mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
Check for disruptive action on SecDefaultAction
This commit is contained in:
Felipe Zimmerle
66
test/test-cases/regression/action-block.json
Normal file
66
test/test-cases/regression/action-block.json
Normal file
@@ -0,0 +1,66 @@
|
||||
[
|
||||
{
|
||||
"enabled":1,
|
||||
"version_min":300000,
|
||||
"title":"Testing 'block' action without desruptive action",
|
||||
"expected":{
|
||||
"parser_error": "Line: 1. Column: 16. SecDefaultAction must specify a disruptive action."
|
||||
},
|
||||
"client":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":12300
|
||||
},
|
||||
"request":{
|
||||
"headers":{
|
||||
"Host":"a.b.com",
|
||||
"User-Agent":"curl/7.38.0",
|
||||
"Accept":"*/*",
|
||||
"User-Agent":"My sweet little browser",
|
||||
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
|
||||
},
|
||||
"uri":"/path1",
|
||||
"method":"GET"
|
||||
},
|
||||
"server":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":80
|
||||
},
|
||||
"rules":[
|
||||
"SecRuleEngine On",
|
||||
"SecDefaultAction \"phase:1,log,block,status:404\"",
|
||||
"SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\""
|
||||
]
|
||||
},
|
||||
{
|
||||
"enabled":1,
|
||||
"version_min":300000,
|
||||
"title":"Testing 'block' action with desruptive action",
|
||||
"expected":{
|
||||
"http_code": 400
|
||||
},
|
||||
"client":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":12300
|
||||
},
|
||||
"request":{
|
||||
"headers":{
|
||||
"Host":"a.b.com",
|
||||
"User-Agent":"curl/7.38.0",
|
||||
"Accept":"*/*",
|
||||
"User-Agent":"My sweet little browser",
|
||||
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
|
||||
},
|
||||
"uri":"/path1",
|
||||
"method":"GET"
|
||||
},
|
||||
"server":{
|
||||
"ip":"200.249.12.31",
|
||||
"port":80
|
||||
},
|
||||
"rules":[
|
||||
"SecRuleEngine On",
|
||||
"SecDefaultAction \"phase:1,log,block,deny,status:400\"",
|
||||
"SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\""
|
||||
]
|
||||
}
|
||||
]
|
||||
@@ -53,7 +53,7 @@
|
||||
},
|
||||
"rules":[
|
||||
"SecRuleEngine On",
|
||||
"SecDefaultAction \"phase:2,t:lowercase\"",
|
||||
"SecDefaultAction \"phase:2,t:lowercase,pass\"",
|
||||
"SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"",
|
||||
"SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\""
|
||||
]
|
||||
@@ -112,7 +112,7 @@
|
||||
},
|
||||
"rules":[
|
||||
"SecRuleEngine On",
|
||||
"SecDefaultAction \"phase:2,t:lowercase\"",
|
||||
"SecDefaultAction \"phase:2,t:lowercase,pass\"",
|
||||
"SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"t:none,phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"",
|
||||
"SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\""
|
||||
]
|
||||
@@ -277,8 +277,8 @@
|
||||
},
|
||||
"rules":[
|
||||
"SecRuleEngine On",
|
||||
"SecDefaultAction \"phase:2,log,auditlog,status:302\"",
|
||||
"SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,redirect:'http://www.google.com'\"",
|
||||
"SecDefaultAction \"phase:2,log,auditlog,status:302,redirect:'http://www.google.com'\"",
|
||||
"SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1\"",
|
||||
"SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\""
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user