@@ -34,7 +34,7 @@ class Deny : public Action {
     explicit Deny(const std::string &action) : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
     bool isDisruptive() override { return true; }
 };
 
diff --git a/src/actions/disruptive/drop.cc b/src/actions/disruptive/drop.cc
index 18a3b552..5c7b0456 100644
--- a/src/actions/disruptive/drop.cc
+++ b/src/actions/disruptive/drop.cc
@@ -33,7 +33,7 @@ namespace disruptive {
 
 
 bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     ms_dbg_a(transaction, 8, "Running action drop " \
         "[executing deny instead of drop.]");
 
@@ -43,9 +43,9 @@ bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
 
     transaction->m_it.disruptive = true;
     intervention::freeLog(&transaction->m_it);
-    rm->m_isDisruptive = true;
+    rm.setRule(rule);
     transaction->m_it.log = strdup(
-        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+        rm.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
 
     return true;
 }
diff --git a/src/actions/disruptive/drop.h b/src/actions/disruptive/drop.h
index f60eddfa..ebfc853b 100644
--- a/src/actions/disruptive/drop.h
+++ b/src/actions/disruptive/drop.h
@@ -33,7 +33,7 @@ class Drop : public Action {
     explicit Drop(const std::string &action) : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
     bool isDisruptive() override { return true; }
 };
 
diff --git a/src/actions/disruptive/pass.cc b/src/actions/disruptive/pass.cc
index e0f038c4..2334ce21 100644
--- a/src/actions/disruptive/pass.cc
+++ b/src/actions/disruptive/pass.cc
@@ -30,7 +30,7 @@ namespace disruptive {
 
 
 bool Pass::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     intervention::free(&transaction->m_it);
     intervention::reset(&transaction->m_it);
 
diff --git a/src/actions/disruptive/pass.h b/src/actions/disruptive/pass.h
index 0c09d287..3abbe03f 100644
--- a/src/actions/disruptive/pass.h
+++ b/src/actions/disruptive/pass.h
@@ -32,7 +32,7 @@ class Pass : public Action {
     explicit Pass(const std::string &action) : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
     bool isDisruptive() override { return true; }
 };
 
diff --git a/src/actions/disruptive/redirect.cc b/src/actions/disruptive/redirect.cc
index ac2993b4..ef3a3a43 100644
--- a/src/actions/disruptive/redirect.cc
+++ b/src/actions/disruptive/redirect.cc
@@ -35,7 +35,7 @@ bool Redirect::init(std::string *error) {
 
 
 bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     std::string m_urlExpanded(m_string->evaluate(transaction));
     /* if it was changed before, lets keep it. */
     if (transaction->m_it.status == 200
@@ -47,9 +47,9 @@ bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
     transaction->m_it.url = strdup(m_urlExpanded.c_str());
     transaction->m_it.disruptive = true;
     intervention::freeLog(&transaction->m_it);
-    rm->m_isDisruptive = true;
+    rm.setRule(rule);
     transaction->m_it.log = strdup(
-        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+        rm.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
 
     return true;
 }
diff --git a/src/actions/disruptive/redirect.h b/src/actions/disruptive/redirect.h
index 46b5d51a..50022d0a 100644
--- a/src/actions/disruptive/redirect.h
+++ b/src/actions/disruptive/redirect.h
@@ -47,7 +47,7 @@ class Redirect : public Action {
             m_string(std::move(z)) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
     bool init(std::string *error) override;
     bool isDisruptive() override { return true; }
 
diff --git a/src/actions/init_col.h b/src/actions/init_col.h
index 16d7ace9..5cd2f8bc 100644
--- a/src/actions/init_col.h
+++ b/src/actions/init_col.h
@@ -42,7 +42,7 @@ class InitCol : public Action {
     bool init(std::string *error) override;
  private:
     std::string m_collection_key;
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/log.cc b/src/actions/log.cc
index 6ca507cd..137a00d3 100644
--- a/src/actions/log.cc
+++ b/src/actions/log.cc
@@ -29,9 +29,7 @@ namespace actions {
 
 
 bool Log::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
-    ms_dbg_a(transaction, 9, "Saving transaction to logs");
-    rm->m_saveMessage = true;
+    RuleMessage &rm) {
     return true;
 }
 
diff --git a/src/actions/log.h b/src/actions/log.h
index 736d4a13..d6d5e46d 100644
--- a/src/actions/log.h
+++ b/src/actions/log.h
@@ -34,7 +34,7 @@ class Log : public Action {
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 };
 
 }  // namespace actions
diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc
index 49c539cf..82549a3d 100644
--- a/src/actions/log_data.cc
+++ b/src/actions/log_data.cc
@@ -30,8 +30,8 @@ namespace actions {
 
 
 bool LogData::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
-    rm->m_data = data(transaction);
+    RuleMessage &rm) {
+    rm.m_data = data(transaction);
 
     return true;
 }
diff --git a/src/actions/log_data.h b/src/actions/log_data.h
index da2fbf4d..44afb773 100644
--- a/src/actions/log_data.h
+++ b/src/actions/log_data.h
@@ -40,11 +40,11 @@ class LogData : public Action {
             m_string(std::move(z)) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-       std::shared_ptr<RuleMessage> rm) override;
+       RuleMessage &rm) override;
 
     std::string data(Transaction *Transaction);
 
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/maturity.cc b/src/actions/maturity.cc
index 131d2148..c125641a 100644
--- a/src/actions/maturity.cc
+++ b/src/actions/maturity.cc
@@ -40,7 +40,6 @@ bool Maturity::init(std::string *error) {
 
 
 bool Maturity::evaluate(RuleWithActions *rule, Transaction *transaction) {
-    rule->m_maturity = m_maturity;
     return true;
 }
 
diff --git a/src/actions/maturity.h b/src/actions/maturity.h
index dd185efa..1fe13533 100644
--- a/src/actions/maturity.h
+++ b/src/actions/maturity.h
@@ -35,6 +35,7 @@ class Maturity : public Action {
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
+    int getMaturity() const { return m_maturity; }
 
  private:
     int m_maturity;
diff --git a/src/actions/msg.cc b/src/actions/msg.cc
index 1f0b3538..1cf0dfe7 100644
--- a/src/actions/msg.cc
+++ b/src/actions/msg.cc
@@ -47,9 +47,9 @@ namespace actions {
 
 
 bool Msg::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     std::string msg = data(transaction);
-    rm->m_message = msg;
+    rm.m_message = msg;
     ms_dbg_a(transaction, 9, "Saving msg: " + msg);
 
     return true;
diff --git a/src/actions/msg.h b/src/actions/msg.h
index 61661194..ddc67f73 100644
--- a/src/actions/msg.h
+++ b/src/actions/msg.h
@@ -41,10 +41,10 @@ class Msg : public Action {
             m_string(std::move(z)) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 
     std::string data(Transaction *Transaction);
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/no_audit_log.cc b/src/actions/no_audit_log.cc
index e4a59f73..8f7f5388 100644
--- a/src/actions/no_audit_log.cc
+++ b/src/actions/no_audit_log.cc
@@ -27,10 +27,8 @@ namespace actions {
 
 
 bool NoAuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
-    rm->m_noAuditLog = true;
-    rm->m_saveMessage = false;
-
+    RuleMessage &rm) {
+    transaction->messageSetNoAuditLog(true);
     return true;
 }
 
diff --git a/src/actions/no_audit_log.h b/src/actions/no_audit_log.h
index dbd5d098..337e76f1 100644
--- a/src/actions/no_audit_log.h
+++ b/src/actions/no_audit_log.h
@@ -36,7 +36,7 @@ class NoAuditLog : public Action {
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 };
 
 }  // namespace actions
diff --git a/src/actions/no_log.cc b/src/actions/no_log.cc
index 501ea4da..496e1515 100644
--- a/src/actions/no_log.cc
+++ b/src/actions/no_log.cc
@@ -30,8 +30,7 @@ namespace actions {
 
 
 bool NoLog::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
-    rm->m_saveMessage = false;
+    RuleMessage &rm) {
     return true;
 }
 
diff --git a/src/actions/no_log.h b/src/actions/no_log.h
index 87d4e305..0d2f745d 100644
--- a/src/actions/no_log.h
+++ b/src/actions/no_log.h
@@ -34,7 +34,7 @@ class NoLog : public Action {
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 };
 
 }  // namespace actions
diff --git a/src/actions/rev.cc b/src/actions/rev.cc
index 43d8d1be..400b31c3 100644
--- a/src/actions/rev.cc
+++ b/src/actions/rev.cc
@@ -34,7 +34,6 @@ bool Rev::init(std::string *error) {
 
 
 bool Rev::evaluate(RuleWithActions *rule, Transaction *transaction) {
-    rule->m_rev = m_rev;
     return true;
 }
 
diff --git a/src/actions/rev.h b/src/actions/rev.h
index 9e3c1bfb..a5c95258 100644
--- a/src/actions/rev.h
+++ b/src/actions/rev.h
@@ -33,9 +33,10 @@ class Rev : public Action {
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
+   std::string getRevision() const { return m_rev; }
 
  private:
-    std::string m_rev;
+   std::string m_rev;
 };
 
 
diff --git a/src/actions/set_env.h b/src/actions/set_env.h
index 33ccfc33..d5284d42 100644
--- a/src/actions/set_env.h
+++ b/src/actions/set_env.h
@@ -43,7 +43,7 @@ class SetENV : public Action {
     bool init(std::string *error) override;
 
  private:
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_rsc.h b/src/actions/set_rsc.h
index 5913b7c7..41094f0e 100644
--- a/src/actions/set_rsc.h
+++ b/src/actions/set_rsc.h
@@ -43,7 +43,7 @@ class SetRSC : public Action {
     bool init(std::string *error) override;
 
  private:
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_sid.h b/src/actions/set_sid.h
index 64f8f3cc..78a2911a 100644
--- a/src/actions/set_sid.h
+++ b/src/actions/set_sid.h
@@ -43,7 +43,7 @@ class SetSID : public Action {
     bool init(std::string *error) override;
 
  private:
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_uid.h b/src/actions/set_uid.h
index b8c3a0db..5cc96c6b 100644
--- a/src/actions/set_uid.h
+++ b/src/actions/set_uid.h
@@ -43,7 +43,7 @@ class SetUID : public Action {
     bool init(std::string *error) override;
 
  private:
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_var.h b/src/actions/set_var.h
index 5fe9de03..51f596b4 100644
--- a/src/actions/set_var.h
+++ b/src/actions/set_var.h
@@ -63,8 +63,8 @@ class SetVar : public Action {
 
  private:
     SetVarOperation m_operation;
-    std::unique_ptr<modsecurity::variables::Variable> m_variable;
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<modsecurity::variables::Variable> m_variable;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 }  // namespace actions
diff --git a/src/actions/severity.cc b/src/actions/severity.cc
index 8344e105..e1bc8239 100644
--- a/src/actions/severity.cc
+++ b/src/actions/severity.cc
@@ -72,17 +72,7 @@ bool Severity::init(std::string *error) {
 
 
 bool Severity::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
-    ms_dbg_a(transaction, 9, "This rule severity is: " + \
-        std::to_string(this->m_severity) + " current transaction is: " + \
-        std::to_string(transaction->m_highestSeverityAction));
-
-    rm->m_severity = m_severity;
-
-    if (transaction->m_highestSeverityAction > this->m_severity) {
-        transaction->m_highestSeverityAction = this->m_severity;
-    }
-
+    RuleMessage &rm) {
     return true;
 }
 
diff --git a/src/actions/severity.h b/src/actions/severity.h
index 32a223e0..eb3f0ada 100644
--- a/src/actions/severity.h
+++ b/src/actions/severity.h
@@ -36,7 +36,7 @@ class Severity : public Action {
         m_severity(0) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
     bool init(std::string *error) override;
 
     int m_severity;
diff --git a/src/actions/tag.cc b/src/actions/tag.cc
index 3b1b6fd5..04d36afd 100644
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@@ -58,11 +58,11 @@ std::string Tag::getName(Transaction *transaction) {
 
 
 bool Tag::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &rm) {
     std::string tag = getName(transaction);
     ms_dbg_a(transaction, 9, "Rule tag: " + tag);
 
-    rm->m_tags.push_back(tag);
+    rm.m_tags.push_back(tag);
 
     return true;
 }
diff --git a/src/actions/tag.h b/src/actions/tag.h
index 75369f5f..38b06928 100644
--- a/src/actions/tag.h
+++ b/src/actions/tag.h
@@ -39,10 +39,10 @@ class Tag : public Action {
     std::string getName(Transaction *transaction);
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> rm) override;
+        RuleMessage &rm) override;
 
  protected:
-    std::unique_ptr<RunTimeString> m_string;
+    std::shared_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/ver.cc b/src/actions/ver.cc
index 43b8b832..8f1d1ef7 100644
--- a/src/actions/ver.cc
+++ b/src/actions/ver.cc
@@ -28,7 +28,6 @@ namespace actions {
 
 
 bool Ver::evaluate(RuleWithActions *rule, Transaction *transaction) {
-    rule->m_ver = m_parser_payload;
     return true;
 }
 
diff --git a/src/audit_log/audit_log.cc b/src/audit_log/audit_log.cc
index 50213d5d..b159f779 100644
--- a/src/audit_log/audit_log.cc
+++ b/src/audit_log/audit_log.cc
@@ -295,12 +295,7 @@ bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {
         return true;
     }
 
-    for (RuleMessage &i : transaction->m_rulesMessages) {
-        if (i.m_noAuditLog == false) {
-            saveAnyway = true;
-            break;
-        }
-    }
+    saveAnyway = transaction->messageSaveAuditLog();
 
     if ((m_status == RelevantOnlyAuditLogStatus
         && this->isRelevant(transaction->m_httpCodeReturned) == false)
diff --git a/src/modsecurity.cc b/src/modsecurity.cc
index 854ec31e..101309cd 100644
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@@ -190,7 +190,7 @@ const std::string& ModSecurity::getConnectorInformation() const {
     return m_connector;
 }
 
-void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
+void ModSecurity::serverLog(void *data, RuleMessage *rm) {
     if (m_logCb == NULL) {
         std::cerr << "Server log callback is not set -- " << rm->errorLog();
         std::cerr << std::endl;
@@ -209,7 +209,7 @@ void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
     }
 
     if (m_logProperties & RuleMessageLogProperty) {
-        const void *a = static_cast<const void *>(rm.get());
+        const void *a = static_cast<const void *>(rm);
         if (m_logProperties & IncludeFullHighlightLogProperty) {
             m_logCb(data, a);
             return;
diff --git a/src/operators/begins_with.cc b/src/operators/begins_with.cc
index a2f89fce..7cf8909d 100644
--- a/src/operators/begins_with.cc
+++ b/src/operators/begins_with.cc
@@ -25,7 +25,7 @@ namespace operators {
 
 
 bool BeginsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));
 
     if (str.size() < p.size()) {
diff --git a/src/operators/begins_with.h b/src/operators/begins_with.h
index c9fcee46..db8755ca 100644
--- a/src/operators/begins_with.h
+++ b/src/operators/begins_with.h
@@ -33,7 +33,7 @@ class BeginsWith : public Operator {
         : Operator("BeginsWith", std::move(param)) { }
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule, const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 };
 
 }  // namespace operators
diff --git a/src/operators/contains.cc b/src/operators/contains.cc
index 95c2702a..828e7ac6 100644
--- a/src/operators/contains.cc
+++ b/src/operators/contains.cc
@@ -22,7 +22,7 @@ namespace modsecurity {
 namespace operators {
 
 bool Contains::evaluate(Transaction *transaction, RuleWithActions *rule,
-        const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+        const std::string &input, RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));
     size_t offset = input.find(p);
 
diff --git a/src/operators/contains.h b/src/operators/contains.h
index 13fcda92..0144e418 100644
--- a/src/operators/contains.h
+++ b/src/operators/contains.h
@@ -36,7 +36,7 @@ class Contains : public Operator {
         : Operator("Contains", std::move(param)) { }
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 };
 
 }  // namespace operators
diff --git a/src/operators/contains_word.cc b/src/operators/contains_word.cc
index 9bcdbd6c..b691d62e 100644
--- a/src/operators/contains_word.cc
+++ b/src/operators/contains_word.cc
@@ -37,7 +37,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
 }
 
 bool ContainsWord::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage *ruleMessage) {
     std::string paramTarget(m_string->evaluate(transaction));
 
     if (paramTarget.empty()) {
diff --git a/src/operators/contains_word.h b/src/operators/contains_word.h
index c15e3990..20ee3ff8 100644
--- a/src/operators/contains_word.h
+++ b/src/operators/contains_word.h
@@ -34,7 +34,7 @@ class ContainsWord : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
  private:
     static bool acceptableChar(const std::string& a, size_t pos);
diff --git a/src/operators/detect_sqli.cc b/src/operators/detect_sqli.cc
index 793d5644..b4cae8cc 100644
--- a/src/operators/detect_sqli.cc
+++ b/src/operators/detect_sqli.cc
@@ -26,7 +26,7 @@ namespace operators {
 
 
 bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage *ruleMessage) {
     char fingerprint[8];
     int issqli;
 
diff --git a/src/operators/detect_sqli.h b/src/operators/detect_sqli.h
index 237e6a2f..9ab7a7c1 100644
--- a/src/operators/detect_sqli.h
+++ b/src/operators/detect_sqli.h
@@ -34,7 +34,7 @@ class DetectSQLi : public Operator {
 
     bool evaluate(Transaction *t, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 };
 
 }  // namespace operators
diff --git a/src/operators/detect_xss.cc b/src/operators/detect_xss.cc
index 6c89ef72..c10238ab 100644
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@@ -26,7 +26,7 @@ namespace operators {
 
 
 bool DetectXSS::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage *ruleMessage) {
     int is_xss;
 
     is_xss = libinjection_xss(input.c_str(), input.length());
diff --git a/src/operators/detect_xss.h b/src/operators/detect_xss.h
index c4554625..16bddb22 100644
--- a/src/operators/detect_xss.h
+++ b/src/operators/detect_xss.h
@@ -33,7 +33,7 @@ class DetectXSS : public Operator {
 
     bool evaluate(Transaction *t, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 };
 
 }  // namespace operators
diff --git a/src/operators/ends_with.cc b/src/operators/ends_with.cc
index 404f3ffd..125fef6a 100644
--- a/src/operators/ends_with.cc
+++ b/src/operators/ends_with.cc
@@ -24,7 +24,7 @@ namespace operators {
 
 
 bool EndsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage *ruleMessage) {
     bool ret = false;
     std::string p(m_string->evaluate(transaction));
 
diff --git a/src/operators/ends_with.h b/src/operators/ends_with.h
index 47e42c3f..1fd55595 100644
--- a/src/operators/ends_with.h
+++ b/src/operators/ends_with.h
@@ -35,7 +35,7 @@ class EndsWith : public Operator {
         }
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 };
 
 
diff --git a/src/operators/operator.cc b/src/operators/operator.cc
index b74b0729..2aaa143a 100644
--- a/src/operators/operator.cc
+++ b/src/operators/operator.cc
@@ -71,7 +71,7 @@ namespace operators {
 
 
 bool Operator::evaluateInternal(Transaction *transaction,
-    RuleWithActions *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
+    RuleWithActions *rule, const std::string& a, RuleMessage *rm) {
     bool res = evaluate(transaction, rule, a, rm);
 
     if (m_negation) {
diff --git a/src/operators/operator.h b/src/operators/operator.h
index 4a21e595..44437794 100644
--- a/src/operators/operator.h
+++ b/src/operators/operator.h
@@ -114,7 +114,7 @@ class Operator {
     bool evaluateInternal(Transaction *t, RuleWithActions *rule,
         const std::string& a);
     bool evaluateInternal(Transaction *t, RuleWithActions *rule,
-        const std::string& a, std::shared_ptr<RuleMessage> ruleMessage);
+        const std::string& a, RuleMessage *ruleMessage);
 
 
     virtual bool evaluate(Transaction *transaction, const std::string &str);
@@ -123,11 +123,11 @@ class Operator {
         return evaluate(transaction, str);
     }
     virtual bool evaluate(Transaction *transaction, RuleWithActions *rule,
-        const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+        const std::string &str, RuleMessage *ruleMessage) {
         return evaluate(transaction, str);
     }
 
-    static void logOffset(std::shared_ptr<RuleMessage> ruleMessage, int offset, int len) {
+    static void logOffset(RuleMessage *ruleMessage, int offset, int len) {
         if (ruleMessage) {
             ruleMessage->m_reference.append("o"
                 + std::to_string(offset) + ","
diff --git a/src/operators/pm.cc b/src/operators/pm.cc
index ebf31c40..d08f37bb 100644
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@@ -82,8 +82,8 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
 
 
 bool Pm::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
-    int rc;
+    const std::string &input, RuleMessage *ruleMessage) {
+    int rc = -1;
     ACMPT pt;
     pt.parser = m_p;
     pt.ptr = NULL;
diff --git a/src/operators/pm.h b/src/operators/pm.h
index b090ec5d..34ff688a 100644
--- a/src/operators/pm.h
+++ b/src/operators/pm.h
@@ -43,7 +43,7 @@ class Pm : public Operator {
     ~Pm();
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
 
     bool init(const std::string &file, std::string *error) override;
diff --git a/src/operators/rbl.cc b/src/operators/rbl.cc
index ffdb17a2..973494ad 100644
--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@@ -202,7 +202,7 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, const std::string &ipStr,
 
 bool Rbl::evaluate(Transaction *t, RuleWithActions *rule,
         const std::string& ipStr,
-        std::shared_ptr<RuleMessage> ruleMessage) {
+        RuleMessage *ruleMessage) {
     struct addrinfo *info = NULL;
     std::string host = Rbl::mapIpToAddress(ipStr, t);
     int rc = 0;
diff --git a/src/operators/rbl.h b/src/operators/rbl.h
index f002d532..eb25c56b 100644
--- a/src/operators/rbl.h
+++ b/src/operators/rbl.h
@@ -78,7 +78,7 @@ class Rbl : public Operator {
         }
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     std::string mapIpToAddress(const std::string &ipStr, Transaction *trans) const;
 
diff --git a/src/operators/rx.cc b/src/operators/rx.cc
index f69ca97d..a6112f0c 100644
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@@ -37,7 +37,7 @@ bool Rx::init(const std::string &arg, std::string *error) {
 
 
 bool Rx::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage *ruleMessage) {
     Regex *re;
 
     if (m_param.empty() && !m_string->m_containsMacro) {
diff --git a/src/operators/rx.h b/src/operators/rx.h
index 817e74eb..3fee464a 100644
--- a/src/operators/rx.h
+++ b/src/operators/rx.h
@@ -51,7 +51,7 @@ class Rx : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     bool init(const std::string &arg, std::string *error) override;
 
diff --git a/src/operators/rx_global.cc b/src/operators/rx_global.cc
index f715a4fd..7f71655b 100644
--- a/src/operators/rx_global.cc
+++ b/src/operators/rx_global.cc
@@ -37,7 +37,7 @@ bool RxGlobal::init(const std::string &arg, std::string *error) {
 
 
 bool RxGlobal::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage *ruleMessage) {
     Regex *re;
 
     if (m_param.empty() && !m_string->m_containsMacro) {
diff --git a/src/operators/rx_global.h b/src/operators/rx_global.h
index 86e37d0d..f608773c 100644
--- a/src/operators/rx_global.h
+++ b/src/operators/rx_global.h
@@ -51,7 +51,7 @@ class RxGlobal : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     bool init(const std::string &arg, std::string *error) override;
 
diff --git a/src/operators/validate_byte_range.cc b/src/operators/validate_byte_range.cc
index 07b88149..8ab58538 100644
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@@ -111,7 +111,7 @@ bool ValidateByteRange::init(const std::string &file,
 
 
 bool ValidateByteRange::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &input, RuleMessage *ruleMessage) {
     bool ret = true;
 
     size_t count = 0;
diff --git a/src/operators/validate_byte_range.h b/src/operators/validate_byte_range.h
index 2c44e769..da053783 100644
--- a/src/operators/validate_byte_range.h
+++ b/src/operators/validate_byte_range.h
@@ -39,7 +39,7 @@ class ValidateByteRange : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
     bool getRange(const std::string &rangeRepresentation, std::string *error);
     bool init(const std::string& file, std::string *error) override;
  private:
diff --git a/src/operators/validate_url_encoding.cc b/src/operators/validate_url_encoding.cc
index 20a86eb6..302ca1f8 100644
--- a/src/operators/validate_url_encoding.cc
+++ b/src/operators/validate_url_encoding.cc
@@ -69,7 +69,7 @@ int ValidateUrlEncoding::validate_url_encoding(const char *input,
 
 
 bool ValidateUrlEncoding::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &input, RuleMessage *ruleMessage) {
     size_t offset = 0;
     bool res = false;
 
diff --git a/src/operators/validate_url_encoding.h b/src/operators/validate_url_encoding.h
index fe274dc0..3f0498dc 100644
--- a/src/operators/validate_url_encoding.h
+++ b/src/operators/validate_url_encoding.h
@@ -33,7 +33,7 @@ class ValidateUrlEncoding : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     static int validate_url_encoding(const char *input, uint64_t input_length,
         size_t *offset);
diff --git a/src/operators/validate_utf8_encoding.cc b/src/operators/validate_utf8_encoding.cc
index e95061af..ec5ac90a 100644
--- a/src/operators/validate_utf8_encoding.cc
+++ b/src/operators/validate_utf8_encoding.cc
@@ -114,7 +114,7 @@ int ValidateUtf8Encoding::detect_utf8_character(
 }
 
 bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage *ruleMessage) {
     unsigned int i, bytes_left;
 
     const char *str_c = str.c_str();
diff --git a/src/operators/validate_utf8_encoding.h b/src/operators/validate_utf8_encoding.h
index e59eef58..a7d63c83 100644
--- a/src/operators/validate_utf8_encoding.h
+++ b/src/operators/validate_utf8_encoding.h
@@ -40,7 +40,7 @@ class ValidateUtf8Encoding : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     static int detect_utf8_character(const unsigned char *p_read,
         unsigned int length);
diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc
index a0d76cc3..4690e22c 100644
--- a/src/operators/verify_cc.cc
+++ b/src/operators/verify_cc.cc
@@ -118,7 +118,7 @@ bool VerifyCC::init(const std::string &param2, std::string *error) {
 
 
 bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& i, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& i, RuleMessage *ruleMessage) {
     int offset = 0;
     int target_length = i.length();
 
diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h
index dc82492c..7095cbc8 100644
--- a/src/operators/verify_cc.h
+++ b/src/operators/verify_cc.h
@@ -37,7 +37,7 @@ class VerifyCC : public Operator {
 
     bool evaluate(Transaction *t, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage)  override;
+        RuleMessage *ruleMessage)  override;
     bool init(const std::string &param, std::string *error) override;
  private:
     pcre *m_pc;
diff --git a/src/operators/verify_cpf.cc b/src/operators/verify_cpf.cc
index 778584db..5566d8b6 100644
--- a/src/operators/verify_cpf.cc
+++ b/src/operators/verify_cpf.cc
@@ -109,7 +109,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) {
 
 
 bool VerifyCPF::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage *ruleMessage) {
     std::list<SMatch> matches;
     bool is_cpf = false;
     int i;
diff --git a/src/operators/verify_cpf.h b/src/operators/verify_cpf.h
index eecf71b1..e15e74c4 100644
--- a/src/operators/verify_cpf.h
+++ b/src/operators/verify_cpf.h
@@ -48,7 +48,7 @@ class VerifyCPF : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     bool verify(const char *ssnumber, int len);
 
diff --git a/src/operators/verify_ssn.cc b/src/operators/verify_ssn.cc
index 59a36dd7..8912b99c 100644
--- a/src/operators/verify_ssn.cc
+++ b/src/operators/verify_ssn.cc
@@ -111,7 +111,7 @@ invalid:
 
 
 bool VerifySSN::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage *ruleMessage) {
     std::list<SMatch> matches;
     bool is_ssn = false;
     int i;
diff --git a/src/operators/verify_ssn.h b/src/operators/verify_ssn.h
index 7c0828fb..ef38cad3 100644
--- a/src/operators/verify_ssn.h
+++ b/src/operators/verify_ssn.h
@@ -48,7 +48,7 @@ class VerifySSN : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
 
 
diff --git a/src/operators/verify_svnr.cc b/src/operators/verify_svnr.cc
index 248e6b4e..f9f4174c 100644
--- a/src/operators/verify_svnr.cc
+++ b/src/operators/verify_svnr.cc
@@ -78,7 +78,7 @@ bool VerifySVNR::verify(const char *svnrnumber, int len) {
 
 
 bool VerifySVNR::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage* ruleMessage) {
     std::list<SMatch> matches;
     bool is_svnr = false;
     int i;
diff --git a/src/operators/verify_svnr.h b/src/operators/verify_svnr.h
index 6fe9df9a..898bee79 100644
--- a/src/operators/verify_svnr.h
+++ b/src/operators/verify_svnr.h
@@ -34,7 +34,7 @@ class VerifySVNR : public Operator {
 
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage *ruleMessage) override;
 
     bool verify(const char *ssnumber, int len);
 
diff --git a/src/operators/within.cc b/src/operators/within.cc
index ce781cc7..a4ffc655 100644
--- a/src/operators/within.cc
+++ b/src/operators/within.cc
@@ -25,7 +25,7 @@ namespace operators {
 
 
 bool Within::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage *ruleMessage) {
     bool res = false;
     size_t pos = 0;
     std::string paramTarget(m_string->evaluate(transaction));
diff --git a/src/operators/within.h b/src/operators/within.h
index 7fcb4309..b9921a73 100644
--- a/src/operators/within.h
+++ b/src/operators/within.h
@@ -34,7 +34,7 @@ class Within : public Operator {
             m_couldContainsMacro = true;
         }
     bool evaluate(Transaction *transaction, RuleWithActions *rule,
-        const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) override;
+        const std::string &str, RuleMessage *ruleMessage) override;
 };
 
 }  // namespace operators
diff --git a/src/parser/driver.cc b/src/parser/driver.cc
index c8d15b48..be63b434 100644
--- a/src/parser/driver.cc
+++ b/src/parser/driver.cc
@@ -81,7 +81,7 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
     }
 
     /* is it a chained rule? */
-    if (m_lastRule != nullptr && m_lastRule->isChained()) {
+    if (m_lastRule != nullptr && m_lastRule->hasChainAction()) {
         r->setPhase(m_lastRule->getPhase());
         if (r->hasDisruptiveAction()) {
             m_parserError << "Disruptive actions can only be specified by";
@@ -91,6 +91,74 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
         m_lastRule->m_chainedRuleChild = std::move(r);
         m_lastRule->m_chainedRuleChild->m_chainedRuleParent = m_lastRule;
         m_lastRule = m_lastRule->m_chainedRuleChild.get();
+
+        /* Lets set all meta-data to the first rule */
+        RuleWithActions *firstRule = m_lastRule;
+        if (!firstRule->hasChainAction()) {
+            while (firstRule->m_chainedRuleParent != nullptr) {
+                if (firstRule->hasMessageAction()) {
+                    firstRule->m_chainedRuleParent->setMessageAction(
+                        firstRule->getMessageAction()
+                    );
+                    firstRule->setMessageAction(nullptr);
+                }
+                if (firstRule->hasLogDataAction()) {
+                    firstRule->m_chainedRuleParent->setLogDataAction(
+                        firstRule->getLogDataAction()
+                    );
+                    firstRule->setLogDataAction(nullptr);
+                }
+                if (firstRule->hasSeverityAction()) {
+                    firstRule->m_chainedRuleParent->setSeverity(
+                        firstRule->getSeverity()
+                    );
+                }
+                if (firstRule->hasRevisionAction()) {
+                    firstRule->m_chainedRuleParent->setRevision(
+                        firstRule->getRevision()
+                    );
+                }
+                if (firstRule->hasVersionAction()) {
+                    firstRule->m_chainedRuleParent->setVersion(
+                        firstRule->getVersion()
+                    );
+                }
+                if (firstRule->hasAccuracyAction()) {
+                    firstRule->m_chainedRuleParent->setAccuracy(
+                        firstRule->getAccuracy()
+                    );
+                }
+                if (firstRule->hasMaturityAction()) {
+                    firstRule->m_chainedRuleParent->setMaturity(
+                        firstRule->getMaturity()
+                    );
+                }
+
+                if (firstRule->hasTagAction()) {
+                    firstRule->m_chainedRuleParent->setTags(
+                        firstRule->getTagsAction()
+                    );
+                    firstRule->cleanTags();
+                }
+
+                if (firstRule->hasDisruptiveAction()) {
+                    firstRule->m_chainedRuleParent->setDisruptiveAction(
+                        firstRule->getDisruptiveAction()
+                    );
+                    firstRule->setDisruptiveAction(nullptr);
+                }
+                firstRule->m_chainedRuleParent->setHasBlockAction(
+                    firstRule->hasBlockAction()
+                );
+                firstRule->m_chainedRuleParent->setHasLogAction(
+                    firstRule->hasLogAction()
+                );
+                firstRule->m_chainedRuleParent->setHasLogAction(
+                    firstRule->hasNoLogAction()
+                );
+                firstRule = firstRule->m_chainedRuleParent;
+            }
+        }
         return true;
     }
 
@@ -119,6 +187,7 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
     }
 
     m_lastRule = rule.get();
+
     m_rulesSetPhases.insert(rule);
 
     return true;
diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc
index 67fbc497..674ec6fe 100644
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
@@ -2287,10 +2287,12 @@ namespace yy {
 #line 1076 "seclang-parser.yy"
       {
         std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
-        std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
         for (auto &i : *yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<actions::Action> > >  > ().get()) {
             if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
-              t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
+              std::shared_ptr<actions::Action> at = std::move(i);
+              std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
+              t->push_back(std::move(t2));
             } else {
               a->push_back(i.release());
             }
@@ -2314,11 +2316,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2318 "seclang-parser.cc"
+#line 2320 "seclang-parser.cc"
     break;
 
   case 76: // expression: "DIRECTIVE" variables op
-#line 1106 "seclang-parser.yy"
+#line 1108 "seclang-parser.yy"
       {
         variables::Variables *v = new variables::Variables();
         for (auto &i : *yystack_[1].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ().get()) {
@@ -2337,17 +2339,19 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2341 "seclang-parser.cc"
+#line 2343 "seclang-parser.cc"
     break;
 
   case 77: // expression: "CONFIG_DIR_SEC_ACTION" actions
-#line 1125 "seclang-parser.yy"
+#line 1127 "seclang-parser.yy"
       {
         std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
-        std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
         for (auto &i : *yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<actions::Action> > >  > ().get()) {
             if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
-              t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
+              std::shared_ptr<actions::Action> at = std::move(i);
+              std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
+              t->push_back(std::move(t2));
             } else {
               a->push_back(i.release());
             }
@@ -2360,18 +2364,20 @@ namespace yy {
             ));
         driver.addSecAction(std::move(rule));
       }
-#line 2364 "seclang-parser.cc"
+#line 2368 "seclang-parser.cc"
     break;
 
   case 78: // expression: "DIRECTIVE_SECRULESCRIPT" actions
-#line 1144 "seclang-parser.yy"
+#line 1148 "seclang-parser.yy"
       {
         std::string err;
         std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
-        std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
         for (auto &i : *yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<actions::Action> > >  > ().get()) {
             if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
-              t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
+              std::shared_ptr<actions::Action> at = std::move(i);
+              std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
+              t->push_back(std::move(t2));
             } else {
               a->push_back(i.release());
             }
@@ -2392,11 +2398,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2396 "seclang-parser.cc"
+#line 2402 "seclang-parser.cc"
     break;
 
   case 79: // expression: "CONFIG_DIR_SEC_DEFAULT_ACTION" actions
-#line 1172 "seclang-parser.yy"
+#line 1178 "seclang-parser.yy"
       {
         bool hasDisruptive = false;
         std::vector<actions::Action *> *actions = new std::vector<actions::Action *>();
@@ -2447,84 +2453,89 @@ namespace yy {
         }
 
         for (actions::Action *a : checkedActions) {
-            driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(
-                std::unique_ptr<actions::Action>(a));
+            if (dynamic_cast<actions::transformations::Transformation *>(a)) {
+              driver.m_rulesSetPhases[definedPhase]->m_defaultTransformations.push_back(
+                std::shared_ptr<actions::transformations::Transformation>(
+                dynamic_cast<actions::transformations::Transformation *>(a)));
+            } else {
+              driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(std::unique_ptr<Action>(a));
+            }
         }
 
         delete actions;
       }
-#line 2457 "seclang-parser.cc"
+#line 2468 "seclang-parser.cc"
     break;
 
   case 80: // expression: "CONFIG_DIR_SEC_MARKER"
-#line 1229 "seclang-parser.yy"
+#line 1240 "seclang-parser.yy"
       {
         driver.addSecMarker(modsecurity::utils::string::removeBracketsIfNeeded(yystack_[0].value.as < std::string > ()),
             /* file name */ std::unique_ptr<std::string>(new std::string(*yystack_[0].location.end.filename)),
             /* line number */ yystack_[0].location.end.line
         );
       }
-#line 2468 "seclang-parser.cc"
+#line 2479 "seclang-parser.cc"
     break;
 
   case 81: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_OFF"
-#line 1236 "seclang-parser.yy"
+#line 1247 "seclang-parser.yy"
       {
         driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine;
       }
-#line 2476 "seclang-parser.cc"
+#line 2487 "seclang-parser.cc"
     break;
 
   case 82: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_ON"
-#line 1240 "seclang-parser.yy"
+#line 1251 "seclang-parser.yy"
       {
         driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine;
       }
-#line 2484 "seclang-parser.cc"
+#line 2495 "seclang-parser.cc"
     break;
 
   case 83: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_DETC"
-#line 1244 "seclang-parser.yy"
+#line 1255 "seclang-parser.yy"
       {
         driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine;
       }
-#line 2492 "seclang-parser.cc"
+#line 2503 "seclang-parser.cc"
     break;
 
   case 84: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_ON"
-#line 1248 "seclang-parser.yy"
+#line 1259 "seclang-parser.yy"
       {
         driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
       }
-#line 2500 "seclang-parser.cc"
+#line 2511 "seclang-parser.cc"
     break;
 
   case 85: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_OFF"
-#line 1252 "seclang-parser.yy"
+#line 1263 "seclang-parser.yy"
       {
         driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean;
       }
-#line 2508 "seclang-parser.cc"
+#line 2519 "seclang-parser.cc"
     break;
 
   case 86: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_ON"
-#line 1256 "seclang-parser.yy"
+#line 1267 "seclang-parser.yy"
       {
         driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
       }
-#line 2516 "seclang-parser.cc"
+#line 2527 "seclang-parser.cc"
     break;
 
   case 87: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_OFF"
-#line 1260 "seclang-parser.yy"
+#line 1271 "seclang-parser.yy"
       {
         driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean;
       }
-#line 2524 "seclang-parser.cc"
+#line 2535 "seclang-parser.cc"
     break;
 
   case 88: // expression: "CONFIG_SEC_ARGUMENT_SEPARATOR"
-#line 1264 "seclang-parser.yy"
+#line 1275 "seclang-parser.yy"
       {
         if (yystack_[0].value.as < std::string > ().length() != 1) {
           driver.error(yystack_[1].location, "Argument separator should be set to a single character.");
@@ -2533,259 +2544,259 @@ namespace yy {
         driver.m_secArgumentSeparator.m_value = yystack_[0].value.as < std::string > ();
         driver.m_secArgumentSeparator.m_set = true;
       }
-#line 2537 "seclang-parser.cc"
+#line 2548 "seclang-parser.cc"
     break;
 
   case 89: // expression: "CONFIG_COMPONENT_SIG"
-#line 1273 "seclang-parser.yy"
+#line 1284 "seclang-parser.yy"
       {
         driver.m_components.push_back(yystack_[0].value.as < std::string > ());
       }
-#line 2545 "seclang-parser.cc"
+#line 2556 "seclang-parser.cc"
     break;
 
   case 90: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_ON"
-#line 1277 "seclang-parser.yy"
+#line 1288 "seclang-parser.yy"
       {
         driver.error(yystack_[2].location, "SecConnEngine is not yet supported.");
         YYERROR;
       }
-#line 2554 "seclang-parser.cc"
+#line 2565 "seclang-parser.cc"
     break;
 
   case 91: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_OFF"
-#line 1282 "seclang-parser.yy"
+#line 1293 "seclang-parser.yy"
       {
       }
-#line 2561 "seclang-parser.cc"
+#line 2572 "seclang-parser.cc"
     break;
 
   case 92: // expression: "CONFIG_SEC_WEB_APP_ID"
-#line 1285 "seclang-parser.yy"
+#line 1296 "seclang-parser.yy"
       {
         driver.m_secWebAppId.m_value = yystack_[0].value.as < std::string > ();
         driver.m_secWebAppId.m_set = true;
       }
-#line 2570 "seclang-parser.cc"
+#line 2581 "seclang-parser.cc"
     break;
 
   case 93: // expression: "CONFIG_SEC_SERVER_SIG"
-#line 1290 "seclang-parser.yy"
+#line 1301 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecServerSignature is not supported.");
         YYERROR;
       }
-#line 2579 "seclang-parser.cc"
+#line 2590 "seclang-parser.cc"
     break;
 
   case 94: // expression: "CONFIG_SEC_CACHE_TRANSFORMATIONS"
-#line 1295 "seclang-parser.yy"
+#line 1306 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecCacheTransformations is not supported.");
         YYERROR;
       }
-#line 2588 "seclang-parser.cc"
+#line 2599 "seclang-parser.cc"
     break;
 
   case 95: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_ON"
-#line 1300 "seclang-parser.yy"
+#line 1311 "seclang-parser.yy"
       {
         driver.error(yystack_[2].location, "SecDisableBackendCompression is not supported.");
         YYERROR;
       }
-#line 2597 "seclang-parser.cc"
+#line 2608 "seclang-parser.cc"
     break;
 
   case 96: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_OFF"
-#line 1305 "seclang-parser.yy"
+#line 1316 "seclang-parser.yy"
       {
       }
-#line 2604 "seclang-parser.cc"
+#line 2615 "seclang-parser.cc"
     break;
 
   case 97: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_ON"
-#line 1308 "seclang-parser.yy"
+#line 1319 "seclang-parser.yy"
       {
         driver.error(yystack_[2].location, "SecContentInjection is not yet supported.");
         YYERROR;
       }
-#line 2613 "seclang-parser.cc"
+#line 2624 "seclang-parser.cc"
     break;
 
   case 98: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_OFF"
-#line 1313 "seclang-parser.yy"
+#line 1324 "seclang-parser.yy"
       {
       }
-#line 2620 "seclang-parser.cc"
+#line 2631 "seclang-parser.cc"
     break;
 
   case 99: // expression: "CONFIG_SEC_CHROOT_DIR"
-#line 1316 "seclang-parser.yy"
+#line 1327 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecChrootDir is not supported.");
         YYERROR;
       }
-#line 2629 "seclang-parser.cc"
+#line 2640 "seclang-parser.cc"
     break;
 
   case 100: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_ON"
-#line 1321 "seclang-parser.yy"
+#line 1332 "seclang-parser.yy"
       {
         driver.error(yystack_[2].location, "SecHashEngine is not yet supported.");
         YYERROR;
       }
-#line 2638 "seclang-parser.cc"
+#line 2649 "seclang-parser.cc"
     break;
 
   case 101: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_OFF"
-#line 1326 "seclang-parser.yy"
+#line 1337 "seclang-parser.yy"
       {
       }
-#line 2645 "seclang-parser.cc"
+#line 2656 "seclang-parser.cc"
     break;
 
   case 102: // expression: "CONFIG_SEC_HASH_KEY"
-#line 1329 "seclang-parser.yy"
+#line 1340 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecHashKey is not yet supported.");
         YYERROR;
       }
-#line 2654 "seclang-parser.cc"
+#line 2665 "seclang-parser.cc"
     break;
 
   case 103: // expression: "CONFIG_SEC_HASH_PARAM"
-#line 1334 "seclang-parser.yy"
+#line 1345 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecHashParam is not yet supported.");
         YYERROR;
       }
-#line 2663 "seclang-parser.cc"
+#line 2674 "seclang-parser.cc"
     break;
 
   case 104: // expression: "CONFIG_SEC_HASH_METHOD_RX"
-#line 1339 "seclang-parser.yy"
+#line 1350 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecHashMethodRx is not yet supported.");
         YYERROR;
       }
-#line 2672 "seclang-parser.cc"
+#line 2683 "seclang-parser.cc"
     break;
 
   case 105: // expression: "CONFIG_SEC_HASH_METHOD_PM"
-#line 1344 "seclang-parser.yy"
+#line 1355 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecHashMethodPm is not yet supported.");
         YYERROR;
       }
-#line 2681 "seclang-parser.cc"
+#line 2692 "seclang-parser.cc"
     break;
 
   case 106: // expression: "CONFIG_DIR_GSB_DB"
-#line 1349 "seclang-parser.yy"
+#line 1360 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecGsbLookupDb is not supported.");
         YYERROR;
       }
-#line 2690 "seclang-parser.cc"
+#line 2701 "seclang-parser.cc"
     break;
 
   case 107: // expression: "CONFIG_SEC_GUARDIAN_LOG"
-#line 1354 "seclang-parser.yy"
+#line 1365 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecGuardianLog is not supported.");
         YYERROR;
       }
-#line 2699 "seclang-parser.cc"
+#line 2710 "seclang-parser.cc"
     break;
 
   case 108: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_ON"
-#line 1359 "seclang-parser.yy"
+#line 1370 "seclang-parser.yy"
       {
         driver.error(yystack_[2].location, "SecInterceptOnError is not yet supported.");
         YYERROR;
       }
-#line 2708 "seclang-parser.cc"
+#line 2719 "seclang-parser.cc"
     break;
 
   case 109: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_OFF"
-#line 1364 "seclang-parser.yy"
+#line 1375 "seclang-parser.yy"
       {
       }
-#line 2715 "seclang-parser.cc"
+#line 2726 "seclang-parser.cc"
     break;
 
   case 110: // expression: "CONFIG_SEC_CONN_R_STATE_LIMIT"
-#line 1367 "seclang-parser.yy"
+#line 1378 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecConnReadStateLimit is not yet supported.");
         YYERROR;
       }
-#line 2724 "seclang-parser.cc"
+#line 2735 "seclang-parser.cc"
     break;
 
   case 111: // expression: "CONFIG_SEC_CONN_W_STATE_LIMIT"
-#line 1372 "seclang-parser.yy"
+#line 1383 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecConnWriteStateLimit is not yet supported.");
         YYERROR;
       }
-#line 2733 "seclang-parser.cc"
+#line 2744 "seclang-parser.cc"
     break;
 
   case 112: // expression: "CONFIG_SEC_SENSOR_ID"
-#line 1377 "seclang-parser.yy"
+#line 1388 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecSensorId is not yet supported.");
         YYERROR;
       }
-#line 2742 "seclang-parser.cc"
+#line 2753 "seclang-parser.cc"
     break;
 
   case 113: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_ON"
-#line 1382 "seclang-parser.yy"
+#line 1393 "seclang-parser.yy"
       {
         driver.error(yystack_[2].location, "SecRuleInheritance is not yet supported.");
         YYERROR;
       }
-#line 2751 "seclang-parser.cc"
+#line 2762 "seclang-parser.cc"
     break;
 
   case 114: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_OFF"
-#line 1387 "seclang-parser.yy"
+#line 1398 "seclang-parser.yy"
       {
       }
-#line 2758 "seclang-parser.cc"
+#line 2769 "seclang-parser.cc"
     break;
 
   case 115: // expression: "CONFIG_SEC_RULE_PERF_TIME"
-#line 1390 "seclang-parser.yy"
+#line 1401 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecRulePerfTime is not yet supported.");
         YYERROR;
       }
-#line 2767 "seclang-parser.cc"
+#line 2778 "seclang-parser.cc"
     break;
 
   case 116: // expression: "CONFIG_SEC_STREAM_IN_BODY_INSPECTION"
-#line 1395 "seclang-parser.yy"
+#line 1406 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecStreamInBodyInspection is not supported.");
         YYERROR;
       }
-#line 2776 "seclang-parser.cc"
+#line 2787 "seclang-parser.cc"
     break;
 
   case 117: // expression: "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION"
-#line 1400 "seclang-parser.yy"
+#line 1411 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecStreamOutBodyInspection is not supported.");
         YYERROR;
       }
-#line 2785 "seclang-parser.cc"
+#line 2796 "seclang-parser.cc"
     break;
 
   case 118: // expression: "CONFIG_SEC_RULE_REMOVE_BY_ID"
-#line 1405 "seclang-parser.yy"
+#line 1416 "seclang-parser.yy"
       {
         std::string error;
         if (driver.m_exceptions.load(yystack_[0].value.as < std::string > (), &error) == false) {
@@ -2798,11 +2809,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2802 "seclang-parser.cc"
+#line 2813 "seclang-parser.cc"
     break;
 
   case 119: // expression: "CONFIG_SEC_RULE_REMOVE_BY_TAG"
-#line 1418 "seclang-parser.yy"
+#line 1429 "seclang-parser.yy"
       {
         std::string error;
         if (driver.m_exceptions.loadRemoveRuleByTag(yystack_[0].value.as < std::string > (), &error) == false) {
@@ -2815,11 +2826,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2819 "seclang-parser.cc"
+#line 2830 "seclang-parser.cc"
     break;
 
   case 120: // expression: "CONFIG_SEC_RULE_REMOVE_BY_MSG"
-#line 1431 "seclang-parser.yy"
+#line 1442 "seclang-parser.yy"
       {
         std::string error;
         if (driver.m_exceptions.loadRemoveRuleByMsg(yystack_[0].value.as < std::string > (), &error) == false) {
@@ -2832,11 +2843,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2836 "seclang-parser.cc"
+#line 2847 "seclang-parser.cc"
     break;
 
   case 121: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG" variables_pre_process
-#line 1444 "seclang-parser.yy"
+#line 1455 "seclang-parser.yy"
       {
         std::string error;
         if (driver.m_exceptions.loadUpdateTargetByTag(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ()), &error) == false) {
@@ -2849,11 +2860,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2853 "seclang-parser.cc"
+#line 2864 "seclang-parser.cc"
     break;
 
   case 122: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG" variables_pre_process
-#line 1457 "seclang-parser.yy"
+#line 1468 "seclang-parser.yy"
       {
         std::string error;
         if (driver.m_exceptions.loadUpdateTargetByMsg(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ()), &error) == false) {
@@ -2866,11 +2877,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2870 "seclang-parser.cc"
+#line 2881 "seclang-parser.cc"
     break;
 
   case 123: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID" variables_pre_process
-#line 1470 "seclang-parser.yy"
+#line 1481 "seclang-parser.yy"
       {
         std::string error;
         double ruleId;
@@ -2896,11 +2907,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2900 "seclang-parser.cc"
+#line 2911 "seclang-parser.cc"
     break;
 
   case 124: // expression: "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID" actions
-#line 1496 "seclang-parser.yy"
+#line 1507 "seclang-parser.yy"
       {
         std::string error;
         double ruleId;
@@ -2927,11 +2938,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2931 "seclang-parser.cc"
+#line 2942 "seclang-parser.cc"
     break;
 
   case 125: // expression: "CONFIG_DIR_DEBUG_LVL"
-#line 1524 "seclang-parser.yy"
+#line 1535 "seclang-parser.yy"
       {
         if (driver.m_debugLog != NULL) {
           driver.m_debugLog->setDebugLogLevel(atoi(yystack_[0].value.as < std::string > ().c_str()));
@@ -2943,11 +2954,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2947 "seclang-parser.cc"
+#line 2958 "seclang-parser.cc"
     break;
 
   case 126: // expression: "CONFIG_DIR_DEBUG_LOG"
-#line 1536 "seclang-parser.yy"
+#line 1547 "seclang-parser.yy"
       {
         if (driver.m_debugLog != NULL) {
             std::string error;
@@ -2966,11 +2977,11 @@ namespace yy {
             YYERROR;
         }
       }
-#line 2970 "seclang-parser.cc"
+#line 2981 "seclang-parser.cc"
     break;
 
   case 127: // expression: "CONFIG_DIR_GEO_DB"
-#line 1556 "seclang-parser.yy"
+#line 1567 "seclang-parser.yy"
       {
 #if defined(WITH_GEOIP) or defined(WITH_MAXMIND)
         std::string err;
@@ -2997,38 +3008,38 @@ namespace yy {
         YYERROR;
 #endif  // WITH_GEOIP
       }
-#line 3001 "seclang-parser.cc"
+#line 3012 "seclang-parser.cc"
     break;
 
   case 128: // expression: "CONFIG_DIR_ARGS_LIMIT"
-#line 1583 "seclang-parser.yy"
+#line 1594 "seclang-parser.yy"
       {
         driver.m_argumentsLimit.m_set = true;
         driver.m_argumentsLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str());
       }
-#line 3010 "seclang-parser.cc"
+#line 3021 "seclang-parser.cc"
     break;
 
   case 129: // expression: "CONFIG_DIR_REQ_BODY_LIMIT"
-#line 1589 "seclang-parser.yy"
+#line 1600 "seclang-parser.yy"
       {
         driver.m_requestBodyLimit.m_set = true;
         driver.m_requestBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str());
       }
-#line 3019 "seclang-parser.cc"
+#line 3030 "seclang-parser.cc"
     break;
 
   case 130: // expression: "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT"
-#line 1594 "seclang-parser.yy"
+#line 1605 "seclang-parser.yy"
       {
         driver.m_requestBodyNoFilesLimit.m_set = true;
         driver.m_requestBodyNoFilesLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str());
       }
-#line 3028 "seclang-parser.cc"
+#line 3039 "seclang-parser.cc"
     break;
 
   case 131: // expression: "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
-#line 1599 "seclang-parser.yy"
+#line 1610 "seclang-parser.yy"
       {
         std::stringstream ss;
         ss << "As of ModSecurity version 3.0, SecRequestBodyInMemoryLimit is no longer ";
@@ -3037,68 +3048,68 @@ namespace yy {
         driver.error(yystack_[1].location, ss.str());
         YYERROR;
       }
-#line 3041 "seclang-parser.cc"
+#line 3052 "seclang-parser.cc"
     break;
 
   case 132: // expression: "CONFIG_DIR_RES_BODY_LIMIT"
-#line 1608 "seclang-parser.yy"
+#line 1619 "seclang-parser.yy"
       {
         driver.m_responseBodyLimit.m_set = true;
         driver.m_responseBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str());
       }
-#line 3050 "seclang-parser.cc"
+#line 3061 "seclang-parser.cc"
     break;
 
   case 133: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL"
-#line 1613 "seclang-parser.yy"
+#line 1624 "seclang-parser.yy"
       {
         driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
       }
-#line 3058 "seclang-parser.cc"
+#line 3069 "seclang-parser.cc"
     break;
 
   case 134: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT"
-#line 1617 "seclang-parser.yy"
+#line 1628 "seclang-parser.yy"
       {
         driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
       }
-#line 3066 "seclang-parser.cc"
+#line 3077 "seclang-parser.cc"
     break;
 
   case 135: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL"
-#line 1621 "seclang-parser.yy"
+#line 1632 "seclang-parser.yy"
       {
         driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
       }
-#line 3074 "seclang-parser.cc"
+#line 3085 "seclang-parser.cc"
     break;
 
   case 136: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT"
-#line 1625 "seclang-parser.yy"
+#line 1636 "seclang-parser.yy"
       {
         driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
       }
-#line 3082 "seclang-parser.cc"
+#line 3093 "seclang-parser.cc"
     break;
 
   case 137: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_ABORT"
-#line 1629 "seclang-parser.yy"
+#line 1640 "seclang-parser.yy"
       {
         driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
       }
-#line 3090 "seclang-parser.cc"
+#line 3101 "seclang-parser.cc"
     break;
 
   case 138: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_WARN"
-#line 1633 "seclang-parser.yy"
+#line 1644 "seclang-parser.yy"
       {
         driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
       }
-#line 3098 "seclang-parser.cc"
+#line 3109 "seclang-parser.cc"
     break;
 
   case 141: // expression: "CONGIG_DIR_RESPONSE_BODY_MP"
-#line 1647 "seclang-parser.yy"
+#line 1658 "seclang-parser.yy"
       {
         std::istringstream buf(yystack_[0].value.as < std::string > ());
         std::istream_iterator<std::string> beg(buf), end;
@@ -3110,37 +3121,37 @@ namespace yy {
             driver.m_responseBodyTypeToBeInspected.m_value.insert(*it);
         }
       }
-#line 3114 "seclang-parser.cc"
+#line 3125 "seclang-parser.cc"
     break;
 
   case 142: // expression: "CONGIG_DIR_RESPONSE_BODY_MP_CLEAR"
-#line 1659 "seclang-parser.yy"
+#line 1670 "seclang-parser.yy"
       {
         driver.m_responseBodyTypeToBeInspected.m_set = true;
         driver.m_responseBodyTypeToBeInspected.m_clear = true;
         driver.m_responseBodyTypeToBeInspected.m_value.clear();
       }
-#line 3124 "seclang-parser.cc"
+#line 3135 "seclang-parser.cc"
     break;
 
   case 143: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_OFF"
-#line 1665 "seclang-parser.yy"
+#line 1676 "seclang-parser.yy"
       {
         driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean;
       }
-#line 3132 "seclang-parser.cc"
+#line 3143 "seclang-parser.cc"
     break;
 
   case 144: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_ON"
-#line 1669 "seclang-parser.yy"
+#line 1680 "seclang-parser.yy"
       {
         driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean;
       }
-#line 3140 "seclang-parser.cc"
+#line 3151 "seclang-parser.cc"
     break;
 
   case 145: // expression: "CONGIG_DIR_SEC_TMP_DIR"
-#line 1673 "seclang-parser.yy"
+#line 1684 "seclang-parser.yy"
       {
 /* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
         std::stringstream ss;
@@ -3151,31 +3162,31 @@ namespace yy {
         YYERROR;
 */
       }
-#line 3155 "seclang-parser.cc"
+#line 3166 "seclang-parser.cc"
     break;
 
   case 148: // expression: "CONGIG_DIR_SEC_COOKIE_FORMAT"
-#line 1694 "seclang-parser.yy"
+#line 1705 "seclang-parser.yy"
       {
         if (atoi(yystack_[0].value.as < std::string > ().c_str()) == 1) {
           driver.error(yystack_[1].location, "SecCookieFormat 1 is not yet supported.");
           YYERROR;
         }
       }
-#line 3166 "seclang-parser.cc"
+#line 3177 "seclang-parser.cc"
     break;
 
   case 149: // expression: "CONFIG_SEC_COOKIEV0_SEPARATOR"
-#line 1701 "seclang-parser.yy"
+#line 1712 "seclang-parser.yy"
       {
         driver.error(yystack_[1].location, "SecCookieV0Separator is not yet supported.");
         YYERROR;
       }
-#line 3175 "seclang-parser.cc"
+#line 3186 "seclang-parser.cc"
     break;
 
   case 151: // expression: "CONFIG_DIR_UNICODE_MAP_FILE"
-#line 1711 "seclang-parser.yy"
+#line 1722 "seclang-parser.yy"
       {
         std::string error;
         std::vector<std::string> param;
@@ -3229,31 +3240,31 @@ namespace yy {
         }
 
       }
-#line 3233 "seclang-parser.cc"
+#line 3244 "seclang-parser.cc"
     break;
 
   case 152: // expression: "CONFIG_SEC_COLLECTION_TIMEOUT"
-#line 1765 "seclang-parser.yy"
+#line 1776 "seclang-parser.yy"
       {
 /* Parser error disabled to avoid breaking default CRS installations with crs-setup.conf-recommended
         driver.error(@0, "SecCollectionTimeout is not yet supported.");
         YYERROR;
 */
       }
-#line 3244 "seclang-parser.cc"
+#line 3255 "seclang-parser.cc"
     break;
 
   case 153: // expression: "CONFIG_SEC_HTTP_BLKEY"
-#line 1772 "seclang-parser.yy"
+#line 1783 "seclang-parser.yy"
       {
         driver.m_httpblKey.m_set = true;
         driver.m_httpblKey.m_value = yystack_[0].value.as < std::string > ();
       }
-#line 3253 "seclang-parser.cc"
+#line 3264 "seclang-parser.cc"
     break;
 
   case 154: // variables: variables_pre_process
-#line 1780 "seclang-parser.yy"
+#line 1791 "seclang-parser.yy"
       {
         std::unique_ptr<std::vector<std::unique_ptr<Variable> > > originalList = std::move(yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ());
         std::unique_ptr<std::vector<std::unique_ptr<Variable>>> newList(new std::vector<std::unique_ptr<Variable>>());
@@ -3287,2371 +3298,2371 @@ namespace yy {
         }
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(newNewList);
       }
-#line 3291 "seclang-parser.cc"
+#line 3302 "seclang-parser.cc"
     break;
 
   case 155: // variables_pre_process: variables_may_be_quoted
-#line 1817 "seclang-parser.yy"
+#line 1828 "seclang-parser.yy"
       {
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(yystack_[0].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ());
       }
-#line 3299 "seclang-parser.cc"
+#line 3310 "seclang-parser.cc"
     break;
 
   case 156: // variables_pre_process: "QUOTATION_MARK" variables_may_be_quoted "QUOTATION_MARK"
-#line 1821 "seclang-parser.yy"
+#line 1832 "seclang-parser.yy"
       {
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(yystack_[1].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ());
       }
-#line 3307 "seclang-parser.cc"
+#line 3318 "seclang-parser.cc"
     break;
 
   case 157: // variables_may_be_quoted: variables_may_be_quoted PIPE var
-#line 1828 "seclang-parser.yy"
+#line 1839 "seclang-parser.yy"
       {
         yystack_[2].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ()->push_back(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ()));
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(yystack_[2].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ());
       }
-#line 3316 "seclang-parser.cc"
+#line 3327 "seclang-parser.cc"
     break;
 
   case 158: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_EXCLUSION var
-#line 1833 "seclang-parser.yy"
+#line 1844 "seclang-parser.yy"
       {
         std::unique_ptr<Variable> c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
         yystack_[3].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ()->push_back(std::move(c));
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(yystack_[3].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ());
       }
-#line 3326 "seclang-parser.cc"
+#line 3337 "seclang-parser.cc"
     break;
 
   case 159: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_COUNT var
-#line 1839 "seclang-parser.yy"
+#line 1850 "seclang-parser.yy"
       {
         std::unique_ptr<Variable> c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
         yystack_[3].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ()->push_back(std::move(c));
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(yystack_[3].value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > ());
       }
-#line 3336 "seclang-parser.cc"
+#line 3347 "seclang-parser.cc"
     break;
 
   case 160: // variables_may_be_quoted: var
-#line 1845 "seclang-parser.yy"
+#line 1856 "seclang-parser.yy"
       {
         std::unique_ptr<std::vector<std::unique_ptr<Variable>>> b(new std::vector<std::unique_ptr<Variable>>());
         b->push_back(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ()));
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(b);
       }
-#line 3346 "seclang-parser.cc"
-    break;
-
-  case 161: // variables_may_be_quoted: VAR_EXCLUSION var
-#line 1851 "seclang-parser.yy"
-      {
-        std::unique_ptr<std::vector<std::unique_ptr<Variable>>> b(new std::vector<std::unique_ptr<Variable>>());
-        std::unique_ptr<Variable> c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
-        b->push_back(std::move(c));
-        yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(b);
-      }
 #line 3357 "seclang-parser.cc"
     break;
 
-  case 162: // variables_may_be_quoted: VAR_COUNT var
-#line 1858 "seclang-parser.yy"
+  case 161: // variables_may_be_quoted: VAR_EXCLUSION var
+#line 1862 "seclang-parser.yy"
       {
         std::unique_ptr<std::vector<std::unique_ptr<Variable>>> b(new std::vector<std::unique_ptr<Variable>>());
-        std::unique_ptr<Variable> c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
+        std::unique_ptr<Variable> c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
         b->push_back(std::move(c));
         yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(b);
       }
 #line 3368 "seclang-parser.cc"
     break;
 
+  case 162: // variables_may_be_quoted: VAR_COUNT var
+#line 1869 "seclang-parser.yy"
+      {
+        std::unique_ptr<std::vector<std::unique_ptr<Variable>>> b(new std::vector<std::unique_ptr<Variable>>());
+        std::unique_ptr<Variable> c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
+        b->push_back(std::move(c));
+        yylhs.value.as < std::unique_ptr<std::vector<std::unique_ptr<Variable> > >  > () = std::move(b);
+      }
+#line 3379 "seclang-parser.cc"
+    break;
+
   case 163: // var: VARIABLE_ARGS "Dictionary element"
-#line 1868 "seclang-parser.yy"
+#line 1879 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Args_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3376 "seclang-parser.cc"
+#line 3387 "seclang-parser.cc"
     break;
 
   case 164: // var: VARIABLE_ARGS "Dictionary element, selected by regexp"
-#line 1872 "seclang-parser.yy"
+#line 1883 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Args_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3384 "seclang-parser.cc"
+#line 3395 "seclang-parser.cc"
     break;
 
   case 165: // var: VARIABLE_ARGS
-#line 1876 "seclang-parser.yy"
+#line 1887 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Args_NoDictElement());
       }
-#line 3392 "seclang-parser.cc"
+#line 3403 "seclang-parser.cc"
     break;
 
   case 166: // var: VARIABLE_ARGS_POST "Dictionary element"
-#line 1880 "seclang-parser.yy"
+#line 1891 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsPost_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3400 "seclang-parser.cc"
+#line 3411 "seclang-parser.cc"
     break;
 
   case 167: // var: VARIABLE_ARGS_POST "Dictionary element, selected by regexp"
-#line 1884 "seclang-parser.yy"
+#line 1895 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsPost_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3408 "seclang-parser.cc"
+#line 3419 "seclang-parser.cc"
     break;
 
   case 168: // var: VARIABLE_ARGS_POST
-#line 1888 "seclang-parser.yy"
+#line 1899 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsPost_NoDictElement());
       }
-#line 3416 "seclang-parser.cc"
+#line 3427 "seclang-parser.cc"
     break;
 
   case 169: // var: VARIABLE_ARGS_GET "Dictionary element"
-#line 1892 "seclang-parser.yy"
+#line 1903 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsGet_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3424 "seclang-parser.cc"
+#line 3435 "seclang-parser.cc"
     break;
 
   case 170: // var: VARIABLE_ARGS_GET "Dictionary element, selected by regexp"
-#line 1896 "seclang-parser.yy"
+#line 1907 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsGet_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3432 "seclang-parser.cc"
+#line 3443 "seclang-parser.cc"
     break;
 
   case 171: // var: VARIABLE_ARGS_GET
-#line 1900 "seclang-parser.yy"
+#line 1911 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsGet_NoDictElement());
       }
-#line 3440 "seclang-parser.cc"
+#line 3451 "seclang-parser.cc"
     break;
 
   case 172: // var: VARIABLE_FILES_SIZES "Dictionary element"
-#line 1904 "seclang-parser.yy"
+#line 1915 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesSizes_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3448 "seclang-parser.cc"
+#line 3459 "seclang-parser.cc"
     break;
 
   case 173: // var: VARIABLE_FILES_SIZES "Dictionary element, selected by regexp"
-#line 1908 "seclang-parser.yy"
+#line 1919 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesSizes_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3456 "seclang-parser.cc"
+#line 3467 "seclang-parser.cc"
     break;
 
   case 174: // var: VARIABLE_FILES_SIZES
-#line 1912 "seclang-parser.yy"
+#line 1923 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesSizes_NoDictElement());
       }
-#line 3464 "seclang-parser.cc"
+#line 3475 "seclang-parser.cc"
     break;
 
   case 175: // var: VARIABLE_FILES_NAMES "Dictionary element"
-#line 1916 "seclang-parser.yy"
+#line 1927 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3472 "seclang-parser.cc"
+#line 3483 "seclang-parser.cc"
     break;
 
   case 176: // var: VARIABLE_FILES_NAMES "Dictionary element, selected by regexp"
-#line 1920 "seclang-parser.yy"
+#line 1931 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3480 "seclang-parser.cc"
+#line 3491 "seclang-parser.cc"
     break;
 
   case 177: // var: VARIABLE_FILES_NAMES
-#line 1924 "seclang-parser.yy"
+#line 1935 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesNames_NoDictElement());
       }
-#line 3488 "seclang-parser.cc"
+#line 3499 "seclang-parser.cc"
     break;
 
   case 178: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element"
-#line 1928 "seclang-parser.yy"
+#line 1939 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesTmpContent_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3496 "seclang-parser.cc"
+#line 3507 "seclang-parser.cc"
     break;
 
   case 179: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element, selected by regexp"
-#line 1932 "seclang-parser.yy"
+#line 1943 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesTmpContent_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3504 "seclang-parser.cc"
+#line 3515 "seclang-parser.cc"
     break;
 
   case 180: // var: VARIABLE_FILES_TMP_CONTENT
-#line 1936 "seclang-parser.yy"
+#line 1947 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesTmpContent_NoDictElement());
       }
-#line 3512 "seclang-parser.cc"
+#line 3523 "seclang-parser.cc"
     break;
 
   case 181: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element"
-#line 1940 "seclang-parser.yy"
+#line 1951 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultiPartFileName_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3520 "seclang-parser.cc"
+#line 3531 "seclang-parser.cc"
     break;
 
   case 182: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element, selected by regexp"
-#line 1944 "seclang-parser.yy"
+#line 1955 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultiPartFileName_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3528 "seclang-parser.cc"
+#line 3539 "seclang-parser.cc"
     break;
 
   case 183: // var: VARIABLE_MULTIPART_FILENAME
-#line 1948 "seclang-parser.yy"
+#line 1959 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultiPartFileName_NoDictElement());
       }
-#line 3536 "seclang-parser.cc"
+#line 3547 "seclang-parser.cc"
     break;
 
   case 184: // var: VARIABLE_MULTIPART_NAME "Dictionary element"
-#line 1952 "seclang-parser.yy"
+#line 1963 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultiPartName_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3544 "seclang-parser.cc"
+#line 3555 "seclang-parser.cc"
     break;
 
   case 185: // var: VARIABLE_MULTIPART_NAME "Dictionary element, selected by regexp"
-#line 1956 "seclang-parser.yy"
+#line 1967 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultiPartName_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3552 "seclang-parser.cc"
+#line 3563 "seclang-parser.cc"
     break;
 
   case 186: // var: VARIABLE_MULTIPART_NAME
-#line 1960 "seclang-parser.yy"
+#line 1971 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultiPartName_NoDictElement());
       }
-#line 3560 "seclang-parser.cc"
+#line 3571 "seclang-parser.cc"
     break;
 
   case 187: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element"
-#line 1964 "seclang-parser.yy"
+#line 1975 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVarsNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3568 "seclang-parser.cc"
+#line 3579 "seclang-parser.cc"
     break;
 
   case 188: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element, selected by regexp"
-#line 1968 "seclang-parser.yy"
+#line 1979 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVarsNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3576 "seclang-parser.cc"
+#line 3587 "seclang-parser.cc"
     break;
 
   case 189: // var: VARIABLE_MATCHED_VARS_NAMES
-#line 1972 "seclang-parser.yy"
+#line 1983 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVarsNames_NoDictElement());
       }
-#line 3584 "seclang-parser.cc"
+#line 3595 "seclang-parser.cc"
     break;
 
   case 190: // var: VARIABLE_MATCHED_VARS "Dictionary element"
-#line 1976 "seclang-parser.yy"
+#line 1987 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVars_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3592 "seclang-parser.cc"
+#line 3603 "seclang-parser.cc"
     break;
 
   case 191: // var: VARIABLE_MATCHED_VARS "Dictionary element, selected by regexp"
-#line 1980 "seclang-parser.yy"
+#line 1991 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVars_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3600 "seclang-parser.cc"
+#line 3611 "seclang-parser.cc"
     break;
 
   case 192: // var: VARIABLE_MATCHED_VARS
-#line 1984 "seclang-parser.yy"
+#line 1995 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVars_NoDictElement());
       }
-#line 3608 "seclang-parser.cc"
+#line 3619 "seclang-parser.cc"
     break;
 
   case 193: // var: VARIABLE_FILES "Dictionary element"
-#line 1988 "seclang-parser.yy"
+#line 1999 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Files_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3616 "seclang-parser.cc"
+#line 3627 "seclang-parser.cc"
     break;
 
   case 194: // var: VARIABLE_FILES "Dictionary element, selected by regexp"
-#line 1992 "seclang-parser.yy"
+#line 2003 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Files_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3624 "seclang-parser.cc"
+#line 3635 "seclang-parser.cc"
     break;
 
   case 195: // var: VARIABLE_FILES
-#line 1996 "seclang-parser.yy"
+#line 2007 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Files_NoDictElement());
       }
-#line 3632 "seclang-parser.cc"
+#line 3643 "seclang-parser.cc"
     break;
 
   case 196: // var: VARIABLE_REQUEST_COOKIES "Dictionary element"
-#line 2000 "seclang-parser.yy"
+#line 2011 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestCookies_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3640 "seclang-parser.cc"
+#line 3651 "seclang-parser.cc"
     break;
 
   case 197: // var: VARIABLE_REQUEST_COOKIES "Dictionary element, selected by regexp"
-#line 2004 "seclang-parser.yy"
+#line 2015 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestCookies_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3648 "seclang-parser.cc"
+#line 3659 "seclang-parser.cc"
     break;
 
   case 198: // var: VARIABLE_REQUEST_COOKIES
-#line 2008 "seclang-parser.yy"
+#line 2019 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestCookies_NoDictElement());
       }
-#line 3656 "seclang-parser.cc"
+#line 3667 "seclang-parser.cc"
     break;
 
   case 199: // var: VARIABLE_REQUEST_HEADERS "Dictionary element"
-#line 2012 "seclang-parser.yy"
+#line 2023 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestHeaders_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3664 "seclang-parser.cc"
+#line 3675 "seclang-parser.cc"
     break;
 
   case 200: // var: VARIABLE_REQUEST_HEADERS "Dictionary element, selected by regexp"
-#line 2016 "seclang-parser.yy"
+#line 2027 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3672 "seclang-parser.cc"
+#line 3683 "seclang-parser.cc"
     break;
 
   case 201: // var: VARIABLE_REQUEST_HEADERS
-#line 2020 "seclang-parser.yy"
+#line 2031 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestHeaders_NoDictElement());
       }
-#line 3680 "seclang-parser.cc"
+#line 3691 "seclang-parser.cc"
     break;
 
   case 202: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element"
-#line 2024 "seclang-parser.yy"
+#line 2035 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseHeaders_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3688 "seclang-parser.cc"
+#line 3699 "seclang-parser.cc"
     break;
 
   case 203: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element, selected by regexp"
-#line 2028 "seclang-parser.yy"
+#line 2039 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3696 "seclang-parser.cc"
+#line 3707 "seclang-parser.cc"
     break;
 
   case 204: // var: VARIABLE_RESPONSE_HEADERS
-#line 2032 "seclang-parser.yy"
+#line 2043 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseHeaders_NoDictElement());
       }
-#line 3704 "seclang-parser.cc"
+#line 3715 "seclang-parser.cc"
     break;
 
   case 205: // var: VARIABLE_GEO "Dictionary element"
-#line 2036 "seclang-parser.yy"
+#line 2047 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Geo_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3712 "seclang-parser.cc"
+#line 3723 "seclang-parser.cc"
     break;
 
   case 206: // var: VARIABLE_GEO "Dictionary element, selected by regexp"
-#line 2040 "seclang-parser.yy"
+#line 2051 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Geo_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3720 "seclang-parser.cc"
+#line 3731 "seclang-parser.cc"
     break;
 
   case 207: // var: VARIABLE_GEO
-#line 2044 "seclang-parser.yy"
+#line 2055 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Geo_NoDictElement());
       }
-#line 3728 "seclang-parser.cc"
+#line 3739 "seclang-parser.cc"
     break;
 
   case 208: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element"
-#line 2048 "seclang-parser.yy"
+#line 2059 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestCookiesNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3736 "seclang-parser.cc"
+#line 3747 "seclang-parser.cc"
     break;
 
   case 209: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element, selected by regexp"
-#line 2052 "seclang-parser.yy"
+#line 2063 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestCookiesNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3744 "seclang-parser.cc"
+#line 3755 "seclang-parser.cc"
     break;
 
   case 210: // var: VARIABLE_REQUEST_COOKIES_NAMES
-#line 2056 "seclang-parser.yy"
+#line 2067 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestCookiesNames_NoDictElement());
       }
-#line 3752 "seclang-parser.cc"
+#line 3763 "seclang-parser.cc"
     break;
 
   case 211: // var: VARIABLE_RULE "Dictionary element"
-#line 2060 "seclang-parser.yy"
+#line 2071 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Rule_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3760 "seclang-parser.cc"
+#line 3771 "seclang-parser.cc"
     break;
 
   case 212: // var: VARIABLE_RULE "Dictionary element, selected by regexp"
-#line 2064 "seclang-parser.yy"
+#line 2075 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Rule_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3768 "seclang-parser.cc"
+#line 3779 "seclang-parser.cc"
     break;
 
   case 213: // var: VARIABLE_RULE
-#line 2068 "seclang-parser.yy"
+#line 2079 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Rule_NoDictElement());
       }
-#line 3776 "seclang-parser.cc"
+#line 3787 "seclang-parser.cc"
     break;
 
   case 214: // var: "RUN_TIME_VAR_ENV" "Dictionary element"
-#line 2072 "seclang-parser.yy"
+#line 2083 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ()));
       }
-#line 3784 "seclang-parser.cc"
+#line 3795 "seclang-parser.cc"
     break;
 
   case 215: // var: "RUN_TIME_VAR_ENV" "Dictionary element, selected by regexp"
-#line 2076 "seclang-parser.yy"
+#line 2087 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ()));
       }
-#line 3792 "seclang-parser.cc"
+#line 3803 "seclang-parser.cc"
     break;
 
   case 216: // var: "RUN_TIME_VAR_ENV"
-#line 2080 "seclang-parser.yy"
+#line 2091 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Env("ENV"));
       }
-#line 3800 "seclang-parser.cc"
+#line 3811 "seclang-parser.cc"
     break;
 
   case 217: // var: "RUN_TIME_VAR_XML" "Dictionary element"
-#line 2084 "seclang-parser.yy"
+#line 2095 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::XML("XML:" + yystack_[0].value.as < std::string > ()));
       }
-#line 3808 "seclang-parser.cc"
+#line 3819 "seclang-parser.cc"
     break;
 
   case 218: // var: "RUN_TIME_VAR_XML" "Dictionary element, selected by regexp"
-#line 2088 "seclang-parser.yy"
+#line 2099 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::XML("XML:" + yystack_[0].value.as < std::string > ()));
       }
-#line 3816 "seclang-parser.cc"
+#line 3827 "seclang-parser.cc"
     break;
 
   case 219: // var: "RUN_TIME_VAR_XML"
-#line 2092 "seclang-parser.yy"
+#line 2103 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::XML_NoDictElement());
       }
-#line 3824 "seclang-parser.cc"
+#line 3835 "seclang-parser.cc"
     break;
 
   case 220: // var: "FILES_TMPNAMES" "Dictionary element"
-#line 2096 "seclang-parser.yy"
+#line 2107 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesTmpNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3832 "seclang-parser.cc"
+#line 3843 "seclang-parser.cc"
     break;
 
   case 221: // var: "FILES_TMPNAMES" "Dictionary element, selected by regexp"
-#line 2100 "seclang-parser.yy"
+#line 2111 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesTmpNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3840 "seclang-parser.cc"
+#line 3851 "seclang-parser.cc"
     break;
 
   case 222: // var: "FILES_TMPNAMES"
-#line 2104 "seclang-parser.yy"
+#line 2115 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesTmpNames_NoDictElement());
       }
-#line 3848 "seclang-parser.cc"
+#line 3859 "seclang-parser.cc"
     break;
 
   case 223: // var: "RESOURCE" run_time_string
-#line 2108 "seclang-parser.yy"
+#line 2119 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Resource_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 3856 "seclang-parser.cc"
+#line 3867 "seclang-parser.cc"
     break;
 
   case 224: // var: "RESOURCE" "Dictionary element"
-#line 2112 "seclang-parser.yy"
+#line 2123 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Resource_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3864 "seclang-parser.cc"
+#line 3875 "seclang-parser.cc"
     break;
 
   case 225: // var: "RESOURCE" "Dictionary element, selected by regexp"
-#line 2116 "seclang-parser.yy"
+#line 2127 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Resource_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3872 "seclang-parser.cc"
+#line 3883 "seclang-parser.cc"
     break;
 
   case 226: // var: "RESOURCE"
-#line 2120 "seclang-parser.yy"
+#line 2131 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Resource_NoDictElement());
       }
-#line 3880 "seclang-parser.cc"
+#line 3891 "seclang-parser.cc"
     break;
 
   case 227: // var: "VARIABLE_IP" run_time_string
-#line 2124 "seclang-parser.yy"
+#line 2135 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Ip_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 3888 "seclang-parser.cc"
+#line 3899 "seclang-parser.cc"
     break;
 
   case 228: // var: "VARIABLE_IP" "Dictionary element"
-#line 2128 "seclang-parser.yy"
+#line 2139 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Ip_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3896 "seclang-parser.cc"
+#line 3907 "seclang-parser.cc"
     break;
 
   case 229: // var: "VARIABLE_IP" "Dictionary element, selected by regexp"
-#line 2132 "seclang-parser.yy"
+#line 2143 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Ip_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3904 "seclang-parser.cc"
+#line 3915 "seclang-parser.cc"
     break;
 
   case 230: // var: "VARIABLE_IP"
-#line 2136 "seclang-parser.yy"
+#line 2147 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Ip_NoDictElement());
       }
-#line 3912 "seclang-parser.cc"
+#line 3923 "seclang-parser.cc"
     break;
 
   case 231: // var: "VARIABLE_GLOBAL" run_time_string
-#line 2140 "seclang-parser.yy"
+#line 2151 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Global_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 3920 "seclang-parser.cc"
+#line 3931 "seclang-parser.cc"
     break;
 
   case 232: // var: "VARIABLE_GLOBAL" "Dictionary element"
-#line 2144 "seclang-parser.yy"
+#line 2155 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Global_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3928 "seclang-parser.cc"
+#line 3939 "seclang-parser.cc"
     break;
 
   case 233: // var: "VARIABLE_GLOBAL" "Dictionary element, selected by regexp"
-#line 2148 "seclang-parser.yy"
+#line 2159 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Global_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3936 "seclang-parser.cc"
+#line 3947 "seclang-parser.cc"
     break;
 
   case 234: // var: "VARIABLE_GLOBAL"
-#line 2152 "seclang-parser.yy"
+#line 2163 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Global_NoDictElement());
       }
-#line 3944 "seclang-parser.cc"
+#line 3955 "seclang-parser.cc"
     break;
 
   case 235: // var: "VARIABLE_USER" run_time_string
-#line 2156 "seclang-parser.yy"
+#line 2167 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::User_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 3952 "seclang-parser.cc"
+#line 3963 "seclang-parser.cc"
     break;
 
   case 236: // var: "VARIABLE_USER" "Dictionary element"
-#line 2160 "seclang-parser.yy"
+#line 2171 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::User_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3960 "seclang-parser.cc"
+#line 3971 "seclang-parser.cc"
     break;
 
   case 237: // var: "VARIABLE_USER" "Dictionary element, selected by regexp"
-#line 2164 "seclang-parser.yy"
+#line 2175 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::User_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 3968 "seclang-parser.cc"
+#line 3979 "seclang-parser.cc"
     break;
 
   case 238: // var: "VARIABLE_USER"
-#line 2168 "seclang-parser.yy"
+#line 2179 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::User_NoDictElement());
       }
-#line 3976 "seclang-parser.cc"
+#line 3987 "seclang-parser.cc"
     break;
 
   case 239: // var: "VARIABLE_TX" run_time_string
-#line 2172 "seclang-parser.yy"
+#line 2183 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Tx_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 3984 "seclang-parser.cc"
+#line 3995 "seclang-parser.cc"
     break;
 
   case 240: // var: "VARIABLE_TX" "Dictionary element"
-#line 2176 "seclang-parser.yy"
+#line 2187 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Tx_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 3992 "seclang-parser.cc"
+#line 4003 "seclang-parser.cc"
     break;
 
   case 241: // var: "VARIABLE_TX" "Dictionary element, selected by regexp"
-#line 2180 "seclang-parser.yy"
+#line 2191 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Tx_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4000 "seclang-parser.cc"
+#line 4011 "seclang-parser.cc"
     break;
 
   case 242: // var: "VARIABLE_TX"
-#line 2184 "seclang-parser.yy"
+#line 2195 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Tx_NoDictElement());
       }
-#line 4008 "seclang-parser.cc"
+#line 4019 "seclang-parser.cc"
     break;
 
   case 243: // var: "VARIABLE_SESSION" run_time_string
-#line 2188 "seclang-parser.yy"
+#line 2199 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Session_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 4016 "seclang-parser.cc"
+#line 4027 "seclang-parser.cc"
     break;
 
   case 244: // var: "VARIABLE_SESSION" "Dictionary element"
-#line 2192 "seclang-parser.yy"
+#line 2203 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Session_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 4024 "seclang-parser.cc"
+#line 4035 "seclang-parser.cc"
     break;
 
   case 245: // var: "VARIABLE_SESSION" "Dictionary element, selected by regexp"
-#line 2196 "seclang-parser.yy"
+#line 2207 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Session_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4032 "seclang-parser.cc"
+#line 4043 "seclang-parser.cc"
     break;
 
   case 246: // var: "VARIABLE_SESSION"
-#line 2200 "seclang-parser.yy"
+#line 2211 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Session_NoDictElement());
       }
-#line 4040 "seclang-parser.cc"
+#line 4051 "seclang-parser.cc"
     break;
 
   case 247: // var: "Variable ARGS_NAMES" "Dictionary element"
-#line 2204 "seclang-parser.yy"
+#line 2215 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 4048 "seclang-parser.cc"
+#line 4059 "seclang-parser.cc"
     break;
 
   case 248: // var: "Variable ARGS_NAMES" "Dictionary element, selected by regexp"
-#line 2208 "seclang-parser.yy"
+#line 2219 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4056 "seclang-parser.cc"
+#line 4067 "seclang-parser.cc"
     break;
 
   case 249: // var: "Variable ARGS_NAMES"
-#line 2212 "seclang-parser.yy"
+#line 2223 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsNames_NoDictElement());
       }
-#line 4064 "seclang-parser.cc"
+#line 4075 "seclang-parser.cc"
     break;
 
   case 250: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element"
-#line 2216 "seclang-parser.yy"
+#line 2227 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsGetNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 4072 "seclang-parser.cc"
+#line 4083 "seclang-parser.cc"
     break;
 
   case 251: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element, selected by regexp"
-#line 2220 "seclang-parser.yy"
+#line 2231 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsGetNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4080 "seclang-parser.cc"
+#line 4091 "seclang-parser.cc"
     break;
 
   case 252: // var: VARIABLE_ARGS_GET_NAMES
-#line 2224 "seclang-parser.yy"
+#line 2235 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsGetNames_NoDictElement());
       }
-#line 4088 "seclang-parser.cc"
+#line 4099 "seclang-parser.cc"
     break;
 
   case 253: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element"
-#line 2229 "seclang-parser.yy"
+#line 2240 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsPostNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 4096 "seclang-parser.cc"
+#line 4107 "seclang-parser.cc"
     break;
 
   case 254: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element, selected by regexp"
-#line 2233 "seclang-parser.yy"
+#line 2244 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsPostNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4104 "seclang-parser.cc"
+#line 4115 "seclang-parser.cc"
     break;
 
   case 255: // var: VARIABLE_ARGS_POST_NAMES
-#line 2237 "seclang-parser.yy"
+#line 2248 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsPostNames_NoDictElement());
       }
-#line 4112 "seclang-parser.cc"
+#line 4123 "seclang-parser.cc"
     break;
 
   case 256: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element"
-#line 2242 "seclang-parser.yy"
+#line 2253 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestHeadersNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 4120 "seclang-parser.cc"
+#line 4131 "seclang-parser.cc"
     break;
 
   case 257: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element, selected by regexp"
-#line 2246 "seclang-parser.yy"
+#line 2257 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4128 "seclang-parser.cc"
+#line 4139 "seclang-parser.cc"
     break;
 
   case 258: // var: VARIABLE_REQUEST_HEADERS_NAMES
-#line 2250 "seclang-parser.yy"
+#line 2261 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestHeadersNames_NoDictElement());
       }
-#line 4136 "seclang-parser.cc"
+#line 4147 "seclang-parser.cc"
     break;
 
   case 259: // var: VARIABLE_RESPONSE_CONTENT_TYPE
-#line 2255 "seclang-parser.yy"
+#line 2266 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseContentType());
       }
-#line 4144 "seclang-parser.cc"
+#line 4155 "seclang-parser.cc"
     break;
 
   case 260: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element"
-#line 2260 "seclang-parser.yy"
+#line 2271 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseHeadersNames_DictElement(yystack_[0].value.as < std::string > ()));
       }
-#line 4152 "seclang-parser.cc"
+#line 4163 "seclang-parser.cc"
     break;
 
   case 261: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element, selected by regexp"
-#line 2264 "seclang-parser.yy"
+#line 2275 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ()));
       }
-#line 4160 "seclang-parser.cc"
+#line 4171 "seclang-parser.cc"
     break;
 
   case 262: // var: VARIABLE_RESPONSE_HEADERS_NAMES
-#line 2268 "seclang-parser.yy"
+#line 2279 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseHeadersNames_NoDictElement());
       }
-#line 4168 "seclang-parser.cc"
+#line 4179 "seclang-parser.cc"
     break;
 
   case 263: // var: VARIABLE_ARGS_COMBINED_SIZE
-#line 2272 "seclang-parser.yy"
+#line 2283 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ArgsCombinedSize());
       }
-#line 4176 "seclang-parser.cc"
+#line 4187 "seclang-parser.cc"
     break;
 
   case 264: // var: "AUTH_TYPE"
-#line 2276 "seclang-parser.yy"
+#line 2287 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::AuthType());
       }
-#line 4184 "seclang-parser.cc"
+#line 4195 "seclang-parser.cc"
     break;
 
   case 265: // var: "FILES_COMBINED_SIZE"
-#line 2280 "seclang-parser.yy"
+#line 2291 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FilesCombinedSize());
       }
-#line 4192 "seclang-parser.cc"
+#line 4203 "seclang-parser.cc"
     break;
 
   case 266: // var: "FULL_REQUEST"
-#line 2284 "seclang-parser.yy"
+#line 2295 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FullRequest());
       }
-#line 4200 "seclang-parser.cc"
+#line 4211 "seclang-parser.cc"
     break;
 
   case 267: // var: "FULL_REQUEST_LENGTH"
-#line 2288 "seclang-parser.yy"
+#line 2299 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::FullRequestLength());
       }
-#line 4208 "seclang-parser.cc"
+#line 4219 "seclang-parser.cc"
     break;
 
   case 268: // var: "INBOUND_DATA_ERROR"
-#line 2292 "seclang-parser.yy"
+#line 2303 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::InboundDataError());
       }
-#line 4216 "seclang-parser.cc"
+#line 4227 "seclang-parser.cc"
     break;
 
   case 269: // var: "MATCHED_VAR"
-#line 2296 "seclang-parser.yy"
+#line 2307 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVar());
       }
-#line 4224 "seclang-parser.cc"
+#line 4235 "seclang-parser.cc"
     break;
 
   case 270: // var: "MATCHED_VAR_NAME"
-#line 2300 "seclang-parser.yy"
+#line 2311 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MatchedVarName());
       }
-#line 4232 "seclang-parser.cc"
+#line 4243 "seclang-parser.cc"
     break;
 
   case 271: // var: VARIABLE_MULTIPART_BOUNDARY_QUOTED
-#line 2304 "seclang-parser.yy"
+#line 2315 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartBoundaryQuoted());
       }
-#line 4240 "seclang-parser.cc"
+#line 4251 "seclang-parser.cc"
     break;
 
   case 272: // var: VARIABLE_MULTIPART_BOUNDARY_WHITESPACE
-#line 2308 "seclang-parser.yy"
+#line 2319 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartBoundaryWhiteSpace());
       }
-#line 4248 "seclang-parser.cc"
+#line 4259 "seclang-parser.cc"
     break;
 
   case 273: // var: "MULTIPART_CRLF_LF_LINES"
-#line 2312 "seclang-parser.yy"
+#line 2323 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartCrlfLFLines());
       }
-#line 4256 "seclang-parser.cc"
+#line 4267 "seclang-parser.cc"
     break;
 
   case 274: // var: "MULTIPART_DATA_AFTER"
-#line 2316 "seclang-parser.yy"
+#line 2327 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartDateAfter());
       }
-#line 4264 "seclang-parser.cc"
+#line 4275 "seclang-parser.cc"
     break;
 
   case 275: // var: VARIABLE_MULTIPART_DATA_BEFORE
-#line 2320 "seclang-parser.yy"
+#line 2331 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartDateBefore());
       }
-#line 4272 "seclang-parser.cc"
+#line 4283 "seclang-parser.cc"
     break;
 
   case 276: // var: "MULTIPART_FILE_LIMIT_EXCEEDED"
-#line 2324 "seclang-parser.yy"
+#line 2335 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartFileLimitExceeded());
       }
-#line 4280 "seclang-parser.cc"
+#line 4291 "seclang-parser.cc"
     break;
 
   case 277: // var: "MULTIPART_HEADER_FOLDING"
-#line 2328 "seclang-parser.yy"
+#line 2339 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartHeaderFolding());
       }
-#line 4288 "seclang-parser.cc"
+#line 4299 "seclang-parser.cc"
     break;
 
   case 278: // var: "MULTIPART_INVALID_HEADER_FOLDING"
-#line 2332 "seclang-parser.yy"
+#line 2343 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartInvalidHeaderFolding());
       }
-#line 4296 "seclang-parser.cc"
+#line 4307 "seclang-parser.cc"
     break;
 
   case 279: // var: VARIABLE_MULTIPART_INVALID_PART
-#line 2336 "seclang-parser.yy"
+#line 2347 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartInvalidPart());
       }
-#line 4304 "seclang-parser.cc"
+#line 4315 "seclang-parser.cc"
     break;
 
   case 280: // var: "MULTIPART_INVALID_QUOTING"
-#line 2340 "seclang-parser.yy"
+#line 2351 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartInvalidQuoting());
       }
-#line 4312 "seclang-parser.cc"
+#line 4323 "seclang-parser.cc"
     break;
 
   case 281: // var: VARIABLE_MULTIPART_LF_LINE
-#line 2344 "seclang-parser.yy"
+#line 2355 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartLFLine());
       }
-#line 4320 "seclang-parser.cc"
+#line 4331 "seclang-parser.cc"
     break;
 
   case 282: // var: VARIABLE_MULTIPART_MISSING_SEMICOLON
-#line 2348 "seclang-parser.yy"
+#line 2359 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartMissingSemicolon());
       }
-#line 4328 "seclang-parser.cc"
+#line 4339 "seclang-parser.cc"
     break;
 
   case 283: // var: VARIABLE_MULTIPART_SEMICOLON_MISSING
-#line 2352 "seclang-parser.yy"
+#line 2363 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartMissingSemicolon());
       }
-#line 4336 "seclang-parser.cc"
+#line 4347 "seclang-parser.cc"
     break;
 
   case 284: // var: "MULTIPART_STRICT_ERROR"
-#line 2356 "seclang-parser.yy"
+#line 2367 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartStrictError());
       }
-#line 4344 "seclang-parser.cc"
+#line 4355 "seclang-parser.cc"
     break;
 
   case 285: // var: "MULTIPART_UNMATCHED_BOUNDARY"
-#line 2360 "seclang-parser.yy"
+#line 2371 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::MultipartUnmatchedBoundary());
       }
-#line 4352 "seclang-parser.cc"
+#line 4363 "seclang-parser.cc"
     break;
 
   case 286: // var: "OUTBOUND_DATA_ERROR"
-#line 2364 "seclang-parser.yy"
+#line 2375 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::OutboundDataError());
       }
-#line 4360 "seclang-parser.cc"
+#line 4371 "seclang-parser.cc"
     break;
 
   case 287: // var: "PATH_INFO"
-#line 2368 "seclang-parser.yy"
+#line 2379 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::PathInfo());
       }
-#line 4368 "seclang-parser.cc"
+#line 4379 "seclang-parser.cc"
     break;
 
   case 288: // var: "QUERY_STRING"
-#line 2372 "seclang-parser.yy"
+#line 2383 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::QueryString());
       }
-#line 4376 "seclang-parser.cc"
+#line 4387 "seclang-parser.cc"
     break;
 
   case 289: // var: "REMOTE_ADDR"
-#line 2376 "seclang-parser.yy"
+#line 2387 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RemoteAddr());
       }
-#line 4384 "seclang-parser.cc"
+#line 4395 "seclang-parser.cc"
     break;
 
   case 290: // var: "REMOTE_HOST"
-#line 2380 "seclang-parser.yy"
+#line 2391 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RemoteHost());
       }
-#line 4392 "seclang-parser.cc"
+#line 4403 "seclang-parser.cc"
     break;
 
   case 291: // var: "REMOTE_PORT"
-#line 2384 "seclang-parser.yy"
+#line 2395 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RemotePort());
       }
-#line 4400 "seclang-parser.cc"
+#line 4411 "seclang-parser.cc"
     break;
 
   case 292: // var: "REQBODY_ERROR"
-#line 2388 "seclang-parser.yy"
+#line 2399 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ReqbodyError());
       }
-#line 4408 "seclang-parser.cc"
+#line 4419 "seclang-parser.cc"
     break;
 
   case 293: // var: "REQBODY_ERROR_MSG"
-#line 2392 "seclang-parser.yy"
+#line 2403 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ReqbodyErrorMsg());
       }
-#line 4416 "seclang-parser.cc"
+#line 4427 "seclang-parser.cc"
     break;
 
   case 294: // var: "REQBODY_PROCESSOR"
-#line 2396 "seclang-parser.yy"
+#line 2407 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ReqbodyProcessor());
       }
-#line 4424 "seclang-parser.cc"
+#line 4435 "seclang-parser.cc"
     break;
 
   case 295: // var: "REQBODY_PROCESSOR_ERROR"
-#line 2400 "seclang-parser.yy"
+#line 2411 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ReqbodyProcessorError());
       }
-#line 4432 "seclang-parser.cc"
+#line 4443 "seclang-parser.cc"
     break;
 
   case 296: // var: "REQBODY_PROCESSOR_ERROR_MSG"
-#line 2404 "seclang-parser.yy"
+#line 2415 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ReqbodyProcessorErrorMsg());
       }
-#line 4440 "seclang-parser.cc"
+#line 4451 "seclang-parser.cc"
     break;
 
   case 297: // var: "REQUEST_BASENAME"
-#line 2408 "seclang-parser.yy"
+#line 2419 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestBasename());
       }
-#line 4448 "seclang-parser.cc"
+#line 4459 "seclang-parser.cc"
     break;
 
   case 298: // var: "REQUEST_BODY"
-#line 2412 "seclang-parser.yy"
+#line 2423 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestBody());
       }
-#line 4456 "seclang-parser.cc"
+#line 4467 "seclang-parser.cc"
     break;
 
   case 299: // var: "REQUEST_BODY_LENGTH"
-#line 2416 "seclang-parser.yy"
+#line 2427 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestBodyLength());
       }
-#line 4464 "seclang-parser.cc"
+#line 4475 "seclang-parser.cc"
     break;
 
   case 300: // var: "REQUEST_FILENAME"
-#line 2420 "seclang-parser.yy"
+#line 2431 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestFilename());
       }
-#line 4472 "seclang-parser.cc"
+#line 4483 "seclang-parser.cc"
     break;
 
   case 301: // var: "REQUEST_LINE"
-#line 2424 "seclang-parser.yy"
+#line 2435 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestLine());
       }
-#line 4480 "seclang-parser.cc"
+#line 4491 "seclang-parser.cc"
     break;
 
   case 302: // var: "REQUEST_METHOD"
-#line 2428 "seclang-parser.yy"
+#line 2439 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestMethod());
       }
-#line 4488 "seclang-parser.cc"
+#line 4499 "seclang-parser.cc"
     break;
 
   case 303: // var: "REQUEST_PROTOCOL"
-#line 2432 "seclang-parser.yy"
+#line 2443 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestProtocol());
       }
-#line 4496 "seclang-parser.cc"
+#line 4507 "seclang-parser.cc"
     break;
 
   case 304: // var: "REQUEST_URI"
-#line 2436 "seclang-parser.yy"
+#line 2447 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestURI());
       }
-#line 4504 "seclang-parser.cc"
+#line 4515 "seclang-parser.cc"
     break;
 
   case 305: // var: "REQUEST_URI_RAW"
-#line 2440 "seclang-parser.yy"
+#line 2451 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::RequestURIRaw());
       }
-#line 4512 "seclang-parser.cc"
+#line 4523 "seclang-parser.cc"
     break;
 
   case 306: // var: "RESPONSE_BODY"
-#line 2444 "seclang-parser.yy"
+#line 2455 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseBody());
       }
-#line 4520 "seclang-parser.cc"
+#line 4531 "seclang-parser.cc"
     break;
 
   case 307: // var: "RESPONSE_CONTENT_LENGTH"
-#line 2448 "seclang-parser.yy"
+#line 2459 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseContentLength());
       }
-#line 4528 "seclang-parser.cc"
+#line 4539 "seclang-parser.cc"
     break;
 
   case 308: // var: "RESPONSE_PROTOCOL"
-#line 2452 "seclang-parser.yy"
+#line 2463 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseProtocol());
       }
-#line 4536 "seclang-parser.cc"
+#line 4547 "seclang-parser.cc"
     break;
 
   case 309: // var: "RESPONSE_STATUS"
-#line 2456 "seclang-parser.yy"
+#line 2467 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ResponseStatus());
       }
-#line 4544 "seclang-parser.cc"
+#line 4555 "seclang-parser.cc"
     break;
 
   case 310: // var: "SERVER_ADDR"
-#line 2460 "seclang-parser.yy"
+#line 2471 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ServerAddr());
       }
-#line 4552 "seclang-parser.cc"
+#line 4563 "seclang-parser.cc"
     break;
 
   case 311: // var: "SERVER_NAME"
-#line 2464 "seclang-parser.yy"
+#line 2475 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ServerName());
       }
-#line 4560 "seclang-parser.cc"
+#line 4571 "seclang-parser.cc"
     break;
 
   case 312: // var: "SERVER_PORT"
-#line 2468 "seclang-parser.yy"
+#line 2479 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::ServerPort());
       }
-#line 4568 "seclang-parser.cc"
+#line 4579 "seclang-parser.cc"
     break;
 
   case 313: // var: "SESSIONID"
-#line 2472 "seclang-parser.yy"
+#line 2483 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::SessionID());
       }
-#line 4576 "seclang-parser.cc"
+#line 4587 "seclang-parser.cc"
     break;
 
   case 314: // var: "UNIQUE_ID"
-#line 2476 "seclang-parser.yy"
+#line 2487 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::UniqueID());
       }
-#line 4584 "seclang-parser.cc"
+#line 4595 "seclang-parser.cc"
     break;
 
   case 315: // var: "URLENCODED_ERROR"
-#line 2480 "seclang-parser.yy"
+#line 2491 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::UrlEncodedError());
       }
-#line 4592 "seclang-parser.cc"
+#line 4603 "seclang-parser.cc"
     break;
 
   case 316: // var: "USERID"
-#line 2484 "seclang-parser.yy"
+#line 2495 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::UserID());
       }
-#line 4600 "seclang-parser.cc"
+#line 4611 "seclang-parser.cc"
     break;
 
   case 317: // var: "VARIABLE_STATUS"
-#line 2488 "seclang-parser.yy"
+#line 2499 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Status());
       }
-#line 4608 "seclang-parser.cc"
+#line 4619 "seclang-parser.cc"
     break;
 
   case 318: // var: "VARIABLE_STATUS_LINE"
-#line 2492 "seclang-parser.yy"
+#line 2503 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::Status());
       }
-#line 4616 "seclang-parser.cc"
+#line 4627 "seclang-parser.cc"
     break;
 
   case 319: // var: "WEBAPPID"
-#line 2496 "seclang-parser.yy"
+#line 2507 "seclang-parser.yy"
       {
         VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr<Variable> > (), new variables::WebAppId());
       }
-#line 4624 "seclang-parser.cc"
+#line 4635 "seclang-parser.cc"
     break;
 
   case 320: // var: "RUN_TIME_VAR_DUR"
-#line 2500 "seclang-parser.yy"
+#line 2511 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new Duration(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4635 "seclang-parser.cc"
+#line 4646 "seclang-parser.cc"
     break;
 
   case 321: // var: "RUN_TIME_VAR_BLD"
-#line 2508 "seclang-parser.yy"
+#line 2519 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new ModsecBuild(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4646 "seclang-parser.cc"
+#line 4657 "seclang-parser.cc"
     break;
 
   case 322: // var: "RUN_TIME_VAR_HSV"
-#line 2515 "seclang-parser.yy"
+#line 2526 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new HighestSeverity(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4657 "seclang-parser.cc"
+#line 4668 "seclang-parser.cc"
     break;
 
   case 323: // var: "RUN_TIME_VAR_REMOTE_USER"
-#line 2522 "seclang-parser.yy"
+#line 2533 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new RemoteUser(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4668 "seclang-parser.cc"
+#line 4679 "seclang-parser.cc"
     break;
 
   case 324: // var: "RUN_TIME_VAR_TIME"
-#line 2529 "seclang-parser.yy"
+#line 2540 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new Time(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4679 "seclang-parser.cc"
+#line 4690 "seclang-parser.cc"
     break;
 
   case 325: // var: "RUN_TIME_VAR_TIME_DAY"
-#line 2536 "seclang-parser.yy"
+#line 2547 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeDay(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4690 "seclang-parser.cc"
+#line 4701 "seclang-parser.cc"
     break;
 
   case 326: // var: "RUN_TIME_VAR_TIME_EPOCH"
-#line 2543 "seclang-parser.yy"
+#line 2554 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeEpoch(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4701 "seclang-parser.cc"
+#line 4712 "seclang-parser.cc"
     break;
 
   case 327: // var: "RUN_TIME_VAR_TIME_HOUR"
-#line 2550 "seclang-parser.yy"
+#line 2561 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeHour(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4712 "seclang-parser.cc"
+#line 4723 "seclang-parser.cc"
     break;
 
   case 328: // var: "RUN_TIME_VAR_TIME_MIN"
-#line 2557 "seclang-parser.yy"
+#line 2568 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeMin(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4723 "seclang-parser.cc"
+#line 4734 "seclang-parser.cc"
     break;
 
   case 329: // var: "RUN_TIME_VAR_TIME_MON"
-#line 2564 "seclang-parser.yy"
+#line 2575 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeMon(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4734 "seclang-parser.cc"
+#line 4745 "seclang-parser.cc"
     break;
 
   case 330: // var: "RUN_TIME_VAR_TIME_SEC"
-#line 2571 "seclang-parser.yy"
+#line 2582 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
             std::unique_ptr<Variable> c(new TimeSec(name));
             yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4745 "seclang-parser.cc"
+#line 4756 "seclang-parser.cc"
     break;
 
   case 331: // var: "RUN_TIME_VAR_TIME_WDAY"
-#line 2578 "seclang-parser.yy"
+#line 2589 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeWDay(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4756 "seclang-parser.cc"
+#line 4767 "seclang-parser.cc"
     break;
 
   case 332: // var: "RUN_TIME_VAR_TIME_YEAR"
-#line 2585 "seclang-parser.yy"
+#line 2596 "seclang-parser.yy"
       {
         std::string name(yystack_[0].value.as < std::string > ());
         char z = name.at(0);
         std::unique_ptr<Variable> c(new TimeYear(name));
         yylhs.value.as < std::unique_ptr<Variable> > () = std::move(c);
       }
-#line 4767 "seclang-parser.cc"
+#line 4778 "seclang-parser.cc"
     break;
 
   case 333: // act: "Accuracy"
-#line 2595 "seclang-parser.yy"
+#line 2606 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Accuracy(yystack_[0].value.as < std::string > ()));
       }
-#line 4775 "seclang-parser.cc"
+#line 4786 "seclang-parser.cc"
     break;
 
   case 334: // act: "Allow"
-#line 2599 "seclang-parser.yy"
+#line 2610 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::disruptive::Allow(yystack_[0].value.as < std::string > ()));
       }
-#line 4783 "seclang-parser.cc"
+#line 4794 "seclang-parser.cc"
     break;
 
   case 335: // act: "Append"
-#line 2603 "seclang-parser.yy"
+#line 2614 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("Append", yystack_[1].location);
       }
-#line 4791 "seclang-parser.cc"
+#line 4802 "seclang-parser.cc"
     break;
 
   case 336: // act: "AuditLog"
-#line 2607 "seclang-parser.yy"
+#line 2618 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::AuditLog(yystack_[0].value.as < std::string > ()));
       }
-#line 4799 "seclang-parser.cc"
+#line 4810 "seclang-parser.cc"
     break;
 
   case 337: // act: "Block"
-#line 2611 "seclang-parser.yy"
+#line 2622 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Block(yystack_[0].value.as < std::string > ()));
       }
-#line 4807 "seclang-parser.cc"
+#line 4818 "seclang-parser.cc"
     break;
 
   case 338: // act: "Capture"
-#line 2615 "seclang-parser.yy"
+#line 2626 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Capture(yystack_[0].value.as < std::string > ()));
       }
-#line 4815 "seclang-parser.cc"
+#line 4826 "seclang-parser.cc"
     break;
 
   case 339: // act: "Chain"
-#line 2619 "seclang-parser.yy"
+#line 2630 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Chain(yystack_[0].value.as < std::string > ()));
       }
-#line 4823 "seclang-parser.cc"
+#line 4834 "seclang-parser.cc"
     break;
 
   case 340: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_ON"
-#line 2623 "seclang-parser.yy"
+#line 2634 "seclang-parser.yy"
       {
         //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0);
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Action(yystack_[1].value.as < std::string > ()));
       }
-#line 4832 "seclang-parser.cc"
+#line 4843 "seclang-parser.cc"
     break;
 
   case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF"
-#line 2628 "seclang-parser.yy"
+#line 2639 "seclang-parser.yy"
       {
         //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0);
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Action(yystack_[1].value.as < std::string > ()));
       }
-#line 4841 "seclang-parser.cc"
+#line 4852 "seclang-parser.cc"
     break;
 
   case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY"
-#line 2633 "seclang-parser.yy"
+#line 2644 "seclang-parser.yy"
       {
         //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0);
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Action(yystack_[1].value.as < std::string > ()));
       }
-#line 4850 "seclang-parser.cc"
+#line 4861 "seclang-parser.cc"
     break;
 
   case 343: // act: "ACTION_CTL_AUDIT_LOG_PARTS"
-#line 2638 "seclang-parser.yy"
+#line 2649 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::AuditLogParts(yystack_[0].value.as < std::string > ()));
       }
-#line 4858 "seclang-parser.cc"
+#line 4869 "seclang-parser.cc"
     break;
 
   case 344: // act: "ACTION_CTL_BDY_JSON"
-#line 2642 "seclang-parser.yy"
+#line 2653 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RequestBodyProcessorJSON(yystack_[0].value.as < std::string > ()));
       }
-#line 4866 "seclang-parser.cc"
+#line 4877 "seclang-parser.cc"
     break;
 
   case 345: // act: "ACTION_CTL_BDY_XML"
-#line 2646 "seclang-parser.yy"
+#line 2657 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RequestBodyProcessorXML(yystack_[0].value.as < std::string > ()));
       }
-#line 4874 "seclang-parser.cc"
+#line 4885 "seclang-parser.cc"
     break;
 
   case 346: // act: "ACTION_CTL_BDY_URLENCODED"
-#line 2650 "seclang-parser.yy"
+#line 2661 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RequestBodyProcessorURLENCODED(yystack_[0].value.as < std::string > ()));
       }
-#line 4882 "seclang-parser.cc"
+#line 4893 "seclang-parser.cc"
     break;
 
   case 347: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_ON"
-#line 2654 "seclang-parser.yy"
+#line 2665 "seclang-parser.yy"
       {
         //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0);
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Action(yystack_[1].value.as < std::string > ()));
       }
-#line 4891 "seclang-parser.cc"
+#line 4902 "seclang-parser.cc"
     break;
 
   case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF"
-#line 2659 "seclang-parser.yy"
+#line 2670 "seclang-parser.yy"
       {
         //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0);
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Action(yystack_[1].value.as < std::string > ()));
       }
-#line 4900 "seclang-parser.cc"
+#line 4911 "seclang-parser.cc"
     break;
 
   case 349: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_ON"
-#line 2664 "seclang-parser.yy"
+#line 2675 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "true"));
       }
-#line 4908 "seclang-parser.cc"
+#line 4919 "seclang-parser.cc"
     break;
 
   case 350: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_OFF"
-#line 2668 "seclang-parser.yy"
+#line 2679 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "false"));
       }
-#line 4916 "seclang-parser.cc"
+#line 4927 "seclang-parser.cc"
     break;
 
   case 351: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_ON"
-#line 2672 "seclang-parser.yy"
+#line 2683 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleEngine("ctl:RuleEngine=on"));
       }
-#line 4924 "seclang-parser.cc"
+#line 4935 "seclang-parser.cc"
     break;
 
   case 352: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_OFF"
-#line 2676 "seclang-parser.yy"
+#line 2687 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleEngine("ctl:RuleEngine=off"));
       }
-#line 4932 "seclang-parser.cc"
+#line 4943 "seclang-parser.cc"
     break;
 
   case 353: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_DETC"
-#line 2680 "seclang-parser.yy"
+#line 2691 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleEngine("ctl:RuleEngine=detectiononly"));
       }
-#line 4940 "seclang-parser.cc"
+#line 4951 "seclang-parser.cc"
     break;
 
   case 354: // act: "ACTION_CTL_RULE_REMOVE_BY_ID"
-#line 2684 "seclang-parser.yy"
+#line 2695 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleRemoveById(yystack_[0].value.as < std::string > ()));
       }
-#line 4948 "seclang-parser.cc"
+#line 4959 "seclang-parser.cc"
     break;
 
   case 355: // act: "ACTION_CTL_RULE_REMOVE_BY_TAG"
-#line 2688 "seclang-parser.yy"
+#line 2699 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleRemoveByTag(yystack_[0].value.as < std::string > ()));
       }
-#line 4956 "seclang-parser.cc"
+#line 4967 "seclang-parser.cc"
     break;
 
   case 356: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID"
-#line 2692 "seclang-parser.yy"
+#line 2703 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleRemoveTargetById(yystack_[0].value.as < std::string > ()));
       }
-#line 4964 "seclang-parser.cc"
+#line 4975 "seclang-parser.cc"
     break;
 
   case 357: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG"
-#line 2696 "seclang-parser.yy"
+#line 2707 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::ctl::RuleRemoveTargetByTag(yystack_[0].value.as < std::string > ()));
       }
-#line 4972 "seclang-parser.cc"
+#line 4983 "seclang-parser.cc"
     break;
 
   case 358: // act: "Deny"
-#line 2700 "seclang-parser.yy"
+#line 2711 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::disruptive::Deny(yystack_[0].value.as < std::string > ()));
       }
-#line 4980 "seclang-parser.cc"
+#line 4991 "seclang-parser.cc"
     break;
 
   case 359: // act: "DeprecateVar"
-#line 2704 "seclang-parser.yy"
+#line 2715 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("DeprecateVar", yystack_[1].location);
       }
-#line 4988 "seclang-parser.cc"
+#line 4999 "seclang-parser.cc"
     break;
 
   case 360: // act: "Drop"
-#line 2708 "seclang-parser.yy"
+#line 2719 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::disruptive::Drop(yystack_[0].value.as < std::string > ()));
       }
-#line 4996 "seclang-parser.cc"
+#line 5007 "seclang-parser.cc"
     break;
 
   case 361: // act: "Exec"
-#line 2712 "seclang-parser.yy"
+#line 2723 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Exec(yystack_[0].value.as < std::string > ()));
       }
-#line 5004 "seclang-parser.cc"
+#line 5015 "seclang-parser.cc"
     break;
 
   case 362: // act: "ExpireVar"
-#line 2716 "seclang-parser.yy"
+#line 2727 "seclang-parser.yy"
       {
         //ACTION_NOT_SUPPORTED("ExpireVar", @0);
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Action(yystack_[0].value.as < std::string > ()));
       }
-#line 5013 "seclang-parser.cc"
+#line 5024 "seclang-parser.cc"
     break;
 
   case 363: // act: "Id"
-#line 2721 "seclang-parser.yy"
+#line 2732 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::RuleId(yystack_[0].value.as < std::string > ()));
       }
-#line 5021 "seclang-parser.cc"
+#line 5032 "seclang-parser.cc"
     break;
 
   case 364: // act: "InitCol" run_time_string
-#line 2725 "seclang-parser.yy"
+#line 2736 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::InitCol(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5029 "seclang-parser.cc"
+#line 5040 "seclang-parser.cc"
     break;
 
   case 365: // act: "LogData" run_time_string
-#line 2729 "seclang-parser.yy"
+#line 2740 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::LogData(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5037 "seclang-parser.cc"
+#line 5048 "seclang-parser.cc"
     break;
 
   case 366: // act: "Log"
-#line 2733 "seclang-parser.yy"
+#line 2744 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Log(yystack_[0].value.as < std::string > ()));
       }
-#line 5045 "seclang-parser.cc"
+#line 5056 "seclang-parser.cc"
     break;
 
   case 367: // act: "Maturity"
-#line 2737 "seclang-parser.yy"
+#line 2748 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Maturity(yystack_[0].value.as < std::string > ()));
       }
-#line 5053 "seclang-parser.cc"
+#line 5064 "seclang-parser.cc"
     break;
 
   case 368: // act: "Msg" run_time_string
-#line 2741 "seclang-parser.yy"
+#line 2752 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Msg(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5061 "seclang-parser.cc"
+#line 5072 "seclang-parser.cc"
     break;
 
   case 369: // act: "MultiMatch"
-#line 2745 "seclang-parser.yy"
+#line 2756 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::MultiMatch(yystack_[0].value.as < std::string > ()));
       }
-#line 5069 "seclang-parser.cc"
+#line 5080 "seclang-parser.cc"
     break;
 
   case 370: // act: "NoAuditLog"
-#line 2749 "seclang-parser.yy"
+#line 2760 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::NoAuditLog(yystack_[0].value.as < std::string > ()));
       }
-#line 5077 "seclang-parser.cc"
+#line 5088 "seclang-parser.cc"
     break;
 
   case 371: // act: "NoLog"
-#line 2753 "seclang-parser.yy"
+#line 2764 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::NoLog(yystack_[0].value.as < std::string > ()));
       }
-#line 5085 "seclang-parser.cc"
+#line 5096 "seclang-parser.cc"
     break;
 
   case 372: // act: "Pass"
-#line 2757 "seclang-parser.yy"
+#line 2768 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::disruptive::Pass(yystack_[0].value.as < std::string > ()));
       }
-#line 5093 "seclang-parser.cc"
+#line 5104 "seclang-parser.cc"
     break;
 
   case 373: // act: "Pause"
-#line 2761 "seclang-parser.yy"
+#line 2772 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("Pause", yystack_[1].location);
       }
-#line 5101 "seclang-parser.cc"
+#line 5112 "seclang-parser.cc"
     break;
 
   case 374: // act: "Phase"
-#line 2765 "seclang-parser.yy"
+#line 2776 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Phase(yystack_[0].value.as < std::string > ()));
       }
-#line 5109 "seclang-parser.cc"
+#line 5120 "seclang-parser.cc"
     break;
 
   case 375: // act: "Prepend"
-#line 2769 "seclang-parser.yy"
+#line 2780 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("Prepend", yystack_[1].location);
       }
-#line 5117 "seclang-parser.cc"
+#line 5128 "seclang-parser.cc"
     break;
 
   case 376: // act: "Proxy"
-#line 2773 "seclang-parser.yy"
+#line 2784 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("Proxy", yystack_[1].location);
       }
-#line 5125 "seclang-parser.cc"
+#line 5136 "seclang-parser.cc"
     break;
 
   case 377: // act: "Redirect" run_time_string
-#line 2777 "seclang-parser.yy"
+#line 2788 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::disruptive::Redirect(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5133 "seclang-parser.cc"
+#line 5144 "seclang-parser.cc"
     break;
 
   case 378: // act: "Rev"
-#line 2781 "seclang-parser.yy"
+#line 2792 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Rev(yystack_[0].value.as < std::string > ()));
       }
-#line 5141 "seclang-parser.cc"
+#line 5152 "seclang-parser.cc"
     break;
 
   case 379: // act: "SanitiseArg"
-#line 2785 "seclang-parser.yy"
+#line 2796 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("SanitiseArg", yystack_[1].location);
       }
-#line 5149 "seclang-parser.cc"
+#line 5160 "seclang-parser.cc"
     break;
 
   case 380: // act: "SanitiseMatched"
-#line 2789 "seclang-parser.yy"
+#line 2800 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("SanitiseMatched", yystack_[1].location);
       }
-#line 5157 "seclang-parser.cc"
+#line 5168 "seclang-parser.cc"
     break;
 
   case 381: // act: "SanitiseMatchedBytes"
-#line 2793 "seclang-parser.yy"
+#line 2804 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("SanitiseMatchedBytes", yystack_[1].location);
       }
-#line 5165 "seclang-parser.cc"
+#line 5176 "seclang-parser.cc"
     break;
 
   case 382: // act: "SanitiseRequestHeader"
-#line 2797 "seclang-parser.yy"
+#line 2808 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("SanitiseRequestHeader", yystack_[1].location);
       }
-#line 5173 "seclang-parser.cc"
+#line 5184 "seclang-parser.cc"
     break;
 
   case 383: // act: "SanitiseResponseHeader"
-#line 2801 "seclang-parser.yy"
+#line 2812 "seclang-parser.yy"
       {
         ACTION_NOT_SUPPORTED("SanitiseResponseHeader", yystack_[1].location);
       }
-#line 5181 "seclang-parser.cc"
+#line 5192 "seclang-parser.cc"
     break;
 
   case 384: // act: "SetEnv" run_time_string
-#line 2805 "seclang-parser.yy"
+#line 2816 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetENV(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5189 "seclang-parser.cc"
+#line 5200 "seclang-parser.cc"
     break;
 
   case 385: // act: "SetRsc" run_time_string
-#line 2809 "seclang-parser.yy"
+#line 2820 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetRSC(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5197 "seclang-parser.cc"
+#line 5208 "seclang-parser.cc"
     break;
 
   case 386: // act: "SetSid" run_time_string
-#line 2813 "seclang-parser.yy"
+#line 2824 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetSID(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5205 "seclang-parser.cc"
+#line 5216 "seclang-parser.cc"
     break;
 
   case 387: // act: "SetUID" run_time_string
-#line 2817 "seclang-parser.yy"
+#line 2828 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetUID(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5213 "seclang-parser.cc"
+#line 5224 "seclang-parser.cc"
     break;
 
   case 388: // act: "SetVar" setvar_action
-#line 2821 "seclang-parser.yy"
+#line 2832 "seclang-parser.yy"
       {
         yylhs.value.as < std::unique_ptr<actions::Action> > () = std::move(yystack_[0].value.as < std::unique_ptr<actions::Action> > ());
       }
-#line 5221 "seclang-parser.cc"
+#line 5232 "seclang-parser.cc"
     break;
 
   case 389: // act: "Severity"
-#line 2825 "seclang-parser.yy"
+#line 2836 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Severity(yystack_[0].value.as < std::string > ()));
       }
-#line 5229 "seclang-parser.cc"
+#line 5240 "seclang-parser.cc"
     break;
 
   case 390: // act: "Skip"
-#line 2829 "seclang-parser.yy"
+#line 2840 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Skip(yystack_[0].value.as < std::string > ()));
       }
-#line 5237 "seclang-parser.cc"
+#line 5248 "seclang-parser.cc"
     break;
 
   case 391: // act: "SkipAfter"
-#line 2833 "seclang-parser.yy"
+#line 2844 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SkipAfter(yystack_[0].value.as < std::string > ()));
       }
-#line 5245 "seclang-parser.cc"
+#line 5256 "seclang-parser.cc"
     break;
 
   case 392: // act: "Status"
-#line 2837 "seclang-parser.yy"
+#line 2848 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::data::Status(yystack_[0].value.as < std::string > ()));
       }
-#line 5253 "seclang-parser.cc"
+#line 5264 "seclang-parser.cc"
     break;
 
   case 393: // act: "Tag" run_time_string
-#line 2841 "seclang-parser.yy"
+#line 2852 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Tag(std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5261 "seclang-parser.cc"
+#line 5272 "seclang-parser.cc"
     break;
 
   case 394: // act: "Ver"
-#line 2845 "seclang-parser.yy"
+#line 2856 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::Ver(yystack_[0].value.as < std::string > ()));
       }
-#line 5269 "seclang-parser.cc"
+#line 5280 "seclang-parser.cc"
     break;
 
   case 395: // act: "xmlns"
-#line 2849 "seclang-parser.yy"
+#line 2860 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::XmlNS(yystack_[0].value.as < std::string > ()));
       }
-#line 5277 "seclang-parser.cc"
+#line 5288 "seclang-parser.cc"
     break;
 
   case 396: // act: "ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT"
-#line 2853 "seclang-parser.yy"
+#line 2864 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::ParityZero7bit(yystack_[0].value.as < std::string > ()));
       }
-#line 5285 "seclang-parser.cc"
+#line 5296 "seclang-parser.cc"
     break;
 
   case 397: // act: "ACTION_TRANSFORMATION_PARITY_ODD_7_BIT"
-#line 2857 "seclang-parser.yy"
+#line 2868 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::ParityOdd7bit(yystack_[0].value.as < std::string > ()));
       }
-#line 5293 "seclang-parser.cc"
+#line 5304 "seclang-parser.cc"
     break;
 
   case 398: // act: "ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT"
-#line 2861 "seclang-parser.yy"
+#line 2872 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::ParityEven7bit(yystack_[0].value.as < std::string > ()));
       }
-#line 5301 "seclang-parser.cc"
+#line 5312 "seclang-parser.cc"
     break;
 
   case 399: // act: "ACTION_TRANSFORMATION_SQL_HEX_DECODE"
-#line 2865 "seclang-parser.yy"
+#line 2876 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::SqlHexDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5309 "seclang-parser.cc"
+#line 5320 "seclang-parser.cc"
     break;
 
   case 400: // act: "ACTION_TRANSFORMATION_BASE_64_ENCODE"
-#line 2869 "seclang-parser.yy"
+#line 2880 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Base64Encode(yystack_[0].value.as < std::string > ()));
       }
-#line 5317 "seclang-parser.cc"
+#line 5328 "seclang-parser.cc"
     break;
 
   case 401: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE"
-#line 2873 "seclang-parser.yy"
+#line 2884 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Base64Decode(yystack_[0].value.as < std::string > ()));
       }
-#line 5325 "seclang-parser.cc"
+#line 5336 "seclang-parser.cc"
     break;
 
   case 402: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE_EXT"
-#line 2877 "seclang-parser.yy"
+#line 2888 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Base64DecodeExt(yystack_[0].value.as < std::string > ()));
       }
-#line 5333 "seclang-parser.cc"
+#line 5344 "seclang-parser.cc"
     break;
 
   case 403: // act: "ACTION_TRANSFORMATION_CMD_LINE"
-#line 2881 "seclang-parser.yy"
+#line 2892 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::CmdLine(yystack_[0].value.as < std::string > ()));
       }
-#line 5341 "seclang-parser.cc"
+#line 5352 "seclang-parser.cc"
     break;
 
   case 404: // act: "ACTION_TRANSFORMATION_SHA1"
-#line 2885 "seclang-parser.yy"
+#line 2896 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Sha1(yystack_[0].value.as < std::string > ()));
       }
-#line 5349 "seclang-parser.cc"
+#line 5360 "seclang-parser.cc"
     break;
 
   case 405: // act: "ACTION_TRANSFORMATION_MD5"
-#line 2889 "seclang-parser.yy"
+#line 2900 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Md5(yystack_[0].value.as < std::string > ()));
       }
-#line 5357 "seclang-parser.cc"
+#line 5368 "seclang-parser.cc"
     break;
 
   case 406: // act: "ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE"
-#line 2893 "seclang-parser.yy"
+#line 2904 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::EscapeSeqDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5365 "seclang-parser.cc"
+#line 5376 "seclang-parser.cc"
     break;
 
   case 407: // act: "ACTION_TRANSFORMATION_HEX_ENCODE"
-#line 2897 "seclang-parser.yy"
+#line 2908 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::HexEncode(yystack_[0].value.as < std::string > ()));
       }
-#line 5373 "seclang-parser.cc"
+#line 5384 "seclang-parser.cc"
     break;
 
   case 408: // act: "ACTION_TRANSFORMATION_HEX_DECODE"
-#line 2901 "seclang-parser.yy"
+#line 2912 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::HexDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5381 "seclang-parser.cc"
+#line 5392 "seclang-parser.cc"
     break;
 
   case 409: // act: "ACTION_TRANSFORMATION_LOWERCASE"
-#line 2905 "seclang-parser.yy"
+#line 2916 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::LowerCase(yystack_[0].value.as < std::string > ()));
       }
-#line 5389 "seclang-parser.cc"
+#line 5400 "seclang-parser.cc"
     break;
 
   case 410: // act: "ACTION_TRANSFORMATION_PHP_ARGS_NAMES"
-#line 2909 "seclang-parser.yy"
+#line 2920 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::PhpArgsNames(yystack_[0].value.as < std::string > ()));
       }
-#line 5397 "seclang-parser.cc"
+#line 5408 "seclang-parser.cc"
     break;
 
   case 411: // act: "ACTION_TRANSFORMATION_UPPERCASE"
-#line 2913 "seclang-parser.yy"
+#line 2924 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::UpperCase(yystack_[0].value.as < std::string > ()));
       }
-#line 5405 "seclang-parser.cc"
+#line 5416 "seclang-parser.cc"
     break;
 
   case 412: // act: "ACTION_TRANSFORMATION_URL_DECODE_UNI"
-#line 2917 "seclang-parser.yy"
+#line 2928 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::UrlDecodeUni(yystack_[0].value.as < std::string > ()));
       }
-#line 5413 "seclang-parser.cc"
+#line 5424 "seclang-parser.cc"
     break;
 
   case 413: // act: "ACTION_TRANSFORMATION_URL_DECODE"
-#line 2921 "seclang-parser.yy"
+#line 2932 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::UrlDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5421 "seclang-parser.cc"
+#line 5432 "seclang-parser.cc"
     break;
 
   case 414: // act: "ACTION_TRANSFORMATION_URL_ENCODE"
-#line 2925 "seclang-parser.yy"
+#line 2936 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::UrlEncode(yystack_[0].value.as < std::string > ()));
       }
-#line 5429 "seclang-parser.cc"
+#line 5440 "seclang-parser.cc"
     break;
 
   case 415: // act: "ACTION_TRANSFORMATION_NONE"
-#line 2929 "seclang-parser.yy"
+#line 2940 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::None(yystack_[0].value.as < std::string > ()));
       }
-#line 5437 "seclang-parser.cc"
+#line 5448 "seclang-parser.cc"
     break;
 
   case 416: // act: "ACTION_TRANSFORMATION_COMPRESS_WHITESPACE"
-#line 2933 "seclang-parser.yy"
+#line 2944 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::CompressWhitespace(yystack_[0].value.as < std::string > ()));
       }
-#line 5445 "seclang-parser.cc"
+#line 5456 "seclang-parser.cc"
     break;
 
   case 417: // act: "ACTION_TRANSFORMATION_REMOVE_WHITESPACE"
-#line 2937 "seclang-parser.yy"
+#line 2948 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::RemoveWhitespace(yystack_[0].value.as < std::string > ()));
       }
-#line 5453 "seclang-parser.cc"
+#line 5464 "seclang-parser.cc"
     break;
 
   case 418: // act: "ACTION_TRANSFORMATION_REPLACE_NULLS"
-#line 2941 "seclang-parser.yy"
+#line 2952 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::ReplaceNulls(yystack_[0].value.as < std::string > ()));
       }
-#line 5461 "seclang-parser.cc"
+#line 5472 "seclang-parser.cc"
     break;
 
   case 419: // act: "ACTION_TRANSFORMATION_REMOVE_NULLS"
-#line 2945 "seclang-parser.yy"
+#line 2956 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::RemoveNulls(yystack_[0].value.as < std::string > ()));
       }
-#line 5469 "seclang-parser.cc"
+#line 5480 "seclang-parser.cc"
     break;
 
   case 420: // act: "ACTION_TRANSFORMATION_HTML_ENTITY_DECODE"
-#line 2949 "seclang-parser.yy"
+#line 2960 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::HtmlEntityDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5477 "seclang-parser.cc"
+#line 5488 "seclang-parser.cc"
     break;
 
   case 421: // act: "ACTION_TRANSFORMATION_JS_DECODE"
-#line 2953 "seclang-parser.yy"
+#line 2964 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::JsDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5485 "seclang-parser.cc"
+#line 5496 "seclang-parser.cc"
     break;
 
   case 422: // act: "ACTION_TRANSFORMATION_CSS_DECODE"
-#line 2957 "seclang-parser.yy"
+#line 2968 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::CssDecode(yystack_[0].value.as < std::string > ()));
       }
-#line 5493 "seclang-parser.cc"
+#line 5504 "seclang-parser.cc"
     break;
 
   case 423: // act: "ACTION_TRANSFORMATION_TRIM"
-#line 2961 "seclang-parser.yy"
+#line 2972 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Trim(yystack_[0].value.as < std::string > ()));
       }
-#line 5501 "seclang-parser.cc"
+#line 5512 "seclang-parser.cc"
     break;
 
   case 424: // act: "ACTION_TRANSFORMATION_TRIM_LEFT"
-#line 2965 "seclang-parser.yy"
+#line 2976 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::TrimLeft(yystack_[0].value.as < std::string > ()));
       }
-#line 5509 "seclang-parser.cc"
+#line 5520 "seclang-parser.cc"
     break;
 
   case 425: // act: "ACTION_TRANSFORMATION_TRIM_RIGHT"
-#line 2969 "seclang-parser.yy"
+#line 2980 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::TrimRight(yystack_[0].value.as < std::string > ()));
       }
-#line 5517 "seclang-parser.cc"
+#line 5528 "seclang-parser.cc"
     break;
 
   case 426: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH_WIN"
-#line 2973 "seclang-parser.yy"
+#line 2984 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::NormalisePathWin(yystack_[0].value.as < std::string > ()));
       }
-#line 5525 "seclang-parser.cc"
+#line 5536 "seclang-parser.cc"
     break;
 
   case 427: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH"
-#line 2977 "seclang-parser.yy"
+#line 2988 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::NormalisePath(yystack_[0].value.as < std::string > ()));
       }
-#line 5533 "seclang-parser.cc"
+#line 5544 "seclang-parser.cc"
     break;
 
   case 428: // act: "ACTION_TRANSFORMATION_LENGTH"
-#line 2981 "seclang-parser.yy"
+#line 2992 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Length(yystack_[0].value.as < std::string > ()));
       }
-#line 5541 "seclang-parser.cc"
+#line 5552 "seclang-parser.cc"
     break;
 
   case 429: // act: "ACTION_TRANSFORMATION_UTF8_TO_UNICODE"
-#line 2985 "seclang-parser.yy"
+#line 2996 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::Utf8ToUnicode(yystack_[0].value.as < std::string > ()));
       }
-#line 5549 "seclang-parser.cc"
+#line 5560 "seclang-parser.cc"
     break;
 
   case 430: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR"
-#line 2989 "seclang-parser.yy"
+#line 3000 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::RemoveCommentsChar(yystack_[0].value.as < std::string > ()));
       }
-#line 5557 "seclang-parser.cc"
+#line 5568 "seclang-parser.cc"
     break;
 
   case 431: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS"
-#line 2993 "seclang-parser.yy"
+#line 3004 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::RemoveComments(yystack_[0].value.as < std::string > ()));
       }
-#line 5565 "seclang-parser.cc"
+#line 5576 "seclang-parser.cc"
     break;
 
   case 432: // act: "ACTION_TRANSFORMATION_REPLACE_COMMENTS"
-#line 2997 "seclang-parser.yy"
+#line 3008 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::transformations::ReplaceComments(yystack_[0].value.as < std::string > ()));
       }
-#line 5573 "seclang-parser.cc"
+#line 5584 "seclang-parser.cc"
     break;
 
   case 433: // setvar_action: "NOT" var
-#line 3004 "seclang-parser.yy"
+#line 3015 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetVar(actions::SetVarOperation::unsetOperation, std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
       }
-#line 5581 "seclang-parser.cc"
+#line 5592 "seclang-parser.cc"
     break;
 
   case 434: // setvar_action: var
-#line 3008 "seclang-parser.yy"
+#line 3019 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetVar(actions::SetVarOperation::setToOneOperation, std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ())));
       }
-#line 5589 "seclang-parser.cc"
+#line 5600 "seclang-parser.cc"
     break;
 
   case 435: // setvar_action: var SETVAR_OPERATION_EQUALS run_time_string
-#line 3012 "seclang-parser.yy"
+#line 3023 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetVar(actions::SetVarOperation::setOperation, std::move(yystack_[2].value.as < std::unique_ptr<Variable> > ()), std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5597 "seclang-parser.cc"
+#line 5608 "seclang-parser.cc"
     break;
 
   case 436: // setvar_action: var SETVAR_OPERATION_EQUALS_PLUS run_time_string
-#line 3016 "seclang-parser.yy"
+#line 3027 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetVar(actions::SetVarOperation::sumAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr<Variable> > ()), std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5605 "seclang-parser.cc"
+#line 5616 "seclang-parser.cc"
     break;
 
   case 437: // setvar_action: var SETVAR_OPERATION_EQUALS_MINUS run_time_string
-#line 3020 "seclang-parser.yy"
+#line 3031 "seclang-parser.yy"
       {
         ACTION_CONTAINER(yylhs.value.as < std::unique_ptr<actions::Action> > (), new actions::SetVar(actions::SetVarOperation::substractAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr<Variable> > ()), std::move(yystack_[0].value.as < std::unique_ptr<RunTimeString> > ())));
       }
-#line 5613 "seclang-parser.cc"
+#line 5624 "seclang-parser.cc"
     break;
 
   case 438: // run_time_string: run_time_string "FREE_TEXT_QUOTE_MACRO_EXPANSION"
-#line 3027 "seclang-parser.yy"
+#line 3038 "seclang-parser.yy"
       {
         yystack_[1].value.as < std::unique_ptr<RunTimeString> > ()->appendText(yystack_[0].value.as < std::string > ());
         yylhs.value.as < std::unique_ptr<RunTimeString> > () = std::move(yystack_[1].value.as < std::unique_ptr<RunTimeString> > ());
       }
-#line 5622 "seclang-parser.cc"
+#line 5633 "seclang-parser.cc"
     break;
 
   case 439: // run_time_string: run_time_string var
-#line 3032 "seclang-parser.yy"
+#line 3043 "seclang-parser.yy"
       {
         yystack_[1].value.as < std::unique_ptr<RunTimeString> > ()->appendVar(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ()));
         yylhs.value.as < std::unique_ptr<RunTimeString> > () = std::move(yystack_[1].value.as < std::unique_ptr<RunTimeString> > ());
       }
-#line 5631 "seclang-parser.cc"
+#line 5642 "seclang-parser.cc"
     break;
 
   case 440: // run_time_string: "FREE_TEXT_QUOTE_MACRO_EXPANSION"
-#line 3037 "seclang-parser.yy"
+#line 3048 "seclang-parser.yy"
       {
         std::unique_ptr<RunTimeString> r(new RunTimeString());
         r->appendText(yystack_[0].value.as < std::string > ());
         yylhs.value.as < std::unique_ptr<RunTimeString> > () = std::move(r);
       }
-#line 5641 "seclang-parser.cc"
+#line 5652 "seclang-parser.cc"
     break;
 
   case 441: // run_time_string: var
-#line 3043 "seclang-parser.yy"
+#line 3054 "seclang-parser.yy"
       {
         std::unique_ptr<RunTimeString> r(new RunTimeString());
         r->appendVar(std::move(yystack_[0].value.as < std::unique_ptr<Variable> > ()));
         yylhs.value.as < std::unique_ptr<RunTimeString> > () = std::move(r);
       }
-#line 5651 "seclang-parser.cc"
+#line 5662 "seclang-parser.cc"
     break;
 
 
-#line 5655 "seclang-parser.cc"
+#line 5666 "seclang-parser.cc"
 
             default:
               break;
@@ -7154,44 +7165,44 @@ namespace yy {
      925,   929,   933,   937,   941,   945,   949,   954,   958,   962,
      966,   970,   974,   979,   984,   988,   992,   996,  1000,  1004,
     1008,  1012,  1016,  1020,  1024,  1028,  1032,  1036,  1040,  1044,
-    1048,  1052,  1056,  1060,  1074,  1075,  1105,  1124,  1143,  1171,
-    1228,  1235,  1239,  1243,  1247,  1251,  1255,  1259,  1263,  1272,
-    1276,  1281,  1284,  1289,  1294,  1299,  1304,  1307,  1312,  1315,
-    1320,  1325,  1328,  1333,  1338,  1343,  1348,  1353,  1358,  1363,
-    1366,  1371,  1376,  1381,  1386,  1389,  1394,  1399,  1404,  1417,
-    1430,  1443,  1456,  1469,  1495,  1523,  1535,  1555,  1582,  1588,
-    1593,  1598,  1607,  1612,  1616,  1620,  1624,  1628,  1632,  1636,
-    1641,  1646,  1658,  1664,  1668,  1672,  1683,  1692,  1693,  1700,
-    1705,  1710,  1764,  1771,  1779,  1816,  1820,  1827,  1832,  1838,
-    1844,  1850,  1857,  1867,  1871,  1875,  1879,  1883,  1887,  1891,
-    1895,  1899,  1903,  1907,  1911,  1915,  1919,  1923,  1927,  1931,
-    1935,  1939,  1943,  1947,  1951,  1955,  1959,  1963,  1967,  1971,
-    1975,  1979,  1983,  1987,  1991,  1995,  1999,  2003,  2007,  2011,
-    2015,  2019,  2023,  2027,  2031,  2035,  2039,  2043,  2047,  2051,
-    2055,  2059,  2063,  2067,  2071,  2075,  2079,  2083,  2087,  2091,
-    2095,  2099,  2103,  2107,  2111,  2115,  2119,  2123,  2127,  2131,
-    2135,  2139,  2143,  2147,  2151,  2155,  2159,  2163,  2167,  2171,
-    2175,  2179,  2183,  2187,  2191,  2195,  2199,  2203,  2207,  2211,
-    2215,  2219,  2223,  2228,  2232,  2236,  2241,  2245,  2249,  2254,
-    2259,  2263,  2267,  2271,  2275,  2279,  2283,  2287,  2291,  2295,
-    2299,  2303,  2307,  2311,  2315,  2319,  2323,  2327,  2331,  2335,
-    2339,  2343,  2347,  2351,  2355,  2359,  2363,  2367,  2371,  2375,
-    2379,  2383,  2387,  2391,  2395,  2399,  2403,  2407,  2411,  2415,
-    2419,  2423,  2427,  2431,  2435,  2439,  2443,  2447,  2451,  2455,
-    2459,  2463,  2467,  2471,  2475,  2479,  2483,  2487,  2491,  2495,
-    2499,  2507,  2514,  2521,  2528,  2535,  2542,  2549,  2556,  2563,
-    2570,  2577,  2584,  2594,  2598,  2602,  2606,  2610,  2614,  2618,
-    2622,  2627,  2632,  2637,  2641,  2645,  2649,  2653,  2658,  2663,
-    2667,  2671,  2675,  2679,  2683,  2687,  2691,  2695,  2699,  2703,
-    2707,  2711,  2715,  2720,  2724,  2728,  2732,  2736,  2740,  2744,
-    2748,  2752,  2756,  2760,  2764,  2768,  2772,  2776,  2780,  2784,
-    2788,  2792,  2796,  2800,  2804,  2808,  2812,  2816,  2820,  2824,
-    2828,  2832,  2836,  2840,  2844,  2848,  2852,  2856,  2860,  2864,
-    2868,  2872,  2876,  2880,  2884,  2888,  2892,  2896,  2900,  2904,
-    2908,  2912,  2916,  2920,  2924,  2928,  2932,  2936,  2940,  2944,
-    2948,  2952,  2956,  2960,  2964,  2968,  2972,  2976,  2980,  2984,
-    2988,  2992,  2996,  3003,  3007,  3011,  3015,  3019,  3026,  3031,
-    3036,  3042
+    1048,  1052,  1056,  1060,  1074,  1075,  1107,  1126,  1147,  1177,
+    1239,  1246,  1250,  1254,  1258,  1262,  1266,  1270,  1274,  1283,
+    1287,  1292,  1295,  1300,  1305,  1310,  1315,  1318,  1323,  1326,
+    1331,  1336,  1339,  1344,  1349,  1354,  1359,  1364,  1369,  1374,
+    1377,  1382,  1387,  1392,  1397,  1400,  1405,  1410,  1415,  1428,
+    1441,  1454,  1467,  1480,  1506,  1534,  1546,  1566,  1593,  1599,
+    1604,  1609,  1618,  1623,  1627,  1631,  1635,  1639,  1643,  1647,
+    1652,  1657,  1669,  1675,  1679,  1683,  1694,  1703,  1704,  1711,
+    1716,  1721,  1775,  1782,  1790,  1827,  1831,  1838,  1843,  1849,
+    1855,  1861,  1868,  1878,  1882,  1886,  1890,  1894,  1898,  1902,
+    1906,  1910,  1914,  1918,  1922,  1926,  1930,  1934,  1938,  1942,
+    1946,  1950,  1954,  1958,  1962,  1966,  1970,  1974,  1978,  1982,
+    1986,  1990,  1994,  1998,  2002,  2006,  2010,  2014,  2018,  2022,
+    2026,  2030,  2034,  2038,  2042,  2046,  2050,  2054,  2058,  2062,
+    2066,  2070,  2074,  2078,  2082,  2086,  2090,  2094,  2098,  2102,
+    2106,  2110,  2114,  2118,  2122,  2126,  2130,  2134,  2138,  2142,
+    2146,  2150,  2154,  2158,  2162,  2166,  2170,  2174,  2178,  2182,
+    2186,  2190,  2194,  2198,  2202,  2206,  2210,  2214,  2218,  2222,
+    2226,  2230,  2234,  2239,  2243,  2247,  2252,  2256,  2260,  2265,
+    2270,  2274,  2278,  2282,  2286,  2290,  2294,  2298,  2302,  2306,
+    2310,  2314,  2318,  2322,  2326,  2330,  2334,  2338,  2342,  2346,
+    2350,  2354,  2358,  2362,  2366,  2370,  2374,  2378,  2382,  2386,
+    2390,  2394,  2398,  2402,  2406,  2410,  2414,  2418,  2422,  2426,
+    2430,  2434,  2438,  2442,  2446,  2450,  2454,  2458,  2462,  2466,
+    2470,  2474,  2478,  2482,  2486,  2490,  2494,  2498,  2502,  2506,
+    2510,  2518,  2525,  2532,  2539,  2546,  2553,  2560,  2567,  2574,
+    2581,  2588,  2595,  2605,  2609,  2613,  2617,  2621,  2625,  2629,
+    2633,  2638,  2643,  2648,  2652,  2656,  2660,  2664,  2669,  2674,
+    2678,  2682,  2686,  2690,  2694,  2698,  2702,  2706,  2710,  2714,
+    2718,  2722,  2726,  2731,  2735,  2739,  2743,  2747,  2751,  2755,
+    2759,  2763,  2767,  2771,  2775,  2779,  2783,  2787,  2791,  2795,
+    2799,  2803,  2807,  2811,  2815,  2819,  2823,  2827,  2831,  2835,
+    2839,  2843,  2847,  2851,  2855,  2859,  2863,  2867,  2871,  2875,
+    2879,  2883,  2887,  2891,  2895,  2899,  2903,  2907,  2911,  2915,
+    2919,  2923,  2927,  2931,  2935,  2939,  2943,  2947,  2951,  2955,
+    2959,  2963,  2967,  2971,  2975,  2979,  2983,  2987,  2991,  2995,
+    2999,  3003,  3007,  3014,  3018,  3022,  3026,  3030,  3037,  3042,
+    3047,  3053
   };
 
   void
@@ -7223,9 +7234,9 @@ namespace yy {
 
 
 } // yy
-#line 7227 "seclang-parser.cc"
+#line 7238 "seclang-parser.cc"
 
-#line 3049 "seclang-parser.yy"
+#line 3060 "seclang-parser.yy"
 
 
 void yy::seclang_parser::error (const location_type& l, const std::string& m) {
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
index 6f49bbe3..99d626be 100644
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -1075,10 +1075,12 @@ expression:
     | DIRECTIVE variables op actions
       {
         std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
-        std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
         for (auto &i : *$4.get()) {
             if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
-              t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
+              std::shared_ptr<actions::Action> at = std::move(i);
+              std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
+              t->push_back(std::move(t2));
             } else {
               a->push_back(i.release());
             }
@@ -1124,10 +1126,12 @@ expression:
     | CONFIG_DIR_SEC_ACTION actions
       {
         std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
-        std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
         for (auto &i : *$2.get()) {
             if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
-              t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
+              std::shared_ptr<actions::Action> at = std::move(i);
+              std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
+              t->push_back(std::move(t2));
             } else {
               a->push_back(i.release());
             }
@@ -1144,10 +1148,12 @@ expression:
       {
         std::string err;
         std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
-        std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
         for (auto &i : *$2.get()) {
             if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
-              t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
+              std::shared_ptr<actions::Action> at = std::move(i);
+              std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
+              t->push_back(std::move(t2));
             } else {
               a->push_back(i.release());
             }
@@ -1219,8 +1225,13 @@ expression:
         }
 
         for (actions::Action *a : checkedActions) {
-            driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(
-                std::unique_ptr<actions::Action>(a));
+            if (dynamic_cast<actions::transformations::Transformation *>(a)) {
+              driver.m_rulesSetPhases[definedPhase]->m_defaultTransformations.push_back(
+                std::shared_ptr<actions::transformations::Transformation>(
+                dynamic_cast<actions::transformations::Transformation *>(a)));
+            } else {
+              driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(std::unique_ptr<Action>(a));
+            }
         }
 
         delete actions;
diff --git a/src/rule_message.cc b/src/rule_message.cc
index eb679554..593c06ad 100644
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@@ -26,27 +26,25 @@ namespace modsecurity {
 std::string RuleMessage::_details(const RuleMessage *rm) {
     std::string msg;
 
-    msg.append(" [file \"" + std::string(*rm->m_ruleFile.get()) + "\"]");
-    msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
-    msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
-    msg.append(" [rev \"" + rm->m_rev + "\"]");
+    msg.append(" [file \"" + rm->getFileName() + "\"]");
+    msg.append(" [line \"" + std::to_string(rm->getLineNumber()) + "\"]");
+    msg.append(" [id \"" + std::to_string(rm->getRuleId()) + "\"]");
+    msg.append(" [rev \"" + rm->getRev() + "\"]");
     msg.append(" [msg \"" + rm->m_message + "\"]");
     msg.append(" [data \"" + utils::string::limitTo(200, rm->m_data) + "\"]");
     msg.append(" [severity \"" +
         std::to_string(rm->m_severity) + "\"]");
-    msg.append(" [ver \"" + rm->m_ver + "\"]");
-    msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
-    msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
 
+    msg.append(" [ver \"" + rm->getVer() + "\"]");
+    msg.append(" [maturity \"" + std::to_string(rm->getMaturity()) + "\"]");
+    msg.append(" [accuracy \"" + std::to_string(rm->getAccuracy()) + "\"]");
     for (auto &a : rm->m_tags) {
         msg.append(" [tag \"" + a + "\"]");
     }
-
-    msg.append(" [hostname \"" + *rm->m_serverIpAddress.get() \
-        + "\"]");
-    msg.append(" [uri \"" + utils::string::limitTo(200, *rm->m_uriNoQueryStringDecoded.get()) + "\"]");
-    msg.append(" [unique_id \"" + *rm->m_id + "\"]");
-    msg.append(" [ref \"" + utils::string::limitTo(200, rm->m_reference) + "\"]");
+    msg.append(" [hostname \"" + rm->getServerIpAddress() + "\"]");
+    msg.append(" [uri \"" + utils::string::limitTo(200, rm->getUri()) + "\"]");
+    msg.append(" [unique_id \"" + rm->getRequestId() + "\"]");
+    msg.append(" [ref \"" + rm->m_reference + "\"]");
 
     return msg;
 }
@@ -55,9 +53,9 @@ std::string RuleMessage::_details(const RuleMessage *rm) {
 std::string RuleMessage::_errorLogTail(const RuleMessage *rm) {
     std::string msg;
 
-    msg.append("[hostname \"" + *rm->m_serverIpAddress.get() + "\"]");
-    msg.append(" [uri \"" + utils::string::limitTo(200, *rm->m_uriNoQueryStringDecoded.get()) + "\"]");
-    msg.append(" [unique_id \"" + *rm->m_id + "\"]");
+    msg.append("[hostname \"" + rm->getServerIpAddress() + "\"]");
+    msg.append(" [uri \"" + rm->getUri() + "\"]");
+    msg.append(" [unique_id \"" + rm->getRequestId() + "\"]");
 
     return msg;
 }
@@ -68,10 +66,11 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
     msg.reserve(2048);
 
     if (props & ClientLogMessageInfo) {
-        msg.append("[client " + std::string(*rm->m_clientIpAddress.get()) + "] ");
+        msg.append("[client " + rm->getClientIpAddress() + "] ");
     }
 
-    if (rm->m_isDisruptive) {
+    if (rm->isDisruptive()
+        && (rm->m_transaction->getRuleEngineState() == RulesSet::EnabledRuleEngine)) {
         msg.append("ModSecurity: Access denied with code ");
         if (code == -1) {
             msg.append("%d");
@@ -79,7 +78,7 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
             msg.append(std::to_string(code));
         }
         msg.append(" (phase ");
-        msg.append(std::to_string(rm->m_rule->getPhase() - 1) + "). ");
+        msg.append(std::to_string(rm->getPhase() - 1) + "). ");
     } else {
         msg.append("ModSecurity: Warning. ");
     }
diff --git a/src/rule_script.cc b/src/rule_script.cc
index c74497d3..74663a43 100644
--- a/src/rule_script.cc
+++ b/src/rule_script.cc
@@ -19,23 +19,22 @@
 namespace modsecurity {
 
 bool RuleScript::init(std::string *err) {
-    return m_lua.load(m_name, err);
+    return m_lua->load(m_name, err);
 }
 
-bool RuleScript::evaluate(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage) {
+bool RuleScript::evaluate(Transaction *trans) {
 
     ms_dbg_a(trans, 4, " Executing script: " + m_name + ".");
 
     bool containsDisruptive = false;
 
     executeActionsIndependentOfChainedRuleResult(trans,
-        &containsDisruptive, ruleMessage);
+        &containsDisruptive);
 
-    bool ret = m_lua.run(trans);
+    bool ret = m_lua->run(trans);
 
     if (ret) {
-        executeActionsAfterFullMatch(trans, containsDisruptive, ruleMessage);
+        executeActionsAfterFullMatch(trans, containsDisruptive);
     }
 
     return ret;
diff --git a/src/rule_script.h b/src/rule_script.h
index 237ad6ab..58c58f51 100644
--- a/src/rule_script.h
+++ b/src/rule_script.h
@@ -51,17 +51,18 @@ class RuleScript : public RuleWithActions {
         int lineNumber)
             : RuleWithActions(actions, t, std::move(fileName), lineNumber),
         m_name(name),
-        m_lua() { }
+        m_lua(std::unique_ptr<engine::Lua>(new engine::Lua())) { }
 
-    RuleScript(const RuleWithActions& r) = delete;
+    RuleScript(const RuleScript &rs)
+        : RuleWithActions(rs),
+        m_name(rs.m_name),
+        m_lua(rs.m_lua) { }
 
     bool init(std::string *err);
-    bool evaluate(Transaction *trans,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
-
+    bool evaluate(Transaction *trans) override;
 
     std::string m_name;
-    engine::Lua m_lua;
+    std::shared_ptr<engine::Lua> m_lua;
 };
 
 }  // namespace modsecurity
diff --git a/src/rule_unconditional.cc b/src/rule_unconditional.cc
index e6bacd66..22d52d75 100644
--- a/src/rule_unconditional.cc
+++ b/src/rule_unconditional.cc
@@ -19,9 +19,8 @@
 namespace modsecurity {
 
 
-bool RuleUnconditional::evaluate(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage) {
-    RuleWithActions::evaluate(trans, ruleMessage);
+bool RuleUnconditional::evaluate(Transaction *trans) {
+    RuleWithActions::evaluate(trans);
 
     // FIXME: This needs to be romeved on the runtime exeption review.
     bool containsBlock = false;
@@ -30,11 +29,11 @@ bool RuleUnconditional::evaluate(Transaction *trans,
         + ") Executing unconditional rule...");
 
     executeActionsIndependentOfChainedRuleResult(trans,
-        &containsBlock, ruleMessage);
+        &containsBlock);
 
-    executeActionsAfterFullMatch(trans, containsBlock, ruleMessage);
+    executeActionsAfterFullMatch(trans, containsBlock);
 
-    performLogging(trans, ruleMessage);
+    trans->logMatchLastRuleOnTheChain(this);
 
     return true;
 }
diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc
index bc4b5238..2cb2783a 100644
--- a/src/rule_with_actions.cc
+++ b/src/rule_with_actions.cc
@@ -34,8 +34,13 @@
 #include "src/utils/string.h"
 #include "modsecurity/rule_message.h"
 #include "modsecurity/rule_with_actions.h"
+#include "src/actions/accuracy.h"
+#include "src/actions/maturity.h"
 #include "src/actions/msg.h"
+#include "src/actions/log.h"
+#include "src/actions/no_log.h"
 #include "src/actions/log_data.h"
+#include "src/actions/rev.h"
 #include "src/actions/severity.h"
 #include "src/actions/capture.h"
 #include "src/actions/multi_match.h"
@@ -60,126 +65,182 @@ RuleWithActions::RuleWithActions(
     std::unique_ptr<std::string> fileName,
     int lineNumber)
     : Rule(std::move(fileName), lineNumber),
-    m_rev(""),
-    m_ver(""),
-    m_accuracy(0),
-    m_maturity(0),
     m_ruleId(0),
     m_chainedRuleChild(nullptr),
     m_chainedRuleParent(nullptr),
     m_disruptiveAction(nullptr),
     m_logData(nullptr),
     m_msg(nullptr),
-    m_severity(nullptr),
     m_actionsRuntimePos(),
     m_actionsSetVar(),
     m_actionsTag(),
-    m_transformations(transformations != NULL ? *transformations : Transformations()),
+    m_defaultActionDisruptiveAction(nullptr),
+    m_defaultActionLogData(nullptr),
+    m_defaultActionMsg(nullptr),
+    m_defaultActionActionsRuntimePos(),
+    m_defaultActionActionsSetVar(),
+    m_defaultActionActionsTag(),
+    m_transformations(transformations != nullptr ? *transformations : Transformations()),
+    m_defaultTransformations(),
+    m_severity(SEVERITY_NOT_SET),
+    m_revision(""),
+    m_version(""),
+    m_accuracy(ACCURACY_NOT_SET),
+    m_maturity(MATURITY_NOT_SET),
     m_containsCaptureAction(false),
+    m_containsLogAction(false),
+    m_containsNoLogAction(false),
     m_containsMultiMatchAction(false),
     m_containsStaticBlockAction(false),
+    m_defaultSeverity(SEVERITY_NOT_SET),
+    m_defaultRevision(""),
+    m_defaultVersion(""),
+    m_defaultAccuracy(ACCURACY_NOT_SET),
+    m_defaultMaturity(MATURITY_NOT_SET),
+    m_defaultContainsCaptureAction(false),
+    m_defaultContainsLogAction(false),
+    m_defaultContainsNoLogAction(false),
+    m_defaultContainsMultiMatchAction(false),
+    m_defaultContainsStaticBlockAction(false),
     m_isChained(false) {
 
     if (actions) {
-        for (Action *a : *actions) {
-            if (a->action_kind == Action::ConfigurationKind) {
-                a->evaluate(this, NULL);
-                delete a;
-
-            } else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
-                if (dynamic_cast<actions::Capture *>(a)) {
-                    m_containsCaptureAction = true;
-                    delete a;
-                } else if (dynamic_cast<actions::MultiMatch *>(a)) {
-                    m_containsMultiMatchAction = true;
-                    delete a;
-                } else if (dynamic_cast<actions::Severity *>(a)) {
-                    m_severity = dynamic_cast<actions::Severity *>(a);
-                } else if (dynamic_cast<actions::LogData *>(a)) {
-                    m_logData = dynamic_cast<actions::LogData*>(a);
-                } else if (dynamic_cast<actions::Msg *>(a)) {
-                    m_msg = dynamic_cast<actions::Msg*>(a);
-                } else if (dynamic_cast<actions::SetVar *>(a)) {
-                    m_actionsSetVar.push_back(
-                        dynamic_cast<actions::SetVar *>(a));
-                } else if (dynamic_cast<actions::Tag *>(a)) {
-                    m_actionsTag.push_back(dynamic_cast<actions::Tag *>(a));
-                } else if (dynamic_cast<actions::Block *>(a)) {
-                    m_actionsRuntimePos.push_back(a);
-                    m_containsStaticBlockAction = true;
-                } else if (a->isDisruptive() == true) {
-                    if (m_disruptiveAction != nullptr) {
-                        delete m_disruptiveAction;
-                        m_disruptiveAction = nullptr;
-                    }
-                    m_disruptiveAction = a;
-                } else {
-                    m_actionsRuntimePos.push_back(a);
-                }
-            } else {
-                delete a;
-                std::cout << "General failure, action: " << a->m_name;
-                std::cout << " has an unknown type." << std::endl;
-                throw;
-            }
+        for (actions::Action *a : *actions) {
+            addAction(a);
         }
-        delete actions;
     }
 }
 
-RuleWithActions::~RuleWithActions() {
-    if (m_severity) {
-        delete m_severity;
-        m_severity = nullptr;
+void RuleWithActions::addDefaultAction(std::shared_ptr<actions::Action> a) {
+    if (a->action_kind == Action::ConfigurationKind) {
+        a->evaluate(this, NULL);
+        return;
     }
-    if (m_logData) {
-        delete m_logData;
-        m_logData = nullptr;
+
+    if (a->action_kind == Action::ConfigurationKind) {
+        if (dynamic_cast<actions::Accuracy *>(a.get())) {
+            actions::Accuracy *accuracy = dynamic_cast<actions::Accuracy *>(a.get());
+            m_defaultAccuracy = accuracy->getAccuracy();
+        } else if (dynamic_cast<actions::Rev *>(a.get())) {
+            actions::Rev *rev = dynamic_cast<actions::Rev *>(a.get());
+            m_defaultRevision = rev->getRevision();
+        } else {
+            a->evaluate(this, NULL);
+        }
+        return;
     }
-    if (m_msg) {
-        delete m_msg;
-        m_msg = nullptr;
-    }
-    while (m_transformations.empty() == false) {
-        auto *a = m_transformations.back();
-        m_transformations.pop_back();
-        delete a;
-    }
-    while (m_actionsRuntimePos.empty() == false) {
-        auto *a = m_actionsRuntimePos.back();
-        m_actionsRuntimePos.pop_back();
-        delete a;
-    }
-    while (m_actionsSetVar.empty() == false) {
-        auto *a = m_actionsSetVar.back();
-        m_actionsSetVar.pop_back();
-        delete a;
-    }
-    while (m_actionsTag.empty() == false) {
-        auto *a = m_actionsTag.back();
-        m_actionsTag.pop_back();
-        delete a;
-    }
-    if (m_disruptiveAction != nullptr) {
-        delete m_disruptiveAction;
-        m_disruptiveAction = nullptr;
+
+    if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
+        if (dynamic_cast<actions::Capture *>(a.get())) {
+            m_defaultContainsCaptureAction = true;
+        } else if (dynamic_cast<actions::MultiMatch *>(a.get())) {
+            m_defaultContainsMultiMatchAction = true;
+        } else if (dynamic_cast<actions::Severity *>(a.get())) {
+            actions::Severity *severity = dynamic_cast<actions::Severity *>(a.get());
+            setDefaultActionSeverity(severity->m_severity);
+        } else if (dynamic_cast<actions::Maturity *>(a.get())) {
+            actions::Maturity *maturity = dynamic_cast<actions::Maturity *>(a.get());
+            setDefaultActionMaturity(maturity->getMaturity());
+        } else if (dynamic_cast<actions::LogData *>(a.get())) {
+            m_defaultActionLogData = std::static_pointer_cast<actions::LogData>(a);
+        } else if (dynamic_cast<actions::Msg *>(a.get())) {
+            m_defaultActionMsg = std::static_pointer_cast<actions::Msg>(a);
+        } else if (dynamic_cast<actions::SetVar *>(a.get())) {
+            m_defaultActionActionsSetVar.push_back(std::static_pointer_cast<actions::SetVar>(a));
+        } else if (dynamic_cast<actions::Tag *>(a.get())) {
+            m_defaultActionActionsTag.push_back(std::static_pointer_cast<actions::Tag>(a));
+        } else if (dynamic_cast<actions::Log *>(a.get())) {
+            m_defaultContainsLogAction = true;
+        } else if (dynamic_cast<actions::NoLog *>(a.get())) {
+            m_defaultContainsNoLogAction = true;
+        } else if (dynamic_cast<actions::Block *>(a.get())) {
+            m_defaultActionActionsRuntimePos.push_back(a);
+            m_defaultContainsStaticBlockAction = true;
+        } else if (a->isDisruptive() == true) {
+            m_defaultActionDisruptiveAction = a;
+        } else {
+            m_defaultActionActionsRuntimePos.push_back(a);
+        }
+        return;
     }
+
+    std::cout << "General failure, action: " << *a->m_name;
+    std::cout << " has an unknown type." << std::endl;
+    throw;
+
 }
 
+void RuleWithActions::addAction(actions::Action *a) {
+    if (a->action_kind == Action::ConfigurationKind) {
+        if (dynamic_cast<actions::Accuracy *>(a)) {
+            actions::Accuracy *accuracy = dynamic_cast<actions::Accuracy *>(a);
+            m_accuracy = accuracy->getAccuracy();
+        } else if (dynamic_cast<actions::Rev *>(a)) {
+            actions::Rev *rev = dynamic_cast<actions::Rev *>(a);
+            m_revision = rev->getRevision();
+        } else {
+            a->evaluate(this, NULL);
+        }
+        delete a;
+        return;
+    }
+
+    if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
+        if (dynamic_cast<actions::Capture *>(a)) {
+            m_containsCaptureAction = true;
+            delete a;
+        } else if (dynamic_cast<actions::MultiMatch *>(a)) {
+            m_containsMultiMatchAction = true;
+            delete a;
+        } else if (dynamic_cast<actions::Severity *>(a)) {
+            actions::Severity *severity = dynamic_cast<actions::Severity *>(a);
+            setSeverity(severity->m_severity);
+            delete a;
+        } else if (dynamic_cast<actions::LogData *>(a)) {
+            m_logData = std::unique_ptr<actions::LogData>(dynamic_cast<actions::LogData*>(a));
+        } else if (dynamic_cast<actions::Msg *>(a)) {
+            m_msg = std::unique_ptr<actions::Msg>(dynamic_cast<actions::Msg*>(a));
+        } else if (dynamic_cast<actions::SetVar *>(a)) {
+            m_actionsSetVar.push_back(std::unique_ptr<actions::SetVar>(dynamic_cast<actions::SetVar *>(a)));
+        } else if (dynamic_cast<actions::Maturity *>(a)) {
+            actions::Maturity *maturity = dynamic_cast<actions::Maturity *>(a);
+            m_maturity = maturity->getMaturity();
+            delete a;
+        } else if (dynamic_cast<actions::Log *>(a)) {
+            m_containsLogAction = true;
+            delete a;
+        } else if (dynamic_cast<actions::NoLog *>(a)) {
+            m_containsNoLogAction = true;
+            delete a;
+        } else if (dynamic_cast<actions::Tag *>(a)) {
+            m_actionsTag.push_back(std::unique_ptr<actions::Tag>(dynamic_cast<actions::Tag *>(a)));
+        } else if (dynamic_cast<actions::Block *>(a)) {
+            m_actionsRuntimePos.push_back(std::unique_ptr<actions::Block>(dynamic_cast<actions::Block*>(a)));
+            m_containsStaticBlockAction = true;
+        } else if (a->isDisruptive() == true) {
+            m_disruptiveAction = std::unique_ptr<Action>(a);
+        } else {
+            m_actionsRuntimePos.push_back(std::unique_ptr<Action>(a));
+        }
+        return;
+    }
+
+    std::cout << "General failure, action: " << *a->m_name;
+    std::cout << " has an unknown type." << std::endl;
+    delete a;
+    throw;
+
+}
+
+
+RuleWithActions::~RuleWithActions() { }
+
 
 bool RuleWithActions::evaluate(Transaction *transaction) {
-    RuleMessage rm(this, transaction);
-    std::shared_ptr<RuleMessage> rm2 = std::make_shared<RuleMessage>(&rm);
-    return evaluate(transaction, rm2);
-}
-
-
-bool RuleWithActions::evaluate(Transaction *transaction,
-    std::shared_ptr<RuleMessage> ruleMessage) {
 
     /* Rule evaluate is pure virtual.
      *
-     * Rule::evaluate(transaction, ruleMessage);
+     * Rule::evaluate(transaction);
      */
 
     /* Matched vars needs to be clear at every new rule execution */
@@ -190,9 +251,9 @@ bool RuleWithActions::evaluate(Transaction *transaction,
 
 
 void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
-    bool *containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
+    bool *containsBlock) {
 
-    for (actions::SetVar *a : m_actionsSetVar) {
+    for (actions::SetVar *a : getSetVarsActionsPtr()) {
         ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \
             "action: " + *a->m_name.get());
 
@@ -211,30 +272,31 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *
         } else if (*a->m_name.get() == "setvar") {
             ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \
                 "action: " + *a->m_name.get());
-            a->evaluate(this, trans, ruleMessage);
+            a->evaluate(this, trans, *trans->messageGetLast());
         }
     }
-
 }
 
 
 void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
-    bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
+    bool containsBlock) {
     bool disruptiveAlreadyExecuted = false;
 
-    for (auto &a : trans->m_rules->m_rulesSetPhases[getPhase()]->m_defaultActions) {
+#if 0
+    for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) {
         if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
             continue;
         }
         if (!a.get()->isDisruptive()) {
-            executeAction(trans, containsBlock, ruleMessage, a.get(), true);
+            executeAction(trans, containsBlock, a.get(), true);
         }
     }
+#endif
 
-    for (actions::Tag *a : this->m_actionsTag) {
+    for (actions::Tag *a : getTagsActionPtr()) {
         ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \
             + *a->m_name.get());
-        a->evaluate(this, trans, ruleMessage);
+        a->evaluate(this, trans, *trans->messageGetLast());
     }
 
     for (auto &b :
@@ -243,41 +305,47 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
             continue;
         }
         actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
-        executeAction(trans, containsBlock, ruleMessage, a, false);
+        executeAction(trans, containsBlock, a, false);
         disruptiveAlreadyExecuted = true;
     }
-    if (m_severity) {
-        m_severity->evaluate(this, trans, ruleMessage);
-    }
 
     if (m_logData) {
-        m_logData->evaluate(this, trans, ruleMessage);
+        m_logData->evaluate(this, trans, *trans->messageGetLast());
+    } else if (m_defaultActionLogData) {
+        m_defaultActionLogData->evaluate(this, trans, *trans->messageGetLast());
     }
 
     if (m_msg) {
-        m_msg->evaluate(this, trans, ruleMessage);
+        m_msg->evaluate(this, trans, *trans->messageGetLast());
+    } else if (m_defaultActionMsg) {
+        m_defaultActionMsg->evaluate(this, trans, *trans->messageGetLast());
     }
-    for (Action *a : this->m_actionsRuntimePos) {
+
+    for (auto &a : getMatchActionsPtr()) {
         if (!a->isDisruptive()
                 && !(disruptiveAlreadyExecuted
                 && dynamic_cast<actions::Block *>(a))) {
-            executeAction(trans, containsBlock, ruleMessage, a, false);
+            executeAction(trans, containsBlock, a, false);
         }
     }
     if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) {
-        executeAction(trans, containsBlock, ruleMessage,
-            m_disruptiveAction, false);
+        executeAction(trans, containsBlock,
+            m_disruptiveAction.get(), false);
+    } else if  (!disruptiveAlreadyExecuted && hasBlockAction()
+        && m_defaultActionDisruptiveAction != nullptr) {
+        executeAction(trans, containsBlock,
+            m_defaultActionDisruptiveAction.get(), false);
     }
 }
 
 
 void RuleWithActions::executeAction(Transaction *trans,
-    bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
+    bool containsBlock,
     Action *a, bool defaultContext) {
     if (a->isDisruptive() == false && *a->m_name.get() != "block") {
         ms_dbg_a(trans, 9, "Running " \
             "action: " + *a->m_name.get());
-        a->evaluate(this, trans, ruleMessage);
+        a->evaluate(this, trans, *trans->messageGetLast());
         return;
     }
 
@@ -290,7 +358,7 @@ void RuleWithActions::executeAction(Transaction *trans,
     if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) {
         ms_dbg_a(trans, 4, "Running (disruptive)     action: " + *a->m_name.get() + \
             ".");
-        a->evaluate(this, trans, ruleMessage);
+        a->evaluate(this, trans, *trans->messageGetLast());
         return;
     }
 
@@ -339,37 +407,20 @@ void RuleWithActions::executeTransformations(
     std::shared_ptr<std::string> value =
         std::shared_ptr<std::string>(new std::string(in));
 
-    if (m_containsMultiMatchAction == true) {
+    if (hasMultimatchAction()) {
         /* keep the original value */
         ret.push_back(std::make_pair(
             std::shared_ptr<std::string>(new std::string(*value)),
             std::shared_ptr<std::string>(new std::string(path))));
     }
 
-    for (Action *a : m_transformations) {
+    for (Action *a : getTransformationPtr()) {
         if (a->m_isNone) {
             none++;
         }
     }
 
-    // Check for transformations on the SecDefaultAction
-    // Notice that first we make sure that won't be a t:none
-    // on the target rule.
-    if (none == 0) {
-        for (auto &a : trans->m_rules->m_rulesSetPhases[getPhase()]->m_defaultActions) {
-            if (a->action_kind \
-                != actions::Action::RunTimeBeforeMatchAttemptKind) {
-                continue;
-            }
-
-            // FIXME: here the object needs to be a transformation already.
-            Transformation *t = dynamic_cast<Transformation *>(a.get());
-            executeTransformation(t, &value, trans, &ret, &path,
-                &transformations);
-        }
-    }
-
-    for (Transformation *a : m_transformations) {
+    for (Transformation *a : getTransformationPtr()) {
         if (none == 0) {
             Transformation *t = dynamic_cast<Transformation *>(a);
             executeTransformation(t, &value, trans, &ret, &path,
@@ -423,8 +474,8 @@ void RuleWithActions::executeTransformations(
 }
 
 
-bool RuleWithActions::containsTag(const std::string& name, Transaction *t) {
-    for (auto &tag : m_actionsTag) {
+bool RuleWithActions::containsTag(const std::string& name, Transaction *t) const {
+    for (auto &tag : getTagsAction()) {
         if (tag != NULL && tag->getName(t) == name) {
             return true;
         }
@@ -441,12 +492,12 @@ bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) {
 std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::string& name,
     Transaction *trans) {
     std::vector<actions::Action *> ret;
-    for (auto &z : m_actionsRuntimePos) {
+    for (auto &z : getMatchActionsPtr()) {
         if (*z->m_name.get() == name) {
             ret.push_back(z);
         }
     }
-    for (auto &z : m_transformations) {
+    for (auto &z : getTransformationPtr()) {
         if (*z->m_name.get() == name) {
             ret.push_back(z);
         }
@@ -474,76 +525,9 @@ std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::stri
     return ret;
 }
 
-void RuleWithActions::performLogging(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage,
-    bool lastLog,
-    bool chainedParentNull) {
+std::string RuleWithActions::getLogData(Transaction *t) { return m_logData->data(t); }
+std::string RuleWithActions::getMessage(Transaction *t) { return m_msg->data(t); }
 
-    /* last rule in the chain. */
-    bool isItToBeLogged = ruleMessage->m_saveMessage;
-
-    /**
-    *
-    * RuleMessage is stacked allocated for the rule execution,
-    * anything beyond this may lead to invalid pointer access.
-    *
-    * In case of a warning, o set of messages is saved to be read
-    * at audit log generation. Therefore demands a copy here.
-    *
-    * FIXME: Study an way to avoid the copy.
-    *
-    **/
-    if (lastLog) {
-        if (chainedParentNull) {
-            isItToBeLogged = (ruleMessage->m_saveMessage && (m_chainedRuleParent == nullptr));
-            if (isItToBeLogged && !hasMultimatch()) {
-                /* warn */
-                trans->m_rulesMessages.push_back(*ruleMessage);
-
-                /* error */
-                if (!ruleMessage->m_isDisruptive) {
-                    trans->serverLog(ruleMessage);
-                }
-            }
-        } else if (hasBlockAction() && !hasMultimatch()) {
-            /* warn */
-            trans->m_rulesMessages.push_back(*ruleMessage);
-            /* error */
-            if (!ruleMessage->m_isDisruptive) {
-                trans->serverLog(ruleMessage);
-            }
-        } else {
-            if (isItToBeLogged && !hasMultimatch()
-                && !ruleMessage->m_message.empty()) {
-                /* warn */
-                trans->m_rulesMessages.push_back(*ruleMessage);
-
-                /* error */
-                if (!ruleMessage->m_isDisruptive) {
-                    trans->serverLog(ruleMessage);
-                }
-            }
-        }
-    } else {
-        if (hasMultimatch() && isItToBeLogged) {
-            /* warn */
-            trans->m_rulesMessages.push_back(*ruleMessage.get());
-
-            /* error */
-            if (!ruleMessage->m_isDisruptive) {
-                trans->serverLog(ruleMessage);
-            }
-
-            RuleMessage *rm = new RuleMessage(this, trans);
-            rm->m_saveMessage = ruleMessage->m_saveMessage;
-            ruleMessage.reset(rm);
-        }
-    }
-}
-
-std::string RuleWithActions::logData(Transaction *t) { return m_logData->data(t); }
-std::string RuleWithActions::msg(Transaction *t) { return m_msg->data(t); }
-int RuleWithActions::severity() const { return m_severity->m_severity; }
 
 
 }  // namespace modsecurity
diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc
index 8cb322e6..aeb740e8 100644
--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@@ -58,24 +58,13 @@ RuleWithOperator::RuleWithOperator(Operator *op,
     std::unique_ptr<std::string> fileName,
     int lineNumber)
     : RuleWithActions(actions, transformations, std::move(fileName), lineNumber),
-    m_variables(_variables),
-    m_operator(op) { /* */ }
+    m_variables(std::unique_ptr<variables::Variables>(_variables)),
+    m_operator(std::unique_ptr<Operator>(op)) { /* */ }
+
+
 
 
 RuleWithOperator::~RuleWithOperator() {
-    if (m_operator != NULL) {
-        delete m_operator;
-    }
-
-    while (m_variables != NULL && m_variables->empty() == false) {
-        auto *a = m_variables->back();
-        m_variables->pop_back();
-        delete a;
-    }
-
-    if (m_variables != NULL) {
-        delete m_variables;
-    }
 }
 
 
@@ -101,7 +90,7 @@ void RuleWithOperator::cleanMatchedVars(Transaction *trans) {
 
 
 bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &key,
-    std::string value, std::shared_ptr<RuleMessage> ruleMessage) {
+    std::string value) {
 #if MSC_EXEC_CLOCK_ENABLED
     clock_t begin = clock();
     clock_t end;
@@ -113,7 +102,7 @@ bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &
         utils::string::toHexIfNeeded(value)) \
         + "\" (Variable: " + key + ")");
 
-    ret = this->m_operator->evaluateInternal(trans, this, value, ruleMessage);
+    ret = m_operator->evaluateInternal(trans, this, value, trans->messageGetLast());
 
     if (ret == false) {
         return false;
@@ -213,10 +202,9 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
 }
 
 
-bool RuleWithOperator::evaluate(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage) {
+bool RuleWithOperator::evaluate(Transaction *trans) {
     bool globalRet = false;
-    variables::Variables *variables = this->m_variables;
+    variables::Variables *variables = m_variables.get();
     bool recursiveGlobalRet;
     bool containsBlock = hasBlockAction();
     std::string eparam;
@@ -224,8 +212,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
     vars.reserve(4);
     variables::Variables exclusion;
 
-    RuleWithActions::evaluate(trans, ruleMessage);
-
+    RuleWithActions::evaluate(trans);
 
     // FIXME: Make a class runTimeException to handle this cases.
     for (auto &i : trans->m_ruleRemoveById) {
@@ -311,21 +298,21 @@ bool RuleWithOperator::evaluate(Transaction *trans,
                 bool ret;
                 std::string valueAfterTrans = std::move(*valueTemp.first);
 
-                ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage);
+                ret = executeOperatorAt(trans, key, valueAfterTrans);
 
                 if (ret == true) {
-                    ruleMessage->m_match = m_operator->resolveMatchMessage(trans,
+                    trans->messageGetLast()->m_match = m_operator->resolveMatchMessage(trans,
                         key, value);
+
                     for (auto &i : v->getOrigin()) {
-                        ruleMessage->m_reference.append(i->toText());
+                        trans->messageGetLast()->m_reference.append(i->toText());
                     }
 
-                    ruleMessage->m_reference.append(*valueTemp.second);
+                    trans->messageGetLast()->m_reference.append(*valueTemp.second);
+
                     updateMatchedVars(trans, key, valueAfterTrans);
                     executeActionsIndependentOfChainedRuleResult(trans,
-                        &containsBlock, ruleMessage);
-
-                    performLogging(trans, ruleMessage, false);
+                        &containsBlock);
 
                     globalRet = true;
                 }
@@ -344,7 +331,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
     }
     ms_dbg_a(trans, 4, "Rule returned 1.");
 
-    if (this->isChained() == false) {
+    if (this->hasChainAction() == false) {
         goto end_exec;
     }
 
@@ -356,7 +343,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
     }
 
     ms_dbg_a(trans, 4, "Executing chained rule.");
-    recursiveGlobalRet = m_chainedRuleChild->evaluate(trans, ruleMessage);
+    recursiveGlobalRet = m_chainedRuleChild->evaluate(trans);
 
     if (recursiveGlobalRet == true) {
         goto end_exec;
@@ -366,10 +353,21 @@ end_clean:
     return false;
 
 end_exec:
-    executeActionsAfterFullMatch(trans, containsBlock, ruleMessage);
+    executeActionsAfterFullMatch(trans, containsBlock);
 
     /* last rule in the chain. */
-    performLogging(trans, ruleMessage, true, true);
+    trans->logMatchLastRuleOnTheChain(this);
+
+    if (hasSeverityAction()) {
+        ms_dbg_a(trans, 9, "This rule severity is: " + \
+            std::to_string(getSeverity()) + " current transaction is: " + \
+            std::to_string(trans->m_highestSeverityAction));
+
+        if (trans->m_highestSeverityAction > getSeverity()) {
+            trans->m_highestSeverityAction = getSeverity();
+        }
+    }
+
     return true;
 }
 
diff --git a/src/rules_set.cc b/src/rules_set.cc
index 40d26e05..63441869 100644
--- a/src/rules_set.cc
+++ b/src/rules_set.cc
@@ -31,6 +31,46 @@ using modsecurity::Utils::HttpsClient;
 
 namespace modsecurity {
 
+    void Rules::fixDefaultActions() {
+        for (size_t i = 0; i < m_rules.size(); i++) {
+            auto &rule = m_rules[i];
+
+            RuleWithActions *r = dynamic_cast<RuleWithActions *>(rule.get());
+            if (!r) {
+                continue;
+            }
+
+            if (dynamic_cast<RuleWithOperator *>(rule.get())) {
+                RuleWithOperator *op = new RuleWithOperator(*dynamic_cast<RuleWithOperator *>(rule.get()));
+                std::unique_ptr<RuleWithOperator> nrp(op);
+                m_rules[i] = std::move(nrp);
+            } else if (dynamic_cast<RuleUnconditional *>(rule.get())) {
+                RuleUnconditional *un = new RuleUnconditional(*dynamic_cast<RuleUnconditional *>(rule.get()));
+                std::unique_ptr<RuleUnconditional> nrp(un);
+                m_rules[i] = std::move(nrp);
+            } else if (dynamic_cast<RuleScript *>(rule.get())) {
+                RuleScript *rs = new RuleScript(*dynamic_cast<RuleScript *>(rule.get()));
+                std::unique_ptr<RuleScript> nrp(rs);
+                m_rules[i] = std::move(nrp);
+            } else {
+                RuleWithActions *nr = new RuleWithActions(*dynamic_cast<RuleWithActions *>(rule.get()));
+                std::unique_ptr<RuleWithActions> nrp(nr);
+                m_rules[i] = std::move(nrp);
+            }
+
+            RuleWithActions *nr = dynamic_cast<RuleWithActions *>(m_rules[i].get());
+            nr->clearDefaultActions();
+            for (auto a : m_defaultActions) {
+                nr->addDefaultAction(a);
+            }
+            for (auto a : m_defaultTransformations) {
+                nr->addDefaultTransformation(a);
+            }
+
+
+        }
+    }
+
 
 /**
  * @name    loadFromUri
diff --git a/src/rules_set_phases.cc b/src/rules_set_phases.cc
index f0d572cb..e962945e 100644
--- a/src/rules_set_phases.cc
+++ b/src/rules_set_phases.cc
@@ -62,11 +62,27 @@ int RulesSetPhases::append(RulesSetPhases *from, std::ostringstream *err) {
         }
         amount_of_rules = amount_of_rules + res;
 
-        std::vector<std::shared_ptr<actions::Action> > *actions_from = &from->at(phase)->m_defaultActions;
-        std::vector<std::shared_ptr<actions::Action> > *actions_to = &at(phase)->m_defaultActions;
 
-        for (size_t j = 0; j < actions_from->size(); j++) {
-            actions_to->push_back(actions_from->at(j));
+        /**
+         * An action set in a child will overwrite an action set on a parent.
+         *
+         */
+        std::vector<std::shared_ptr<actions::Action> > *actions_to = &at(phase)->m_defaultActions;
+        std::vector<std::shared_ptr<actions::transformations::Transformation> > *actions_t_to = &at(phase)->m_defaultTransformations;
+        if (actions_to->size() == 0 || actions_t_to->size() == 0) {
+            std::vector<std::shared_ptr<actions::Action> > *actions_from = &from->at(phase)->m_defaultActions;
+
+            actions_to->clear();
+            for (size_t j = 0; j < actions_from->size(); j++) {
+                actions_to->push_back(actions_from->at(j));
+            }
+
+            std::vector<std::shared_ptr<actions::transformations::Transformation> > *actions_t_from = &from->at(phase)->m_defaultTransformations;
+            actions_t_to->clear();
+            for (size_t j = 0; j < actions_t_from->size(); j++) {
+                actions_t_to->push_back(actions_t_from->at(j));
+            }
+            at(phase)->fixDefaultActions();
         }
     }
 
diff --git a/src/transaction.cc b/src/transaction.cc
index 822272c9..f7d28614 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -61,6 +61,33 @@ using modsecurity::RequestBodyProcessor::XML;
 
 namespace modsecurity {
 
+
+RuleMessage *TransactionRuleMessageManagement::messageGetLast() {
+    return m_rulesMessages.back();
+}
+
+void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(RuleWithActions *rule) {
+    RuleMessage *rm = m_rulesMessages.back();
+
+    rm->setRule(rule);
+
+    if (rule->hasDisruptiveAction() && 
+        (m_transaction->getRuleEngineState() == RulesSet::DetectionOnlyRuleEngine)) {
+        /* error */
+        // The error goes over the disruptive massage. We don't need it here.
+        //m_transaction->serverLog(rm);
+    } else if (rule->hasBlockAction() && (!rule->hasNoLogAction()) || rule->hasLogAction()) {
+        /* Log as warning. */
+        m_transaction->serverLog(rm);
+        messageNew();
+    }
+}
+
+void TransactionRuleMessageManagement::messageNew() {
+    m_rulesMessages.push_back(new RuleMessage(m_transaction));
+}
+
+
 /**
  * @name    Transaction
  * @brief   Represents the inspection on an entire request.
@@ -122,7 +149,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
     m_ruleRemoveTargetById(),
     m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
     m_auditLogModifier(),
-    m_rulesMessages(),
     m_requestBody(),
     m_responseBody(),
     /* m_id(), */
@@ -160,7 +186,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
     m_variableTimeWDay(""),
     m_variableTimeYear(""),
     m_logCbData(logCbData),
-    TransactionAnchoredVariables(this) {
+    TransactionAnchoredVariables(this),
+    TransactionRuleMessageManagement(this) {
     m_id = std::unique_ptr<std::string>(
         new std::string(
             std::to_string(m_timeStamp)));
@@ -195,7 +222,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
     m_ruleRemoveTargetById(),
     m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
     m_auditLogModifier(),
-    m_rulesMessages(),
     m_requestBody(),
     m_responseBody(),
     m_id(std::unique_ptr<std::string>(new std::string(id))),
@@ -233,7 +259,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
     m_variableTimeWDay(""),
     m_variableTimeYear(""),
     m_logCbData(logCbData),
-    TransactionAnchoredVariables(this) {
+    TransactionAnchoredVariables(this),
+    TransactionRuleMessageManagement(this) {
 
     m_variableUrlEncodedError.set("0", 0);
 
@@ -250,7 +277,7 @@ Transaction::~Transaction() {
     m_requestBody.str(std::string());
     m_requestBody.clear();
 
-    m_rulesMessages.clear();
+    messageClear();
 
     intervention::free(&m_it);
     intervention::clean(&m_it);
@@ -1584,8 +1611,8 @@ std::string Transaction::toOldAuditLogFormat(int parts,
     }
     if (parts & audit_log::AuditLog::HAuditLogPart) {
         audit_log << "--" << trailer << "-" << "H--" << std::endl;
-        for (auto a : m_rulesMessages) {
-            audit_log << a.log(0, m_httpCodeReturned) << std::endl;
+        for (auto a : messageGetAll()) {
+            audit_log << a->log(0, m_httpCodeReturned) << std::endl;
         }
         audit_log << std::endl;
         /** TODO: write audit_log H part. */
@@ -1747,36 +1774,36 @@ std::string Transaction::toJSON(int parts) {
             reinterpret_cast<const unsigned char*>("messages"),
             strlen("messages"));
         yajl_gen_array_open(g);
-        for (auto a : m_rulesMessages) {
+        for (auto a : messageGetAll()) {
             yajl_gen_map_open(g);
-            LOGFY_ADD("message", a.m_message.c_str());
+            LOGFY_ADD("message", a->m_message.c_str());
             yajl_gen_string(g,
                 reinterpret_cast<const unsigned char*>("details"),
                 strlen("details"));
             yajl_gen_map_open(g);
-            LOGFY_ADD("match", a.m_match.c_str());
-            LOGFY_ADD("reference", a.m_reference.c_str());
-            LOGFY_ADD("ruleId", std::to_string(a.m_ruleId).c_str());
-            LOGFY_ADD("file", a.m_ruleFile->c_str());
-            LOGFY_ADD("lineNumber", std::to_string(a.m_ruleLine).c_str());
-            LOGFY_ADD("data", a.m_data.c_str());
-            LOGFY_ADD("severity", std::to_string(a.m_severity).c_str());
-            LOGFY_ADD("ver", a.m_ver.c_str());
-            LOGFY_ADD("rev", a.m_rev.c_str());
+            LOGFY_ADD("match", a->m_match.c_str());
+            LOGFY_ADD("reference", a->m_reference.c_str());
+            LOGFY_ADD("ruleId", std::to_string(a->getRuleId()).c_str());
+            LOGFY_ADD("file", a->getFileName().c_str());
+            LOGFY_ADD("lineNumber", std::to_string(a->getLineNumber()).c_str());
+            LOGFY_ADD("data", a->m_data.c_str());
+            LOGFY_ADD("severity", std::to_string(a->m_severity).c_str());
+            LOGFY_ADD("ver", a->getVer().c_str());
+            LOGFY_ADD("rev", a->getRev().c_str());
 
             yajl_gen_string(g,
                 reinterpret_cast<const unsigned char*>("tags"),
                 strlen("tags"));
             yajl_gen_array_open(g);
-            for (auto b : a.m_tags) {
+           for (auto b : a->m_tags) {
                 yajl_gen_string(g,
                     reinterpret_cast<const unsigned char*>(b.c_str()),
                     strlen(b.c_str()));
             }
             yajl_gen_array_close(g);
 
-            LOGFY_ADD("maturity", std::to_string(a.m_maturity).c_str());
-            LOGFY_ADD("accuracy", std::to_string(a.m_accuracy).c_str());
+            LOGFY_ADD("maturity", std::to_string(a->getMaturity()).c_str());
+            LOGFY_ADD("accuracy", std::to_string(a->getAccuracy()).c_str());
             yajl_gen_map_close(g);
             yajl_gen_map_close(g);
         }
@@ -1805,7 +1832,7 @@ std::string Transaction::toJSON(int parts) {
 }
 
 
-void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
+void Transaction::serverLog(RuleMessage *rm) {
     m_ms->serverLog(m_logCbData, rm);
 }
 
diff --git a/src/variables/rule.h b/src/variables/rule.h
index f9e2f989..9667d24a 100644
--- a/src/variables/rule.h
+++ b/src/variables/rule.h
@@ -42,10 +42,6 @@ class Rule_DictElement : public VariableDictElement { \
         std::vector<const VariableValue *> *l) {
         RuleWithActions *r = rule;
 
-        while (r && r->m_ruleId == 0) {
-            r = r->m_chainedRuleParent;
-        }
-
         if (!r || r->m_ruleId == 0) {
             return;
         }
@@ -67,24 +63,22 @@ class Rule_DictElement : public VariableDictElement { \
         std::vector<const VariableValue *> *l) {
         RuleWithActions *r = rule;
 
-        while (r && r->m_rev.empty()) {
-            r = r->m_chainedRuleParent;
-        }
-
         if (!r) {
             return;
         }
 
-        std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
-        std::string *a = new std::string(r->m_rev);
-        VariableValue *var = new VariableValue(&m_rule, &m_rule_rev,
-            a
-        );
-        delete a;
-        origin->m_offset = 0;
-        origin->m_length = 0;
-        var->addOrigin(std::move(origin));
-        l->push_back(var);
+        if (r->hasRevisionAction()) {
+            std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
+            std::string *a = new std::string(r->getRevision());
+            VariableValue *var = new VariableValue(&m_rule, &m_rule_rev,
+                a
+            );
+            delete a;
+            origin->m_offset = 0;
+            origin->m_length = 0;
+            var->addOrigin(std::move(origin));
+            l->push_back(var);
+        }
     }
 
 
@@ -93,13 +87,13 @@ class Rule_DictElement : public VariableDictElement { \
         std::vector<const VariableValue *> *l) {
         RuleWithActions *r = rule;
 
-        while (r && !r->hasSeverity()) {
-            r = r->m_chainedRuleParent;
+        if (!r) {
+            return;
         }
 
-        if (r && r->hasSeverity()) {
+        if (r->hasSeverityAction()) {
             std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
-            std::string *a = new std::string(std::to_string(r->severity()));
+            std::string *a = new std::string(std::to_string(r->getSeverity()));
             VariableValue *var = new VariableValue(&m_rule, &m_rule_severity,
                 a
             );
@@ -117,13 +111,13 @@ class Rule_DictElement : public VariableDictElement { \
         std::vector<const VariableValue *> *l) {
         RuleWithActions *r = rule;
 
-        while (r && !r->hasLogData()) {
-            r = r->m_chainedRuleParent;
+        if (!r) {
+            return;
         }
 
-        if (r && r->hasLogData()) {
+        if (r->hasLogDataAction()) {
             std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
-            std::string *a = new std::string(r->logData(t));
+            std::string *a = new std::string(r->getLogData(t));
             VariableValue *var = new VariableValue(&m_rule, &m_rule_logdata,
                 a
             );
@@ -140,13 +134,13 @@ class Rule_DictElement : public VariableDictElement { \
         std::vector<const VariableValue *> *l) {
         RuleWithActions *r = rule;
 
-        while (r && !r->hasMsg()) {
-            r = r->m_chainedRuleParent;
+        if (!r) {
+            return;
         }
 
-        if (r && r->hasMsg()) {
+        if (r->hasMessageAction()) {
             std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
-            std::string *a = new std::string(r->msg(t));
+            std::string *a = new std::string(r->getMessage(t));
             VariableValue *var = new VariableValue(&m_rule, &m_rule_msg,
                 a
             );
@@ -165,11 +159,11 @@ class Rule_DictElement : public VariableDictElement { \
             id(t, rule, l);
             return;
         }
-        if (rule && m_dictElement == "rev") {
+        if (m_dictElement == "rev") {
             rev(t, rule, l);
             return;
         }
-        if (rule && m_dictElement == "severity") {
+        if (m_dictElement == "severity") {
             severity(t, rule, l);
             return;
         }
diff --git a/test/cppcheck_suppressions.txt b/test/cppcheck_suppressions.txt
index 281540f0..b3b63400 100644
--- a/test/cppcheck_suppressions.txt
+++ b/test/cppcheck_suppressions.txt
@@ -27,6 +27,8 @@ shiftNegative:src/utils/msc_tree.cc
 *:src/utils/msc_tree.cc
 invalidScanfArgType_int:src/rules_set_properties.cc:101
 invalidScanfArgType_int:src/rules_set_properties.cc:102
+redundantAssignment:src/operators/pm.cc:94
+
 
 
 // 
@@ -35,7 +37,7 @@ invalidScanfArgType_int:src/rules_set_properties.cc:102
 unmatchedSuppression:src/utils/geo_lookup.cc:82
 useInitializationList:src/utils/shared_files.h:87
 unmatchedSuppression:src/utils/msc_tree.cc
-functionStatic:headers/modsecurity/transaction.h:407
+functionStatic:headers/modsecurity/transaction.h:456
 duplicateBranch:src/audit_log/audit_log.cc:223
 unreadVariable:src/request_body_processor/multipart.cc:435
 stlcstrParam:src/audit_log/writer/parallel.cc:145
diff --git a/test/test-cases/regression/config-update-action-by-id.json b/test/test-cases/regression/config-update-action-by-id.json
index 4e1a3fc2..6e343be5 100644
--- a/test/test-cases/regression/config-update-action-by-id.json
+++ b/test/test-cases/regression/config-update-action-by-id.json
@@ -122,7 +122,7 @@
     },
     "expected":{
       "http_code": 200,
-      "debug_log": "Running action: log"
+      "debug_log": "Rule returned 1"
     },
     "rules":[
         "SecRuleEngine On",
@@ -167,7 +167,7 @@
     },
     "expected":{
       "http_code": 200,
-      "debug_log": "Running action: log"
+      "debug_log": "Rule returned 1"
     },
     "rules":[
         "SecRuleEngine On",
diff --git a/test/test-cases/regression/issue-1528.json b/test/test-cases/regression/issue-1528.json
index f2257055..74f2c3db 100644
--- a/test/test-cases/regression/issue-1528.json
+++ b/test/test-cases/regression/issue-1528.json
@@ -31,8 +31,8 @@
   },
   "rules": [
     "SecRuleEngine On",
-    "SecAction \"id:1, nolog, setvar:tx.bad_value=attack\"",
-    "SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,block\""
+    "SecAction \"id:1, setvar:tx.bad_value=attack\"",
+    "SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,log\""
   ]
 }
 ]
diff --git a/test/test-cases/regression/issue-1844.json b/test/test-cases/regression/issue-1844.json
index 6ccb1f5e..df1a4ec6 100644
--- a/test/test-cases/regression/issue-1844.json
+++ b/test/test-cases/regression/issue-1844.json
@@ -37,10 +37,12 @@
       ]
     },
     "expected":{
-      "error_log":"line \"29\""
+      "error_log":"line \"29\"",
+      "http_code": 403
     },
     "rules":[
       "SecRuleEngine On",
+      "SecDefaultAction \"phase:request,deny\"",
       "SecRule WEBAPPID \"@contains test1\" \"id:1,phase:3,pass,t:trim\"",
       "Include test-cases/data/big-file.conf"
     ]
@@ -129,10 +131,12 @@
       ]
     },
     "expected":{
-      "error_log":"line \"84\""
+      "error_log":"line \"84\"",
+      "http_code": 403
     },
     "rules":[
       "SecRuleEngine On",
+      "SecDefaultAction \"phase:request,deny\"",
       "SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
       "Include test-cases/data/big-file.conf"
     ]
@@ -175,11 +179,13 @@
       ]
     },
     "expected":{
-      "error_log":"line \"116\""
+      "error_log":"line \"116\"",
+      "http_code":403
     },
     "rules":[
       "SecRuleEngine On",
-      "SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
+      "SecDefaultAction \"phase:request,deny\"",
+      "SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,deny,t:trim\"",
       "Include test-cases/data/big-file.conf"
     ]
   },
@@ -221,10 +227,12 @@
       ]
     },
     "expected":{
-      "error_log":"line \"174\""
+      "error_log":"line \"174\"",
+      "http_code":403
     },
     "rules":[
       "SecRuleEngine On",
+      "SecDefaultAction \"phase:request,deny\"",
       "SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
       "Include test-cases/data/big-file.conf"
     ]
@@ -267,10 +275,12 @@
       ]
     },
     "expected":{
-      "error_log":"line \"174\""
+      "error_log":"line \"174\"",
+      "http_code":403
     },
     "rules":[
       "SecRuleEngine On",
+      "SecDefaultAction \"phase:request,deny\"",
       "SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
       "Include test-cases/data/not-so-big-file.conf"
     ]
diff --git a/test/test-cases/regression/issue-2296.json b/test/test-cases/regression/issue-2296.json
index bc64d19b..bfb0356a 100644
--- a/test/test-cases/regression/issue-2296.json
+++ b/test/test-cases/regression/issue-2296.json
@@ -33,13 +33,13 @@
       ]
     },
     "expected":{
-      "http_code":200,
+      "http_code":300,
       "debug_log":"Target value: \"is a simple test\"",
       "error_log":"Operator `Rx' with parameter `test' against variable `ARGS:THIS'"
     },
     "rules":[
         "SecRuleEngine On",
-        "SecRule ARGS:/^ThIs$/ \"test\" \"id:1\""
+        "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,deny,status:300\""
     ]
   },
   {
@@ -119,13 +119,13 @@
       ]
     },
     "expected":{
-      "http_code":200,
+      "http_code":300,
       "debug_log":"Target value: \"is a simple test\"",
       "error_log":"msg \"Testing is a simple test\""
     },
     "rules":[
         "SecRuleEngine On",
-        "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}'\""
+        "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}',deny,status:300\""
     ]
   },
   {
@@ -162,13 +162,13 @@
       ]
     },
     "expected":{
-      "http_code":200,
+      "http_code":300,
       "debug_log":"Target value: \"is a simple test\"",
       "error_log":"msg \"Testing is a simple test\""
     },
     "rules":[
         "SecRuleEngine On",
-        "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}',chain\"",
+        "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}',chain,deny,status:300\"",
         "SecRule MATCHED_VARS:/thIs/ \"is a simple test\" \"log\""
     ]
   },
diff --git a/test/test-cases/regression/offset-variable.json b/test/test-cases/regression/offset-variable.json
index de633167..ea03b07a 100644
--- a/test/test-cases/regression/offset-variable.json
+++ b/test/test-cases/regression/offset-variable.json
@@ -22,10 +22,12 @@
       ]
     },
     "expected":{
-      "error_log":"o0,3v23,6t:trim"
+      "error_log":"o0,3v23,6t:trim",
+      "http_code": 403
     },
     "rules":[
-      "SecRule ARGS \"@rx val\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS \"@rx val\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny,log\""
     ]
   },
   {
@@ -51,10 +53,12 @@
       ]
     },
     "expected":{
-      "error_log":"o3,3v37,6t:trim"
+      "error_log":"o3,3v37,6t:trim",
+      "http_code":403
     },
     "rules":[
-      "SecRule ARGS_GET \"@rx ue2\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_GET \"@rx ue2\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -83,11 +87,13 @@
       ]
     },
     "expected":{
-      "error_log":"o3,3v142,6t:trim"
+      "error_log":"o3,3v142,6t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_POST \"@rx ue1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_POST \"@rx ue1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -116,11 +122,13 @@
       ]
     },
     "expected":{
-      "error_log":"o3,3v156,6t:trim"
+      "error_log":"o3,3v156,6t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_POST \"@rx ue2\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_POST \"@rx ue2\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -149,11 +157,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,6v17,6t:trim"
+      "error_log":"o0,6v17,6t:trim",
+      "http_code":403
     },
     "rules":[
+      "SecRuleEngine On",
       "SecRequestBodyAccess On",
-      "SecRule ARGS_GET_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_GET_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -182,11 +192,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,6v31,6t:trim"
+      "error_log":"o0,6v31,6t:trim",
+      "http_code":403
     },
     "rules":[
+      "SecRuleEngine On",
       "SecRequestBodyAccess On",
-      "SecRule ARGS_GET_NAMES \"@rx param2\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_GET_NAMES \"@rx param2\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -219,7 +231,7 @@
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_GET_NAMES \"@rx am1 par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_GET_NAMES \"@rx am1 par\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -252,7 +264,7 @@
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_GET_NAMES \"@rx am1 param2 par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_GET_NAMES \"@rx am1 param2 par\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -281,11 +293,13 @@
       ]
     },
     "expected":{
-      "error_log": "0,6v149,6t:trim"
+      "error_log": "0,6v149,6t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_POST_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_POST_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -314,11 +328,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,6v17,6t:trim"
+      "error_log":"o0,6v17,6t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
     {
@@ -344,11 +360,13 @@
       ]
     },
     "expected":{
-      "error_log":"v16,6v23,6v30,6v37,6v44,6v51,6t:trim"
+      "error_log":"v16,6v23,6v30,6v37,6v44,6v51,6t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_COMBINED_SIZE \"@gt 1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_COMBINED_SIZE \"@gt 1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
     },
     {
@@ -374,11 +392,13 @@
       ]
     },
     "expected":{
-      "error_log":"v16,6v23,6v30,6v37,6v44,6v51,6t:trim"
+      "error_log":"v16,6v23,6v30,6v37,6v44,6v51,6t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_COMBINED_SIZE \"@gt 1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule ARGS_COMBINED_SIZE \"@gt 1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
     {
@@ -405,11 +425,13 @@
       ]
     },
     "expected":{
-      "error_log":"o23,6v0,63t:trim"
+      "error_log":"o23,6v0,63t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_LINE \"value1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_LINE \"value1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
     {
@@ -437,11 +459,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,3v0,3t:trim"
+      "error_log":"o0,3v0,3t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_METHOD \"GET\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_METHOD \"GET\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -469,11 +493,13 @@
       ]
     },
     "expected":{
-      "error_log":"o5,3v58,8t:trim"
+      "error_log":"o5,3v58,8t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_PROTOCOL \"1.1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_PROTOCOL \"1.1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -501,11 +527,13 @@
       ]
     },
     "expected":{
-      "error_log":"o1,5v4,11t:trim"
+      "error_log":"o1,5v4,11t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule PATH_INFO \"index\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule PATH_INFO \"index\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -533,11 +561,13 @@
       ]
     },
     "expected":{
-      "error_log":"o7,6v16,41t:trim"
+      "error_log":"o7,6v16,41t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule QUERY_STRING \"value1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule QUERY_STRING \"value1\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -565,11 +595,13 @@
       ]
     },
     "expected":{
-      "error_log":"o6,4v5,10t:trim"
+      "error_log":"o6,4v5,10t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_BASENAME \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_BASENAME \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -597,11 +629,13 @@
       ]
     },
     "expected":{
-      "error_log":"o7,4v4,59t:trim"
+      "error_log":"o7,4v4,59t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_URI \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_URI \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
   {
@@ -629,11 +663,14 @@
       ]
     },
     "expected":{
-      "error_log":"o7,4v4,59t:trim"
+      "error_log":"o7,4v4,59t:trim",
+      "http_code": 403
+
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_URI_RAW \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_URI_RAW \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
 
@@ -661,11 +698,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,9v89,9t:trim"
+      "error_log":"o0,9v89,9t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_HEADERS \"localhost\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS \"localhost\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
 
@@ -693,11 +732,13 @@
       ]
     },
     "expected":{
-      "error_log":"o14,3v163,33t:trim"
+      "error_log":"o14,3v163,33t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_HEADERS \"www\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS \"www\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
   },
       {
@@ -724,11 +765,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,5v162,5t:trim"
+      "error_log":"o0,5v162,5t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule AUTH_TYPE \"Basic\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule AUTH_TYPE \"Basic\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
     },
     {
@@ -755,11 +798,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,5v79,5t:trim"
+      "error_log":"o0,5v79,5t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule AUTH_TYPE \"Basic\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule AUTH_TYPE \"Basic\" \"id:1,phase:2,pass,t:trim,msg:'ops',deny\""
     ]
     },
     {
@@ -786,11 +831,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,4v64,13t:lowercase"
+      "error_log":"o0,4v64,13t:lowercase",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowercase,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
     ]
     },
     {
@@ -818,11 +865,13 @@
       ]
     },
     "expected":{
-      "error_log":"o1,2v216,3t:lowercase"
+      "error_log":"o1,2v216,3t:lowercase",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowercase,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
     ]
     },
     {
@@ -850,11 +899,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,1v223,1t:lowercase"
+      "error_log":"o0,1v223,1t:lowercase",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowercase,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
     ]
     },
     {
@@ -882,11 +933,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,1v228,1t:lowercase,t:trim"
+      "error_log":"o0,1v228,1t:lowercase,t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowercase,t:trim,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowercase,t:trim,msg:'ops',deny\""
     ]
     },
     {
@@ -914,11 +967,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,1v226,1"
+      "error_log":"o0,1v226,1",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_COOKIES_NAMES \"t\" \"id:1,phase:2,pass,msg:'ops'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_COOKIES_NAMES \"t\" \"id:1,phase:2,pass,msg:'ops',deny\""
     ]
   },
   {
@@ -956,11 +1011,12 @@
       ]
     },
     "expected":{
-      "error_log":"o0,7v198,30t:trim"
+      "error_log":"o0,7v198,30t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRuleEngine On",
-      "SecRule REMOTE_USER \"Aladdin\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRule REMOTE_USER \"Aladdin\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1005,11 +1061,13 @@
       ]
     },
     "expected":{
-      "error_log":"o45,30v193,516t:trim"
+      "error_log":"o45,30v193,516t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_BODY \"Content-Disposition: form-data\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_BODY \"Content-Disposition: form-data\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1054,11 +1112,13 @@
       ]
     },
     "expected":{
-      "error_log":"o45,30v193,516t:trim"
+      "error_log":"o45,30v193,516t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_BODY \"Content-Disposition: form-data\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_BODY \"Content-Disposition: form-data\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1103,11 +1163,13 @@
       ]
     },
     "expected":{
-      "error_log":"v193,516t:trim"
+      "error_log":"v193,516t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_BODY_LENGTH \"@gt 5\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_BODY_LENGTH \"@gt 5\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1152,11 +1214,13 @@
       ]
     },
     "expected":{
-      "error_log":"o6,5v5,11t:trim"
+      "error_log":"o6,5v5,11t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_FILENAME \"/file\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_FILENAME \"/file\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1201,11 +1265,13 @@
       ]
     },
     "expected":{
-      "error_log":"o6,8v5,23t:trim"
+      "error_log":"o6,8v5,23t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_FILENAME \"/f i l e\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_FILENAME \"/f i l e\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1250,11 +1316,13 @@
       ]
     },
     "expected":{
-      "error_log":"o6,8v5,23t:trim"
+      "error_log":"o6,8v5,23t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule REQUEST_FILENAME \"/f i l e\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule REQUEST_FILENAME \"/f i l e\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1299,11 +1367,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,4v306,4t:trim"
+      "error_log":"o0,4v306,4t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS \"test\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule ARGS \"test\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1352,11 +1422,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,5v402,5t:trim"
+      "error_log":"o0,5v402,5t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS \"test2\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule ARGS \"test2\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1405,11 +1477,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,16v680,20t:trim"
+      "error_log":"o0,16v680,20t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule FILES \"small_text_file2\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule FILES \"small_text_file2\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1458,11 +1532,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,16v512,20t:trim"
+      "error_log":"o0,16v512,20t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule FILES \"small_text_file1\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule FILES \"small_text_file1\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1511,11 +1587,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,8o0,8v491,8t:trimo0,16o0,16v709,16t:trim"
+      "error_log":"o0,8o0,8v491,8t:trimo0,16o0,16v709,16t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule FILES_NAMES \"(fiasdfasdfledata|filedata)\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule FILES_NAMES \"(fiasdfasdfledata|filedata)\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1564,11 +1642,13 @@
       ]
     },
     "expected":{
-      "error_log":"v560,32t:trim"
+      "error_log":"v560,32t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule FILES_SIZES:filedata \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule FILES_SIZES:filedata \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1617,11 +1697,13 @@
       ]
     },
     "expected":{
-      "error_log":"v754,38t:trim"
+      "error_log":"v754,38t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule FILES_SIZES:fiasdfasdfledata \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule FILES_SIZES:fiasdfasdfledata \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1670,11 +1752,13 @@
       ]
     },
     "expected":{
-      "error_log":"v560,32v754,38t:trim"
+      "error_log":"v560,32v754,38t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule FILES_COMBINED_SIZE \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRuleEngine On",
+      "SecRule FILES_COMBINED_SIZE \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1723,13 +1807,15 @@
       ]
     },
     "expected":{
-      "error_log":"o8,7v754,38t:trim"
+      "error_log":"o8,7v754,38t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
       "SecUploadKeepFiles On",
+      "SecRuleEngine On",
       "SecUploadDir /tmp",
-      "SecRule FILES_TMP_CONTENT \"another\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRule FILES_TMP_CONTENT \"another\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1778,13 +1864,15 @@
       ]
     },
     "expected":{
-      "error_log":"o15,5v560,32t:trim"
+      "error_log":"o15,5v560,32t:trim",
+      "http_code": 403
     },
     "rules":[
       "SecRequestBodyAccess On",
       "SecUploadKeepFiles On",
+      "SecRuleEngine On",
       "SecUploadDir /tmp",
-      "SecRule FILES_TMP_CONTENT:small_text_file1.txt \"small\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRule FILES_TMP_CONTENT:small_text_file1.txt \"small\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1833,13 +1921,15 @@
       ]
     },
     "expected":{
-      "error_log":"o6,4v5,23t:trim"
+      "error_log":"o6,4v5,23t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
       "SecUploadKeepFiles On",
+      "SecRuleEngine On",
       "SecUploadDir /tmp",
-      "SecRule PATH_INFO \"/f i\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRule PATH_INFO \"/f i\" \"id:1,phase:3,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1888,13 +1978,15 @@
       ]
     },
     "expected":{
-      "error_log":"o0,20v680,20t:trim"
+      "error_log":"o0,20v680,20t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
       "SecUploadKeepFiles On",
+      "SecRuleEngine On",
       "SecUploadDir /tmp",
-      "SecRule MULTIPART_FILENAME \"small_text_file2.txt\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRule MULTIPART_FILENAME \"small_text_file2.txt\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
@@ -1943,13 +2035,15 @@
       ]
     },
     "expected":{
-      "error_log":"o0,16v709,16t:trim"
+      "error_log":"o0,16v709,16t:trim",
+      "http_code":403
     },
     "rules":[
       "SecRequestBodyAccess On",
       "SecUploadKeepFiles On",
+      "SecRuleEngine On",
       "SecUploadDir /tmp",
-      "SecRule MULTIPART_NAME \"fiasdfasdfledata\" \"id:1,phase:3,pass,t:trim,msg:'s'\""
+      "SecRule MULTIPART_NAME \"fiasdfasdfledata\" \"id:1,phase:3,pass,t:trim,msg:'s',deny\""
     ]
   },
   {
diff --git a/test/test-cases/regression/operator-rx.json b/test/test-cases/regression/operator-rx.json
index d6b9839f..e0771573 100644
--- a/test/test-cases/regression/operator-rx.json
+++ b/test/test-cases/regression/operator-rx.json
@@ -79,11 +79,12 @@
     },
     "expected":{
       "debug_log":"Executing operator \"Rx\" with param \"\\^0\\$\"",
-      "error_log":"Matched \"Operator `Rx' with parameter `\\^0\\$'"
+      "error_log":"Matched \"Operator `Rx' with parameter `\\^0\\$'",
+      "http_code": 403
     },
     "rules":[
       "SecRuleEngine On",
-      "SecRule REQUEST_HEADERS:Content-Length \"!^0$\" \"id:1,phase:2,pass,t:trim,block\""
+      "SecRule REQUEST_HEADERS:Content-Length \"!^0$\" \"id:1,phase:2,pass,t:trim,deny\""
     ]
   }
 ]
diff --git a/test/test-cases/regression/variable-ARGS_POST_NAMES.json b/test/test-cases/regression/variable-ARGS_POST_NAMES.json
index fb0964f3..53e4510a 100644
--- a/test/test-cases/regression/variable-ARGS_POST_NAMES.json
+++ b/test/test-cases/regression/variable-ARGS_POST_NAMES.json
@@ -80,11 +80,12 @@
       ]
     },
     "expected":{
-      "debug_log":"Target value: \"param2\""
+      "debug_log":"Target value: \"param2\"",
+      "http_code": 200
     },
     "rules":[
       "SecRuleEngine On",
-      "SecRule ARGS_POST_NAMES \"@contains test \" \"id:1,phase:3,pass,t:trim\""
+      "SecRule ARGS_POST_NAMES \"@contains test \" \"id:1,phase:3,pass,t:trim,deny\""
     ]
   },
   {
@@ -131,18 +132,19 @@
       ]
     },
     "expected":{
-      "debug_log":"Target value: \"name1\" \\(Variable: ARGS_POST_NAMES\\)"
+      "debug_log":"Target value: \"name1\" \\(Variable: ARGS_POST_NAMES\\)",
+      "http_code": 403
     },
     "rules":[
         "SecRuleEngine On",
         "SecRequestBodyAccess On",
-        "SecRule ARGS_POST_NAMES \"@contains test \" \"id:1,phase:3,pass,t:trim\""
+        "SecRule ARGS_POST_NAMES \"@contains name1\" \"id:1,phase:3,pass,t:trim,deny\""
     ]
   },
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing Variables :: ARGS_POST_NAMES (3/x)",
+    "title":"Testing Variables :: ARGS_POST_NAMES (4/x)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -183,12 +185,13 @@
       ]
     },
     "expected":{
-      "error_log":"o0,5v206,5t:trim"
+      "error_log":"o0,5v206,5t:trim",
+      "http_code": 403
     },
     "rules":[
         "SecRuleEngine On",
         "SecRequestBodyAccess On",
-        "SecRule ARGS_POST_NAMES \"@contains name1\" \"id:1,phase:3,pass,t:trim\""
+        "SecRule ARGS_POST_NAMES \"@contains name1\" \"id:1,phase:3,pass,t:trim,deny\""
     ]
   }
 ]