Revert "Treating ARGS_NAMES as an array instead of scalar"

This reverts commit 1d3c4c670db1bb475c83cd2f24455bb5bd6ee6a4.
2025-08-13 13:26:01 +03:00 · 2017-08-23 23:55:02 -03:00 · 2017-08-23 23:55:02 -03:00 · 9069a453e5
commit 9069a453e5
parent 43e3ff91e8
18 changed files with 3731 additions and 3068 deletions
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -95,8 +95,8 @@ class TransactionAnchoredVariables {
 public:
    explicit TransactionAnchoredVariables(Transaction *t)
        : m_variableArgsNames(t, "ARGS_NAMES"),
-        m_variableArgGetNames(t, "ARGS_GET_NAMES"),
-        m_variableArgPostNames(t, "ARGS_POST_NAMES"),
+        m_variableArgsGetNames(t, "ARGS_GET_NAMES"),
+        m_variableArgsPostNames(t, "ARGS_POST_NAMES"),
        m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
        m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
        m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
@ -172,11 +172,12 @@ class TransactionAnchoredVariables {
        m_variableOffset(0)
        { }

-    AnchoredVariable m_variableArgGetNames;
-    AnchoredVariable m_variableArgPostNames;
-    AnchoredVariable m_variableRequestHeadersNames;
+    AnchoredSetVariable m_variableArgsNames;
+    AnchoredSetVariable m_variableArgsGetNames;
+    AnchoredSetVariable m_variableArgsPostNames;
+    AnchoredSetVariable m_variableRequestHeadersNames;
    AnchoredVariable m_variableResponseContentType;
-    AnchoredVariable m_variableResponseHeadersNames;
+    AnchoredSetVariable m_variableResponseHeadersNames;
    AnchoredVariable m_variableARGScombinedSize;
    AnchoredVariable m_variableAuthType;
    AnchoredVariable m_variableFilesCombinedSize;
@ -226,7 +227,6 @@ class TransactionAnchoredVariables {
    AnchoredVariable m_variableUrlEncodedError;
    AnchoredVariable m_variableUserID;

-    AnchoredSetVariable m_variableArgsNames;
    AnchoredSetVariable m_variableArgs;
    AnchoredSetVariable m_variableArgsGet;
    AnchoredSetVariable m_variableArgsPost;
--- a/src/macro_expansion.cc
+++ b/src/macro_expansion.cc
@ -73,21 +73,9 @@ std::string MacroExpansion::expand(const std::string& input,
            collection = variable.find(":");
        }
        if (collection == std::string::npos) {
-            if (compareStrNoCase(variable, "ARGS_GET_NAMES")) {
-                variableValue = transaction->m_variableArgGetNames.resolveFirst();
-            }
-            else if (compareStrNoCase(variable, "ARGS_POST_NAMES")) {
-                variableValue = transaction->m_variableArgPostNames.resolveFirst();
-            }
-            else if (compareStrNoCase(variable, "REQUEST_HEADERS_NAMES")) {
-                variableValue = transaction->m_variableRequestHeadersNames.resolveFirst();
-            }
-            else if (compareStrNoCase(variable, "RESPONSE_CONTENT_TYPE")) {
+            if (compareStrNoCase(variable, "RESPONSE_CONTENT_TYPE")) {
                variableValue = transaction->m_variableResponseContentType.resolveFirst();
            }
-            else if (compareStrNoCase(variable, "RESPONSE_HEADERS_NAMES")) {
-                variableValue = transaction->m_variableResponseHeadersNames.resolveFirst();
-            }
            else if (compareStrNoCase(variable, "ARGS_COMBINED_SIZE")) {
                variableValue = transaction->m_variableARGScombinedSize.resolveFirst();
            }
@ -242,9 +230,15 @@ std::string MacroExpansion::expand(const std::string& input,
            if (compareStrNoCase(col, "ARGS")) {
                variableValue = transaction->m_variableArgs.resolveFirst(var);
            }
-            if (compareStrNoCase(variable, "ARGS_NAMES")) {
+            else if (compareStrNoCase(variable, "ARGS_NAMES")) {
                variableValue = transaction->m_variableArgsNames.resolveFirst(var);
            }
+            else if (compareStrNoCase(variable, "ARGS_GET_NAMES")) {
+                variableValue = transaction->m_variableArgsGetNames.resolveFirst(var);
+            }
+            else if (compareStrNoCase(variable, "ARGS_POST_NAMES")) {
+                variableValue = transaction->m_variableArgsPostNames.resolveFirst(var);
+            }
            else if (compareStrNoCase(col, "RULE")) {
                variableValue = transaction->m_variableRule.resolveFirst(var);
            }
@ -284,9 +278,15 @@ std::string MacroExpansion::expand(const std::string& input,
            else if (compareStrNoCase(col, "REQUEST_HEADERS")) {
                variableValue = transaction->m_variableRequestHeaders.resolveFirst(var);
            }
+            else if (compareStrNoCase(variable, "REQUEST_HEADERS_NAMES")) {
+                variableValue = transaction->m_variableRequestHeadersNames.resolveFirst(var);
+            }
            else if (compareStrNoCase(col, "RESPONSE_HEADERS")) {
                variableValue = transaction->m_variableResponseHeaders.resolveFirst(var);
            }
+            else if (compareStrNoCase(variable, "RESPONSE_HEADERS_NAMES")) {
+                variableValue = transaction->m_variableResponseHeadersNames.resolveFirst(var);
+            }
            else if (compareStrNoCase(col, "GEO")) {
                variableValue = transaction->m_variableGeo.resolveFirst(var);
            }
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -1514,18 +1514,6 @@ var:
      {
        VARIABLE_CONTAINER($$, new Variables::Args_NoDictElement());
      }
-    | VARIABLE_ARGS_NAMES DICT_ELEMENT
-      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElement($2));
-      }
-    | VARIABLE_ARGS_NAMES DICT_ELEMENT_REGEXP
-      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElementRegexp($2));
-      }
-    | VARIABLE_ARGS_NAMES
-      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsNames_NoDictElement());
-      }
    | VARIABLE_ARGS_POST DICT_ELEMENT
      {
        VARIABLE_CONTAINER($$, new Variables::ArgsPost_DictElement($2));
@ -1806,25 +1794,76 @@ var:
      {
        VARIABLE_CONTAINER($$, new Variables::Session_NoDictElement());
      }
+
+    | VARIABLE_ARGS_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElement($2));
+      }
+    | VARIABLE_ARGS_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElementRegexp($2));
+      }
+    | VARIABLE_ARGS_NAMES
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsNames_NoDictElement());
+      }
+
+
+    | VARIABLE_ARGS_GET_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames_DictElement($2));
+      }
+    | VARIABLE_ARGS_GET_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames_DictElementRegexp($2));
+      }
    | VARIABLE_ARGS_GET_NAMES
      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames());
+        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames_NoDictElement());
+      }
+
+    | VARIABLE_ARGS_POST_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames_DictElement($2));
+      }
+    | VARIABLE_ARGS_POST_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames_DictElementRegexp($2));
      }
    | VARIABLE_ARGS_POST_NAMES
      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames());
+        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames_NoDictElement());
+      }
+
+    | VARIABLE_REQUEST_HEADERS_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames_DictElement($2));
+      }
+    | VARIABLE_REQUEST_HEADERS_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames_DictElementRegexp($2));
      }
    | VARIABLE_REQUEST_HEADERS_NAMES
      {
-        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames());
+        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames_NoDictElement());
      }
+
    | VARIABLE_RESPONSE_CONTENT_TYPE
      {
        VARIABLE_CONTAINER($$, new Variables::ResponseContentType());
      }
+
+    | VARIABLE_RESPONSE_HEADERS_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames_DictElement($2));
+      }
+    | VARIABLE_RESPONSE_HEADERS_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames_DictElementRegexp($2));
+      }
    | VARIABLE_RESPONSE_HEADERS_NAMES
      {
-        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames());
+        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames_NoDictElement());
      }
    | VARIABLE_ARGS_COMBINED_SIZE
      {
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -701,8 +701,11 @@ EQUALS_MINUS                            (?i:=\-)

 {VARIABLE_ARGS_COMBINED_SIZE}               { return p::make_VARIABLE_ARGS_COMBINED_SIZE(*driver.loc.back()); }
 {VARIABLE_ARGS_GET_NAMES}                   { return p::make_VARIABLE_ARGS_GET_NAMES(*driver.loc.back()); }
+{VARIABLE_ARGS_GET_NAMES}[:]                { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_GET_NAMES(*driver.loc.back()); }
 {VARIABLE_ARGS_NAMES}                       { return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
+{VARIABLE_ARGS_NAMES}[:]                    { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
 {VARIABLE_ARGS_POST_NAMES}                  { return p::make_VARIABLE_ARGS_POST_NAMES(*driver.loc.back()); }
+{VARIABLE_ARGS_POST_NAMES}[:]               { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_POST_NAMES(*driver.loc.back()); }
 {VARIABLE_AUTH_TYPE}                        { return p::make_VARIABLE_AUTH_TYPE(*driver.loc.back()); }
 {VARIABLE_FILES_COMBINED_SIZE}              { return p::make_VARIABLE_FILES_COMBINED_SIZE(*driver.loc.back()); }
 {VARIABLE_FULL_REQUEST_LENGTH}              { return p::make_VARIABLE_FULL_REQUEST_LENGTH(*driver.loc.back()); }
@ -734,6 +737,7 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_REQUEST_BODY}                     { return p::make_VARIABLE_REQUEST_BODY(*driver.loc.back()); }
 {VARIABLE_REQUEST_FILE_NAME}                { return p::make_VARIABLE_REQUEST_FILE_NAME(*driver.loc.back()); }
 {VARIABLE_REQUEST_HEADERS_NAMES}            { return p::make_VARIABLE_REQUEST_HEADERS_NAMES(*driver.loc.back()); }
+{VARIABLE_REQUEST_HEADERS_NAMES}[:]         { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_REQUEST_HEADERS_NAMES(*driver.loc.back()); }
 {VARIABLE_REQUEST_LINE}                     { return p::make_VARIABLE_REQUEST_LINE(*driver.loc.back()); }
 {VARIABLE_REQUEST_METHOD}                   { return p::make_VARIABLE_REQUEST_METHOD(*driver.loc.back()); }
 {VARIABLE_REQUEST_PROTOCOL}                 { return p::make_VARIABLE_REQUEST_PROTOCOL(*driver.loc.back()); }
@ -744,6 +748,7 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_RESPONSE_CONTENT_LENGTH}          { return p::make_VARIABLE_RESPONSE_CONTENT_LENGTH(*driver.loc.back()); }
 {VARIABLE_RESPONSE_CONTENT_TYPE}            { return p::make_VARIABLE_RESPONSE_CONTENT_TYPE(*driver.loc.back()); }
 {VARIABLE_RESPONSE_HEADERS_NAMES}           { return p::make_VARIABLE_RESPONSE_HEADERS_NAMES(*driver.loc.back()); }
+{VARIABLE_RESPONSE_HEADERS_NAMES}[:]        { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_RESPONSE_HEADERS_NAMES(*driver.loc.back()); }
 {VARIABLE_RESPONSE_PROTOCOL}                { return p::make_VARIABLE_RESPONSE_PROTOCOL(*driver.loc.back()); }
 {VARIABLE_RESPONSE_STATUS}                  { return p::make_VARIABLE_RESPONSE_STATUS(*driver.loc.back()); }
 {VARIABLE_SERVER_ADDR}                      { return p::make_VARIABLE_SERVER_ADDR(*driver.loc.back()); }
@ -755,8 +760,6 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_USER_ID}                          { return p::make_VARIABLE_USER_ID(*driver.loc.back()); }
 {VARIABLE_ARGS}                             { return p::make_VARIABLE_ARGS(*driver.loc.back()); }
 {VARIABLE_ARGS}[:]                          { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS(*driver.loc.back()); }
-{VARIABLE_ARGS_NAMES}                       { return p::make_VARIABLE_ARGS(*driver.loc.back()); }
-{VARIABLE_ARGS_NAMES}[:]                    { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS(*driver.loc.back()); }
 {VARIABLE_ARGS_GET}                         { return p::make_VARIABLE_ARGS_GET(*driver.loc.back()); }
 {VARIABLE_ARGS_GET}[:]                      { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_GET(*driver.loc.back()); }
 {VARIABLE_ARGS_POST}                        { return p::make_VARIABLE_ARGS_POST(*driver.loc.back()); }
--- a/src/transaction.cc
+++ b/src/transaction.cc
@ -301,17 +301,18 @@ bool Transaction::addArgument(const std::string& orig, const std::string& key,
                key + "\", value \"" + value + "\"");
 #endif

+    size_t k_offset = offset;
    offset = offset + key.size() + 1;
    m_variableArgs.set(key, value, offset);
+    m_variableArgsNames.set(key, key, k_offset);

    if (orig == "GET") {
        m_variableArgsGet.set(key, value, offset);
-        m_variableArgGetNames.append(key, offset - key.size() - 1, true);
+        m_variableArgsGetNames.set(key, key, k_offset);
    } else if (orig == "POST") {
        m_variableArgsPost.set(key, value, offset);
-        m_variableArgPostNames.append(key, offset - key.size() - 1, true);
+        m_variableArgsPostNames.set(key, key, k_offset);
    }
-    m_variableArgsNames.set(key, key, offset - key.size() - 1);

    m_ARGScombinedSizeDouble = m_ARGScombinedSizeDouble + \
        key.length() + value.length();
@ -506,8 +507,7 @@ int Transaction::processRequestHeaders() {
 */
 int Transaction::addRequestHeader(const std::string& key,
    const std::string& value) {
-    m_variableRequestHeadersNames.append(key, m_variableOffset, true,
-        key.size());
+    m_variableRequestHeadersNames.set(key, key, m_variableOffset);

    m_variableOffset = m_variableOffset + key.size() + 2;
    m_variableRequestHeaders.set(key, value, m_variableOffset);
@ -979,7 +979,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
 */
 int Transaction::addResponseHeader(const std::string& key,
    const std::string& value) {
-    m_variableResponseHeadersNames.append(key, 0, true);
+    m_variableResponseHeadersNames.set(key, key, m_variableOffset);
    m_variableResponseHeaders.set(key, value, m_variableOffset);

    if (utils::string::tolower(key) == "content-type") {
--- a/src/variables/args_get_names.h
+++ b/src/variables/args_get_names.h
@ -29,18 +29,50 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {

-class ArgsGetNames : public Variable {
+class ArgsGetNames_DictElement : public Variable {
 public:
-    ArgsGetNames()
+    explicit ArgsGetNames_DictElement(std::string dictElement)
+        : Variable("ARGS_GET_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsGetNames.resolve(m_dictElement, l);
+    }
+
+    std::string m_dictElement;
+};
+
+class ArgsGetNames_NoDictElement : public Variable {
+ public:
+    ArgsGetNames_NoDictElement()
        : Variable("ARGS_GET_NAMES") { }

    void evaluate(Transaction *transaction,
        Rule *rule,
-        std::vector<const collection::Variable *> *l) {
-        transaction->m_variableArgGetNames.evaluate(l);
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsGetNames.resolve(l);
    }
 };

+class ArgsGetNames_DictElementRegexp : public Variable {
+ public:
+    explicit ArgsGetNames_DictElementRegexp(std::string dictElement)
+        : Variable("ARGS_GET_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsGetNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
+};
+
 }  // namespace Variables
 }  // namespace modsecurity

--- a/src/variables/args_names.h
+++ b/src/variables/args_names.h
@ -32,7 +32,8 @@ namespace Variables {
 class ArgsNames_DictElement : public Variable {
 public:
    explicit ArgsNames_DictElement(std::string dictElement)
-        : Variable("ARGS_NAMES" + std::string(":") + std::string(dictElement)),
+        : Variable("ARGS_NAMES" + std::string(":") +
+            std::string(dictElement)),
        m_dictElement(dictElement) { }

    void evaluate(Transaction *transaction,
@ -44,7 +45,6 @@ class ArgsNames_DictElement : public Variable {
    std::string m_dictElement;
 };

-
 class ArgsNames_NoDictElement : public Variable {
 public:
    ArgsNames_NoDictElement()
@ -57,18 +57,17 @@ class ArgsNames_NoDictElement : public Variable {
    }
 };

-
 class ArgsNames_DictElementRegexp : public Variable {
 public:
    explicit ArgsNames_DictElementRegexp(std::string dictElement)
-        : Variable("ARGS_NAMES:regex(" + dictElement + ")"),
-        m_r(dictElement) {
-    }
+        : Variable("ARGS_NAMES"),
+        m_r(dictElement) { }

    void evaluate(Transaction *transaction,
        Rule *rule,
        std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableArgsNames.resolveRegularExpression(&m_r, l);
+        transaction->m_variableArgsNames.resolveRegularExpression(
+            &m_r, l);
    }

    Utils::Regex m_r;
--- a/src/variables/args_post_names.h
+++ b/src/variables/args_post_names.h
@ -29,18 +29,50 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {

-class ArgsPostNames : public Variable {
+class ArgsPostNames_DictElement : public Variable {
 public:
-    ArgsPostNames()
+    explicit ArgsPostNames_DictElement(std::string dictElement)
+        : Variable("ARGS_POST_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsPostNames.resolve(m_dictElement, l);
+    }
+
+    std::string m_dictElement;
+};
+
+class ArgsPostNames_NoDictElement : public Variable {
+ public:
+    ArgsPostNames_NoDictElement()
        : Variable("ARGS_POST_NAMES") { }

    void evaluate(Transaction *transaction,
        Rule *rule,
-        std::vector<const collection::Variable *> *l) {
-        transaction->m_variableArgPostNames.evaluate(l);
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsPostNames.resolve(l);
    }
 };

+class ArgsPostNames_DictElementRegexp : public Variable {
+ public:
+    explicit ArgsPostNames_DictElementRegexp(std::string dictElement)
+        : Variable("ARGS_POST_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsPostNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
+};
+
 }  // namespace Variables
 }  // namespace modsecurity

--- a/src/variables/request_headers_names.h
+++ b/src/variables/request_headers_names.h
@ -29,15 +29,48 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {

-class RequestHeadersNames : public Variable {
+class RequestHeadersNames_DictElement : public Variable {
 public:
-    RequestHeadersNames()
-        : Variable("REQUEST_HEADERS_NAMES") { }
+    explicit RequestHeadersNames_DictElement(std::string dictElement)
+        : Variable("REQUEST_HEADERS_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
    void evaluate(Transaction *transaction,
        Rule *rule,
-        std::vector<const collection::Variable *> *l) {
-        transaction->m_variableRequestHeadersNames.evaluate(l);
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableRequestHeadersNames.resolve(m_dictElement, l);
    }
+
+    std::string m_dictElement;
+};
+
+class RequestHeadersNames_NoDictElement : public Variable {
+ public:
+    RequestHeadersNames_NoDictElement()
+        : Variable("REQUEST_HEADERS_NAMES") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableRequestHeadersNames.resolve(l);
+    }
+};
+
+class RequestHeadersNames_DictElementRegexp : public Variable {
+ public:
+    explicit RequestHeadersNames_DictElementRegexp(std::string dictElement)
+        : Variable("REQUEST_HEADERS_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableRequestHeadersNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
 };

 }  // namespace Variables
--- a/src/variables/response_headers_names.h
+++ b/src/variables/response_headers_names.h
@ -29,18 +29,50 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {

-class ResponseHeadersNames : public Variable {
+class ResponseHeadersNames_DictElement : public Variable {
 public:
-    ResponseHeadersNames()
+    explicit ResponseHeadersNames_DictElement(std::string dictElement)
+        : Variable("RESPONSE_HEADERS_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableResponseHeadersNames.resolve(m_dictElement, l);
+    }
+
+    std::string m_dictElement;
+};
+
+class ResponseHeadersNames_NoDictElement : public Variable {
+ public:
+    ResponseHeadersNames_NoDictElement()
        : Variable("RESPONSE_HEADERS_NAMES") { }

    void evaluate(Transaction *transaction,
        Rule *rule,
-        std::vector<const collection::Variable *> *l) {
-        transaction->m_variableResponseHeadersNames.evaluate(l);
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableResponseHeadersNames.resolve(l);
    }
 };

+class ResponseHeadersNames_DictElementRegexp : public Variable {
+ public:
+    explicit ResponseHeadersNames_DictElementRegexp(std::string dictElement)
+        : Variable("RESPONSE_HEADERS_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableResponseHeadersNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
+};
+
 }  // namespace Variables
 }  // namespace modsecurity

--- a/test/test-cases/regression/offset-variable.json
+++ b/test/test-cases/regression/offset-variable.json
@ -149,7 +149,7 @@
      ]
    },
    "expected":{
-      "error_log":"o0,6v17,6v31,6t:trim"
+      "error_log":"o0,6v17,6t:trim"
    },
    "rules":[
      "SecRequestBodyAccess On",
@ -182,7 +182,7 @@
      ]
    },
    "expected":{
-      "error_log":"o7,6v17,6v31,6t:trim"
+      "error_log":"o0,6v31,6t:trim"
    },
    "rules":[
      "SecRequestBodyAccess On",
@ -215,7 +215,7 @@
      ]
    },
    "expected":{
-      "error_log":"o3,7v17,6v31,6t:trim"
+      // should not match
    },
    "rules":[
      "SecRequestBodyAccess On",
@ -248,7 +248,7 @@
      ]
    },
    "expected":{
-      "error_log":"o3,14v17,6v31,6v45,6t:trim"
+      // should not match
    },
    "rules":[
      "SecRequestBodyAccess On",
@ -281,11 +281,11 @@
      ]
    },
    "expected":{
-      "error_log":"o3,14v149,6v163,6v177,6t:trim"
+      "error_log": "0,6v149,6t:trim"
    },
    "rules":[
      "SecRequestBodyAccess On",
-      "SecRule ARGS_POST_NAMES \"@rx am1 param2 par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_POST_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
    ]
  },
  {
@ -314,11 +314,11 @@
      ]
    },
    "expected":{
-      "error_log":"o0,3v17,6t:trimo0,3v149,6t:trimo0,3v31,6t:trimo0,3v163,6t:trimo0,3v45,6t:trimo0,3v177,6t:trim"
+      "error_log":"o0,6v17,6t:trimo0,6v149,6t:trim"
    },
    "rules":[
      "SecRequestBodyAccess On",
-      "SecRule ARGS_NAMES \"@rx par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
    ]
  },
    {
@ -786,7 +786,7 @@
      ]
    },
    "expected":{
-      "error_log":"o0,4v64,13v114,4v130,14v149,12t:lowercase"
+      "error_log":"o0,4v64,13t:lowercase"
    },
    "rules":[
      "SecRequestBodyAccess On",
--- a/test/test-cases/regression/variable-ARGS_GET_NAMES.json
+++ b/test/test-cases/regression/variable-ARGS_GET_NAMES.json
@ -17,7 +17,7 @@
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*"
      },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
      "method":"GET"
    },
    "response":{  
@ -31,7 +31,7 @@
      ]
    },
    "expected":{  
-      "debug_log":"Target value: \"key key\""
+      "debug_log":"Target value: \"key1\""
    },
    "rules":[  
      "SecRuleEngine On",
@ -56,7 +56,7 @@
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*"
      },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
      "method":"GET"
    },
    "response":{  
@ -70,7 +70,7 @@
      ]
    },
    "expected":{  
-      "debug_log":"Target value: \"key key\""
+      "debug_log":"Target value: \"key2\""
    },
    "rules":[  
      "SecRuleEngine On",
--- a/test/test-cases/regression/variable-ARGS_NAMES.json
+++ b/test/test-cases/regression/variable-ARGS_NAMES.json
@ -17,7 +17,7 @@
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*"
      },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
      "method":"GET"
    },
    "response":{  
@ -31,7 +31,7 @@
      ]
    },
    "expected":{  
-      "debug_log":"Target value: \"key\""
+      "debug_log":"Target value: \"key1\""
    },
    "rules":[  
      "SecRuleEngine On",
@ -56,7 +56,7 @@
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*"
      },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
      "method":"GET"
    },
    "response":{  
@ -70,7 +70,7 @@
      ]
    },
    "expected":{  
-      "debug_log":"Target value: \"key\""
+      "debug_log":"Target value: \"key2\""
    },
    "rules":[  
      "SecRuleEngine On",
@ -158,7 +158,7 @@
      ]
    },
    "expected":{
-      "debug_log":"Target value: \"param1\" "
+      "debug_log":"Target value: \"param2\""
    },
    "rules":[
      "SecRuleEngine On",
--- a/test/test-cases/regression/variable-ARGS_POST_NAMES.json
+++ b/test/test-cases/regression/variable-ARGS_POST_NAMES.json
@ -36,7 +36,7 @@
      ]
    },
    "expected":{
-      "debug_log":"Target value: \"param1 param2\""
+      "debug_log":"Target value: \"param1\""
    },
    "rules":[
      "SecRuleEngine On",
@ -80,7 +80,7 @@
      ]
    },
    "expected":{
-      "debug_log":"Target value: \"param1 param2\""
+      "debug_log":"Target value: \"param2\""
    },
    "rules":[
      "SecRuleEngine On",
--- a/test/test-cases/regression/variable-REQUEST_HEADERS_NAMES.json
+++ b/test/test-cases/regression/variable-REQUEST_HEADERS_NAMES.json
@ -1,18 +1,18 @@
-[  
-  {  
+[
+  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
-    "client":{  
+    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
-    "server":{  
+    "server":{
      "ip":"200.249.12.31",
      "port":80
    },
-    "request":{  
-      "headers":{  
+    "request":{
+      "headers":{
        "Host":"localhost",
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*",
@ -22,7 +22,7 @@
      },
      "uri":"/",
      "method":"POST",
-      "body":[  
+      "body":[
        "--------------------------756b6d74fa1a8ee2",
        "Content-Disposition: form-data; name=\"name\"",
        "",
@ -40,20 +40,315 @@
        "--------------------------756b6d74fa1a8ee2--"
      ]
    },
-    "response":{  
-      "headers":{  
+    "response":{
+      "headers":{
        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
        "Content-Type":"text/html"
      },
-      "body":[  
+      "body":[
        "no need."
      ]
    },
-    "expected":{  
-      "debug_log":"Target value: \"[Accept|Expect|Content\\-Type|User\\-Agent|Content\\-Length|Host| ]+\" \\(Variable: REQUEST_HEADERS_NAMES\\)"
+    "expected":{
+      "debug_log":"Target value: \"Host\" \\(Variable: REQUEST_HEADERS_NAMES:Host\\)"
    },
-    "rules":[  
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"User-Agent\" \\(Variable: REQUEST_HEADERS_NAMES:User-Agent\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Accept\" \\(Variable: REQUEST_HEADERS_NAMES:Accept\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Content-Length\" \\(Variable: REQUEST_HEADERS_NAMES:Content-Length\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Content-Type\" \\(Variable: REQUEST_HEADERS_NAMES:Content-Type\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Expect\" \\(Variable: REQUEST_HEADERS_NAMES:Expect\\)"
+    },
+    "rules":[
      "SecRuleEngine On",
      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
    ]
--- a/test/test-cases/regression/variable-RESPONSE_HEADERS_NAMES.json
+++ b/test/test-cases/regression/variable-RESPONSE_HEADERS_NAMES.json
@ -1,18 +1,18 @@
-[  
-  {  
+[
+  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing Variables :: RESPONSE_HEADERS_NAMES",
-    "client":{  
+    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
-    "server":{  
+    "server":{
      "ip":"200.249.12.31",
      "port":80
    },
-    "request":{  
-      "headers":{  
+    "request":{
+      "headers":{
        "Host":"localhost",
        "User-Agent":"curl/7.38.0",
        "Accept":"*/*",
@ -22,7 +22,7 @@
      },
      "uri":"/",
      "method":"POST",
-      "body":[  
+      "body":[
        "--------------------------756b6d74fa1a8ee2",
        "Content-Disposition: form-data; name=\"name\"",
        "",
@ -40,20 +40,138 @@
        "--------------------------756b6d74fa1a8ee2--"
      ]
    },
-    "response":{  
-      "headers":{  
+    "response":{
+      "headers":{
        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
        "Content-Type":"text/html"
      },
-      "body":[  
+      "body":[
        "no need."
      ]
    },
-    "expected":{  
-      "debug_log":"Target value: \"Date Last-Modified Content-Type\" \\(Variable: RESPONSE_HEADERS_NAMES\\)"
+    "expected":{
+      "debug_log": "Target value: \"Date\" \\(Variable: RESPONSE_HEADERS_NAMES:Date\\)"
    },
-    "rules":[  
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: RESPONSE_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log": "Target value: \"Last-Modified\" \\(Variable: RESPONSE_HEADERS_NAMES:Last-Modified\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: RESPONSE_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log": "Target value: \"Content-Type\" \\(Variable: RESPONSE_HEADERS_NAMES:Content-Type\\)"
+    },
+    "rules":[
      "SecRuleEngine On",
      "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
    ]