Revert "Treating ARGS_NAMES as an array instead of scalar"

This reverts commit 1d3c4c670db1bb475c83cd2f24455bb5bd6ee6a4.

headers/modsecurity/transaction.h

@@ -95,8 +95,8 @@ class TransactionAnchoredVariables {
  public:
     explicit TransactionAnchoredVariables(Transaction *t)
         : m_variableArgsNames(t, "ARGS_NAMES"),
-        m_variableArgGetNames(t, "ARGS_GET_NAMES"),
+        m_variableArgsGetNames(t, "ARGS_GET_NAMES"),
-        m_variableArgPostNames(t, "ARGS_POST_NAMES"),
+        m_variableArgsPostNames(t, "ARGS_POST_NAMES"),
         m_variableRequestHeadersNames(t, "REQUEST_HEADERS_NAMES"),
         m_variableResponseContentType(t, "RESPONSE_CONTENT_TYPE"),
         m_variableResponseHeadersNames(t, "RESPONSE_HEADERS_NAMES"),
@@ -172,11 +172,12 @@ class TransactionAnchoredVariables {
         m_variableOffset(0)
         { }
 
-    AnchoredVariable m_variableArgGetNames;
+    AnchoredSetVariable m_variableArgsNames;
-    AnchoredVariable m_variableArgPostNames;
+    AnchoredSetVariable m_variableArgsGetNames;
-    AnchoredVariable m_variableRequestHeadersNames;
+    AnchoredSetVariable m_variableArgsPostNames;
+    AnchoredSetVariable m_variableRequestHeadersNames;
     AnchoredVariable m_variableResponseContentType;
-    AnchoredVariable m_variableResponseHeadersNames;
+    AnchoredSetVariable m_variableResponseHeadersNames;
     AnchoredVariable m_variableARGScombinedSize;
     AnchoredVariable m_variableAuthType;
     AnchoredVariable m_variableFilesCombinedSize;
@@ -226,7 +227,6 @@ class TransactionAnchoredVariables {
     AnchoredVariable m_variableUrlEncodedError;
     AnchoredVariable m_variableUserID;
 
-    AnchoredSetVariable m_variableArgsNames;
     AnchoredSetVariable m_variableArgs;
     AnchoredSetVariable m_variableArgsGet;
     AnchoredSetVariable m_variableArgsPost;

src/macro_expansion.cc

@@ -73,21 +73,9 @@ std::string MacroExpansion::expand(const std::string& input,
             collection = variable.find(":");
         }
         if (collection == std::string::npos) {
-            if (compareStrNoCase(variable, "ARGS_GET_NAMES")) {
+            if (compareStrNoCase(variable, "RESPONSE_CONTENT_TYPE")) {
-                variableValue = transaction->m_variableArgGetNames.resolveFirst();
-            }
-            else if (compareStrNoCase(variable, "ARGS_POST_NAMES")) {
-                variableValue = transaction->m_variableArgPostNames.resolveFirst();
-            }
-            else if (compareStrNoCase(variable, "REQUEST_HEADERS_NAMES")) {
-                variableValue = transaction->m_variableRequestHeadersNames.resolveFirst();
-            }
-            else if (compareStrNoCase(variable, "RESPONSE_CONTENT_TYPE")) {
                 variableValue = transaction->m_variableResponseContentType.resolveFirst();
             }
-            else if (compareStrNoCase(variable, "RESPONSE_HEADERS_NAMES")) {
-                variableValue = transaction->m_variableResponseHeadersNames.resolveFirst();
-            }
             else if (compareStrNoCase(variable, "ARGS_COMBINED_SIZE")) {
                 variableValue = transaction->m_variableARGScombinedSize.resolveFirst();
             }
@@ -242,9 +230,15 @@ std::string MacroExpansion::expand(const std::string& input,
             if (compareStrNoCase(col, "ARGS")) {
                 variableValue = transaction->m_variableArgs.resolveFirst(var);
             }
-            if (compareStrNoCase(variable, "ARGS_NAMES")) {
+            else if (compareStrNoCase(variable, "ARGS_NAMES")) {
                 variableValue = transaction->m_variableArgsNames.resolveFirst(var);
             }
+            else if (compareStrNoCase(variable, "ARGS_GET_NAMES")) {
+                variableValue = transaction->m_variableArgsGetNames.resolveFirst(var);
+            }
+            else if (compareStrNoCase(variable, "ARGS_POST_NAMES")) {
+                variableValue = transaction->m_variableArgsPostNames.resolveFirst(var);
+            }
             else if (compareStrNoCase(col, "RULE")) {
                 variableValue = transaction->m_variableRule.resolveFirst(var);
             }
@@ -284,9 +278,15 @@ std::string MacroExpansion::expand(const std::string& input,
             else if (compareStrNoCase(col, "REQUEST_HEADERS")) {
                 variableValue = transaction->m_variableRequestHeaders.resolveFirst(var);
             }
+            else if (compareStrNoCase(variable, "REQUEST_HEADERS_NAMES")) {
+                variableValue = transaction->m_variableRequestHeadersNames.resolveFirst(var);
+            }
             else if (compareStrNoCase(col, "RESPONSE_HEADERS")) {
                 variableValue = transaction->m_variableResponseHeaders.resolveFirst(var);
             }
+            else if (compareStrNoCase(variable, "RESPONSE_HEADERS_NAMES")) {
+                variableValue = transaction->m_variableResponseHeadersNames.resolveFirst(var);
+            }
             else if (compareStrNoCase(col, "GEO")) {
                 variableValue = transaction->m_variableGeo.resolveFirst(var);
             }

src/parser/seclang-parser.yy

@@ -1514,18 +1514,6 @@ var:
       {
         VARIABLE_CONTAINER($$, new Variables::Args_NoDictElement());
       }
-    | VARIABLE_ARGS_NAMES DICT_ELEMENT
-      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElement($2));
-      }
-    | VARIABLE_ARGS_NAMES DICT_ELEMENT_REGEXP
-      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElementRegexp($2));
-      }
-    | VARIABLE_ARGS_NAMES
-      {
-        VARIABLE_CONTAINER($$, new Variables::ArgsNames_NoDictElement());
-      }
     | VARIABLE_ARGS_POST DICT_ELEMENT
       {
         VARIABLE_CONTAINER($$, new Variables::ArgsPost_DictElement($2));
@@ -1806,25 +1794,76 @@ var:
       {
         VARIABLE_CONTAINER($$, new Variables::Session_NoDictElement());
       }
+
+    | VARIABLE_ARGS_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElement($2));
+      }
+    | VARIABLE_ARGS_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsNames_DictElementRegexp($2));
+      }
+    | VARIABLE_ARGS_NAMES
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsNames_NoDictElement());
+      }
+
+
+    | VARIABLE_ARGS_GET_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames_DictElement($2));
+      }
+    | VARIABLE_ARGS_GET_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames_DictElementRegexp($2));
+      }
     | VARIABLE_ARGS_GET_NAMES
       {
-        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames());
+        VARIABLE_CONTAINER($$, new Variables::ArgsGetNames_NoDictElement());
+      }
+
+    | VARIABLE_ARGS_POST_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames_DictElement($2));
+      }
+    | VARIABLE_ARGS_POST_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames_DictElementRegexp($2));
       }
     | VARIABLE_ARGS_POST_NAMES
       {
-        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames());
+        VARIABLE_CONTAINER($$, new Variables::ArgsPostNames_NoDictElement());
+      }
+
+    | VARIABLE_REQUEST_HEADERS_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames_DictElement($2));
+      }
+    | VARIABLE_REQUEST_HEADERS_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames_DictElementRegexp($2));
       }
     | VARIABLE_REQUEST_HEADERS_NAMES
       {
-        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames());
+        VARIABLE_CONTAINER($$, new Variables::RequestHeadersNames_NoDictElement());
       }
+
     | VARIABLE_RESPONSE_CONTENT_TYPE
       {
         VARIABLE_CONTAINER($$, new Variables::ResponseContentType());
       }
+
+    | VARIABLE_RESPONSE_HEADERS_NAMES DICT_ELEMENT
+      {
+        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames_DictElement($2));
+      }
+    | VARIABLE_RESPONSE_HEADERS_NAMES DICT_ELEMENT_REGEXP
+      {
+        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames_DictElementRegexp($2));
+      }
     | VARIABLE_RESPONSE_HEADERS_NAMES
       {
-        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames());
+        VARIABLE_CONTAINER($$, new Variables::ResponseHeadersNames_NoDictElement());
       }
     | VARIABLE_ARGS_COMBINED_SIZE
       {

src/parser/seclang-scanner.ll

@@ -701,8 +701,11 @@ EQUALS_MINUS                            (?i:=\-)
 
 {VARIABLE_ARGS_COMBINED_SIZE}               { return p::make_VARIABLE_ARGS_COMBINED_SIZE(*driver.loc.back()); }
 {VARIABLE_ARGS_GET_NAMES}                   { return p::make_VARIABLE_ARGS_GET_NAMES(*driver.loc.back()); }
+{VARIABLE_ARGS_GET_NAMES}[:]                { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_GET_NAMES(*driver.loc.back()); }
 {VARIABLE_ARGS_NAMES}                       { return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
+{VARIABLE_ARGS_NAMES}[:]                    { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_NAMES(*driver.loc.back()); }
 {VARIABLE_ARGS_POST_NAMES}                  { return p::make_VARIABLE_ARGS_POST_NAMES(*driver.loc.back()); }
+{VARIABLE_ARGS_POST_NAMES}[:]               { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_POST_NAMES(*driver.loc.back()); }
 {VARIABLE_AUTH_TYPE}                        { return p::make_VARIABLE_AUTH_TYPE(*driver.loc.back()); }
 {VARIABLE_FILES_COMBINED_SIZE}              { return p::make_VARIABLE_FILES_COMBINED_SIZE(*driver.loc.back()); }
 {VARIABLE_FULL_REQUEST_LENGTH}              { return p::make_VARIABLE_FULL_REQUEST_LENGTH(*driver.loc.back()); }
@@ -734,6 +737,7 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_REQUEST_BODY}                     { return p::make_VARIABLE_REQUEST_BODY(*driver.loc.back()); }
 {VARIABLE_REQUEST_FILE_NAME}                { return p::make_VARIABLE_REQUEST_FILE_NAME(*driver.loc.back()); }
 {VARIABLE_REQUEST_HEADERS_NAMES}            { return p::make_VARIABLE_REQUEST_HEADERS_NAMES(*driver.loc.back()); }
+{VARIABLE_REQUEST_HEADERS_NAMES}[:]         { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_REQUEST_HEADERS_NAMES(*driver.loc.back()); }
 {VARIABLE_REQUEST_LINE}                     { return p::make_VARIABLE_REQUEST_LINE(*driver.loc.back()); }
 {VARIABLE_REQUEST_METHOD}                   { return p::make_VARIABLE_REQUEST_METHOD(*driver.loc.back()); }
 {VARIABLE_REQUEST_PROTOCOL}                 { return p::make_VARIABLE_REQUEST_PROTOCOL(*driver.loc.back()); }
@@ -744,6 +748,7 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_RESPONSE_CONTENT_LENGTH}          { return p::make_VARIABLE_RESPONSE_CONTENT_LENGTH(*driver.loc.back()); }
 {VARIABLE_RESPONSE_CONTENT_TYPE}            { return p::make_VARIABLE_RESPONSE_CONTENT_TYPE(*driver.loc.back()); }
 {VARIABLE_RESPONSE_HEADERS_NAMES}           { return p::make_VARIABLE_RESPONSE_HEADERS_NAMES(*driver.loc.back()); }
+{VARIABLE_RESPONSE_HEADERS_NAMES}[:]        { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_RESPONSE_HEADERS_NAMES(*driver.loc.back()); }
 {VARIABLE_RESPONSE_PROTOCOL}                { return p::make_VARIABLE_RESPONSE_PROTOCOL(*driver.loc.back()); }
 {VARIABLE_RESPONSE_STATUS}                  { return p::make_VARIABLE_RESPONSE_STATUS(*driver.loc.back()); }
 {VARIABLE_SERVER_ADDR}                      { return p::make_VARIABLE_SERVER_ADDR(*driver.loc.back()); }
@@ -755,8 +760,6 @@ EQUALS_MINUS                            (?i:=\-)
 {VARIABLE_USER_ID}                          { return p::make_VARIABLE_USER_ID(*driver.loc.back()); }
 {VARIABLE_ARGS}                             { return p::make_VARIABLE_ARGS(*driver.loc.back()); }
 {VARIABLE_ARGS}[:]                          { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS(*driver.loc.back()); }
-{VARIABLE_ARGS_NAMES}                       { return p::make_VARIABLE_ARGS(*driver.loc.back()); }
-{VARIABLE_ARGS_NAMES}[:]                    { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS(*driver.loc.back()); }
 {VARIABLE_ARGS_GET}                         { return p::make_VARIABLE_ARGS_GET(*driver.loc.back()); }
 {VARIABLE_ARGS_GET}[:]                      { BEGIN(EXPECTING_VAR_PARAMETER); return p::make_VARIABLE_ARGS_GET(*driver.loc.back()); }
 {VARIABLE_ARGS_POST}                        { return p::make_VARIABLE_ARGS_POST(*driver.loc.back()); }

src/transaction.cc

@@ -301,17 +301,18 @@ bool Transaction::addArgument(const std::string& orig, const std::string& key,
                 key + "\", value \"" + value + "\"");
 #endif
 
+    size_t k_offset = offset;
     offset = offset + key.size() + 1;
     m_variableArgs.set(key, value, offset);
+    m_variableArgsNames.set(key, key, k_offset);
 
     if (orig == "GET") {
         m_variableArgsGet.set(key, value, offset);
-        m_variableArgGetNames.append(key, offset - key.size() - 1, true);
+        m_variableArgsGetNames.set(key, key, k_offset);
     } else if (orig == "POST") {
         m_variableArgsPost.set(key, value, offset);
-        m_variableArgPostNames.append(key, offset - key.size() - 1, true);
+        m_variableArgsPostNames.set(key, key, k_offset);
     }
-    m_variableArgsNames.set(key, key, offset - key.size() - 1);
 
     m_ARGScombinedSizeDouble = m_ARGScombinedSizeDouble + \
         key.length() + value.length();
@@ -506,8 +507,7 @@ int Transaction::processRequestHeaders() {
  */
 int Transaction::addRequestHeader(const std::string& key,
     const std::string& value) {
-    m_variableRequestHeadersNames.append(key, m_variableOffset, true,
+    m_variableRequestHeadersNames.set(key, key, m_variableOffset);
-        key.size());
 
     m_variableOffset = m_variableOffset + key.size() + 2;
     m_variableRequestHeaders.set(key, value, m_variableOffset);
@@ -979,7 +979,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
  */
 int Transaction::addResponseHeader(const std::string& key,
     const std::string& value) {
-    m_variableResponseHeadersNames.append(key, 0, true);
+    m_variableResponseHeadersNames.set(key, key, m_variableOffset);
     m_variableResponseHeaders.set(key, value, m_variableOffset);
 
     if (utils::string::tolower(key) == "content-type") {

src/variables/args_get_names.h

@@ -29,18 +29,50 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {
 
-class ArgsGetNames : public Variable {
+class ArgsGetNames_DictElement : public Variable {
  public:
-    ArgsGetNames()
+    explicit ArgsGetNames_DictElement(std::string dictElement)
+        : Variable("ARGS_GET_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsGetNames.resolve(m_dictElement, l);
+    }
+
+    std::string m_dictElement;
+};
+
+class ArgsGetNames_NoDictElement : public Variable {
+ public:
+    ArgsGetNames_NoDictElement()
         : Variable("ARGS_GET_NAMES") { }
 
     void evaluate(Transaction *transaction,
         Rule *rule,
-        std::vector<const collection::Variable *> *l) {
+        std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableArgGetNames.evaluate(l);
+        transaction->m_variableArgsGetNames.resolve(l);
     }
 };
 
+class ArgsGetNames_DictElementRegexp : public Variable {
+ public:
+    explicit ArgsGetNames_DictElementRegexp(std::string dictElement)
+        : Variable("ARGS_GET_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsGetNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
+};
+
 }  // namespace Variables
 }  // namespace modsecurity
 

src/variables/args_names.h

@@ -32,7 +32,8 @@ namespace Variables {
 class ArgsNames_DictElement : public Variable {
  public:
     explicit ArgsNames_DictElement(std::string dictElement)
-        : Variable("ARGS_NAMES" + std::string(":") + std::string(dictElement)),
+        : Variable("ARGS_NAMES" + std::string(":") +
+            std::string(dictElement)),
         m_dictElement(dictElement) { }
 
     void evaluate(Transaction *transaction,
@@ -44,7 +45,6 @@ class ArgsNames_DictElement : public Variable {
     std::string m_dictElement;
 };
 
-
 class ArgsNames_NoDictElement : public Variable {
  public:
     ArgsNames_NoDictElement()
@@ -57,18 +57,17 @@ class ArgsNames_NoDictElement : public Variable {
     }
 };
 
-
 class ArgsNames_DictElementRegexp : public Variable {
  public:
     explicit ArgsNames_DictElementRegexp(std::string dictElement)
-        : Variable("ARGS_NAMES:regex(" + dictElement + ")"),
+        : Variable("ARGS_NAMES"),
-        m_r(dictElement) {
+        m_r(dictElement) { }
-    }
 
     void evaluate(Transaction *transaction,
         Rule *rule,
         std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableArgsNames.resolveRegularExpression(&m_r, l);
+        transaction->m_variableArgsNames.resolveRegularExpression(
+            &m_r, l);
     }
 
     Utils::Regex m_r;

src/variables/args_post_names.h

@@ -29,18 +29,50 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {
 
-class ArgsPostNames : public Variable {
+class ArgsPostNames_DictElement : public Variable {
  public:
-    ArgsPostNames()
+    explicit ArgsPostNames_DictElement(std::string dictElement)
+        : Variable("ARGS_POST_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsPostNames.resolve(m_dictElement, l);
+    }
+
+    std::string m_dictElement;
+};
+
+class ArgsPostNames_NoDictElement : public Variable {
+ public:
+    ArgsPostNames_NoDictElement()
         : Variable("ARGS_POST_NAMES") { }
 
     void evaluate(Transaction *transaction,
         Rule *rule,
-        std::vector<const collection::Variable *> *l) {
+        std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableArgPostNames.evaluate(l);
+        transaction->m_variableArgsPostNames.resolve(l);
     }
 };
 
+class ArgsPostNames_DictElementRegexp : public Variable {
+ public:
+    explicit ArgsPostNames_DictElementRegexp(std::string dictElement)
+        : Variable("ARGS_POST_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableArgsPostNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
+};
+
 }  // namespace Variables
 }  // namespace modsecurity
 

src/variables/request_headers_names.h

@@ -29,15 +29,48 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {
 
-class RequestHeadersNames : public Variable {
+class RequestHeadersNames_DictElement : public Variable {
  public:
-    RequestHeadersNames()
+    explicit RequestHeadersNames_DictElement(std::string dictElement)
-        : Variable("REQUEST_HEADERS_NAMES") { }
+        : Variable("REQUEST_HEADERS_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
     void evaluate(Transaction *transaction,
         Rule *rule,
-        std::vector<const collection::Variable *> *l) {
+        std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableRequestHeadersNames.evaluate(l);
+        transaction->m_variableRequestHeadersNames.resolve(m_dictElement, l);
     }
+
+    std::string m_dictElement;
+};
+
+class RequestHeadersNames_NoDictElement : public Variable {
+ public:
+    RequestHeadersNames_NoDictElement()
+        : Variable("REQUEST_HEADERS_NAMES") { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableRequestHeadersNames.resolve(l);
+    }
+};
+
+class RequestHeadersNames_DictElementRegexp : public Variable {
+ public:
+    explicit RequestHeadersNames_DictElementRegexp(std::string dictElement)
+        : Variable("REQUEST_HEADERS_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableRequestHeadersNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
 };
 
 }  // namespace Variables

src/variables/response_headers_names.h

@@ -29,18 +29,50 @@ namespace modsecurity {
 class Transaction;
 namespace Variables {
 
-class ResponseHeadersNames : public Variable {
+class ResponseHeadersNames_DictElement : public Variable {
  public:
-    ResponseHeadersNames()
+    explicit ResponseHeadersNames_DictElement(std::string dictElement)
+        : Variable("RESPONSE_HEADERS_NAMES" + std::string(":") +
+            std::string(dictElement)),
+        m_dictElement(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableResponseHeadersNames.resolve(m_dictElement, l);
+    }
+
+    std::string m_dictElement;
+};
+
+class ResponseHeadersNames_NoDictElement : public Variable {
+ public:
+    ResponseHeadersNames_NoDictElement()
         : Variable("RESPONSE_HEADERS_NAMES") { }
 
     void evaluate(Transaction *transaction,
         Rule *rule,
-        std::vector<const collection::Variable *> *l) {
+        std::vector<const collection::Variable *> *l) override {
-        transaction->m_variableResponseHeadersNames.evaluate(l);
+        transaction->m_variableResponseHeadersNames.resolve(l);
     }
 };
 
+class ResponseHeadersNames_DictElementRegexp : public Variable {
+ public:
+    explicit ResponseHeadersNames_DictElementRegexp(std::string dictElement)
+        : Variable("RESPONSE_HEADERS_NAMES"),
+        m_r(dictElement) { }
+
+    void evaluate(Transaction *transaction,
+        Rule *rule,
+        std::vector<const collection::Variable *> *l) override {
+        transaction->m_variableResponseHeadersNames.resolveRegularExpression(
+            &m_r, l);
+    }
+
+    Utils::Regex m_r;
+};
+
 }  // namespace Variables
 }  // namespace modsecurity
 

test/test-cases/regression/offset-variable.json

@@ -149,7 +149,7 @@
       ]
     },
     "expected":{
-      "error_log":"o0,6v17,6v31,6t:trim"
+      "error_log":"o0,6v17,6t:trim"
     },
     "rules":[
       "SecRequestBodyAccess On",
@@ -182,7 +182,7 @@
       ]
     },
     "expected":{
-      "error_log":"o7,6v17,6v31,6t:trim"
+      "error_log":"o0,6v31,6t:trim"
     },
     "rules":[
       "SecRequestBodyAccess On",
@@ -215,7 +215,7 @@
       ]
     },
     "expected":{
-      "error_log":"o3,7v17,6v31,6t:trim"
+      // should not match
     },
     "rules":[
       "SecRequestBodyAccess On",
@@ -248,7 +248,7 @@
       ]
     },
     "expected":{
-      "error_log":"o3,14v17,6v31,6v45,6t:trim"
+      // should not match
     },
     "rules":[
       "SecRequestBodyAccess On",
@@ -281,11 +281,11 @@
       ]
     },
     "expected":{
-      "error_log":"o3,14v149,6v163,6v177,6t:trim"
+      "error_log": "0,6v149,6t:trim"
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_POST_NAMES \"@rx am1 param2 par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_POST_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
     ]
   },
   {
@@ -314,11 +314,11 @@
       ]
     },
     "expected":{
-      "error_log":"o0,3v17,6t:trimo0,3v149,6t:trimo0,3v31,6t:trimo0,3v163,6t:trimo0,3v45,6t:trimo0,3v177,6t:trim"
+      "error_log":"o0,6v17,6t:trimo0,6v149,6t:trim"
     },
     "rules":[
       "SecRequestBodyAccess On",
-      "SecRule ARGS_NAMES \"@rx par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
+      "SecRule ARGS_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\""
     ]
   },
     {
@@ -786,7 +786,7 @@
       ]
     },
     "expected":{
-      "error_log":"o0,4v64,13v114,4v130,14v149,12t:lowercase"
+      "error_log":"o0,4v64,13t:lowercase"
     },
     "rules":[
       "SecRequestBodyAccess On",

test/test-cases/regression/variable-ARGS_GET_NAMES.json

@@ -17,7 +17,7 @@
         "User-Agent":"curl/7.38.0",
         "Accept":"*/*"
       },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
       "method":"GET"
     },
     "response":{  
@@ -31,7 +31,7 @@
       ]
     },
     "expected":{  
-      "debug_log":"Target value: \"key key\""
+      "debug_log":"Target value: \"key1\""
     },
     "rules":[  
       "SecRuleEngine On",
@@ -56,7 +56,7 @@
         "User-Agent":"curl/7.38.0",
         "Accept":"*/*"
       },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
       "method":"GET"
     },
     "response":{  
@@ -70,7 +70,7 @@
       ]
     },
     "expected":{  
-      "debug_log":"Target value: \"key key\""
+      "debug_log":"Target value: \"key2\""
     },
     "rules":[  
       "SecRuleEngine On",

test/test-cases/regression/variable-ARGS_NAMES.json

@@ -17,7 +17,7 @@
         "User-Agent":"curl/7.38.0",
         "Accept":"*/*"
       },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
       "method":"GET"
     },
     "response":{  
@@ -31,7 +31,7 @@
       ]
     },
     "expected":{  
-      "debug_log":"Target value: \"key\""
+      "debug_log":"Target value: \"key1\""
     },
     "rules":[  
       "SecRuleEngine On",
@@ -56,7 +56,7 @@
         "User-Agent":"curl/7.38.0",
         "Accept":"*/*"
       },
-      "uri":"/?key=value&key=other_value",
+      "uri":"/?key1=value&key2=other_value",
       "method":"GET"
     },
     "response":{  
@@ -70,7 +70,7 @@
       ]
     },
     "expected":{  
-      "debug_log":"Target value: \"key\""
+      "debug_log":"Target value: \"key2\""
     },
     "rules":[  
       "SecRuleEngine On",
@@ -158,7 +158,7 @@
       ]
     },
     "expected":{
-      "debug_log":"Target value: \"param1\" "
+      "debug_log":"Target value: \"param2\""
     },
     "rules":[
       "SecRuleEngine On",

test/test-cases/regression/variable-ARGS_POST_NAMES.json

@@ -36,7 +36,7 @@
       ]
     },
     "expected":{
-      "debug_log":"Target value: \"param1 param2\""
+      "debug_log":"Target value: \"param1\""
     },
     "rules":[
       "SecRuleEngine On",
@@ -80,7 +80,7 @@
       ]
     },
     "expected":{
-      "debug_log":"Target value: \"param1 param2\""
+      "debug_log":"Target value: \"param2\""
     },
     "rules":[
       "SecRuleEngine On",

test/test-cases/regression/variable-REQUEST_HEADERS_NAMES.json

@@ -1,18 +1,18 @@
-[  
+[
-  {  
+  {
     "enabled":1,
     "version_min":300000,
     "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
-    "client":{  
+    "client":{
       "ip":"200.249.12.31",
       "port":123
     },
-    "server":{  
+    "server":{
       "ip":"200.249.12.31",
       "port":80
     },
-    "request":{  
+    "request":{
-      "headers":{  
+      "headers":{
         "Host":"localhost",
         "User-Agent":"curl/7.38.0",
         "Accept":"*/*",
@@ -22,7 +22,7 @@
       },
       "uri":"/",
       "method":"POST",
-      "body":[  
+      "body":[
         "--------------------------756b6d74fa1a8ee2",
         "Content-Disposition: form-data; name=\"name\"",
         "",
@@ -40,20 +40,315 @@
         "--------------------------756b6d74fa1a8ee2--"
       ]
     },
-    "response":{  
+    "response":{
-      "headers":{  
+      "headers":{
         "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
         "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
         "Content-Type":"text/html"
       },
-      "body":[  
+      "body":[
         "no need."
       ]
     },
-    "expected":{  
+    "expected":{
-      "debug_log":"Target value: \"[Accept|Expect|Content\\-Type|User\\-Agent|Content\\-Length|Host| ]+\" \\(Variable: REQUEST_HEADERS_NAMES\\)"
+      "debug_log":"Target value: \"Host\" \\(Variable: REQUEST_HEADERS_NAMES:Host\\)"
     },
-    "rules":[  
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"User-Agent\" \\(Variable: REQUEST_HEADERS_NAMES:User-Agent\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Accept\" \\(Variable: REQUEST_HEADERS_NAMES:Accept\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Content-Length\" \\(Variable: REQUEST_HEADERS_NAMES:Content-Length\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Content-Type\" \\(Variable: REQUEST_HEADERS_NAMES:Content-Type\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: REQUEST_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log":"Target value: \"Expect\" \\(Variable: REQUEST_HEADERS_NAMES:Expect\\)"
+    },
+    "rules":[
       "SecRuleEngine On",
       "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
     ]

test/test-cases/regression/variable-RESPONSE_HEADERS_NAMES.json

@@ -1,18 +1,18 @@
-[  
+[
-  {  
+  {
     "enabled":1,
     "version_min":300000,
     "title":"Testing Variables :: RESPONSE_HEADERS_NAMES",
-    "client":{  
+    "client":{
       "ip":"200.249.12.31",
       "port":123
     },
-    "server":{  
+    "server":{
       "ip":"200.249.12.31",
       "port":80
     },
-    "request":{  
+    "request":{
-      "headers":{  
+      "headers":{
         "Host":"localhost",
         "User-Agent":"curl/7.38.0",
         "Accept":"*/*",
@@ -22,7 +22,7 @@
       },
       "uri":"/",
       "method":"POST",
-      "body":[  
+      "body":[
         "--------------------------756b6d74fa1a8ee2",
         "Content-Disposition: form-data; name=\"name\"",
         "",
@@ -40,20 +40,138 @@
         "--------------------------756b6d74fa1a8ee2--"
       ]
     },
-    "response":{  
+    "response":{
-      "headers":{  
+      "headers":{
         "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
         "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
         "Content-Type":"text/html"
       },
-      "body":[  
+      "body":[
         "no need."
       ]
     },
-    "expected":{  
+    "expected":{
-      "debug_log":"Target value: \"Date Last-Modified Content-Type\" \\(Variable: RESPONSE_HEADERS_NAMES\\)"
+      "debug_log": "Target value: \"Date\" \\(Variable: RESPONSE_HEADERS_NAMES:Date\\)"
     },
-    "rules":[  
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: RESPONSE_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log": "Target value: \"Last-Modified\" \\(Variable: RESPONSE_HEADERS_NAMES:Last-Modified\\)"
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: RESPONSE_HEADERS_NAMES",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"330",
+        "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
+        "Expect":"100-continue"
+      },
+      "uri":"/",
+      "method":"POST",
+      "body":[
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"name\"",
+        "",
+        "test",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is a very small test file..",
+        "--------------------------756b6d74fa1a8ee2",
+        "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"",
+        "Content-Type: text/plain",
+        "",
+        "This is another very small test file..",
+        "--------------------------756b6d74fa1a8ee2--"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "debug_log": "Target value: \"Content-Type\" \\(Variable: RESPONSE_HEADERS_NAMES:Content-Type\\)"
+    },
+    "rules":[
       "SecRuleEngine On",
       "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\""
     ]