diff --git a/tests/regression/misc/40-sec-hash-engine.t b/tests/regression/misc/40-sec-hash-engine.t
new file mode 100644
index 00000000..e0770e1f
--- /dev/null
+++ b/tests/regression/misc/40-sec-hash-engine.t
@@ -0,0 +1,118 @@
+### libinjection.
+
+{
+ type => "misc",
+ comment => "SecHash engine - missing paramenter",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "some_key" KeyOnly
+ SecHashMethodRx "HashHref" "\.(txt)"
+ SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+ ),
+ match_log => {
+ error => [ qr/Request URI matched .* at REQUEST_URI. No Hash parameter/, 1],
+ debug => [ qr/Request URI without hash parameter/, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ ),
+},
+{
+ type => "misc",
+ comment => "SecHash engine - wrong paramenter",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "some_key" KeyOnly
+ SecHashMethodRx "HashHref" "\.(txt)"
+ SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+ ),
+ match_log => {
+ error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?hmac=test",
+ ),
+},
+{
+ type => "misc",
+ comment => "SecHash engine - correct paramenter",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "some_key" KeyOnly
+ SecHashMethodRx "HashHref" "\.(txt)"
+ SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+ ),
+ match_log => {
+ -error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?hmac=a17d5c0a78b54a15f19ccb5d47651470c7b8f31f",
+ ),
+},
+{
+ type => "misc",
+ comment => "SecHash engine - link verification",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLogLevel 9
+ SecDebugLog $ENV{DEBUG_LOG}
+
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "rand" "KeyOnly"
+ SecHashMethodRx "HashHref" "testparam"
+ ),
+ match_log => {
+ -error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+ },
+ match_response => {
+ content => qr/testparam=123456&hmac=a95a6c5324869521e82e8b2465dd36a27b0b6d27/,
+ },
+
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/hash_test.html",
+ ),
+},
+
+
+
diff --git a/tests/regression/server_root/htdocs/hash_test.html b/tests/regression/server_root/htdocs/hash_test.html
new file mode 100644
index 00000000..e75b43dd
--- /dev/null
+++ b/tests/regression/server_root/htdocs/hash_test.html
@@ -0,0 +1,6 @@
+
+
+Test
+Test 2
+
+