diff --git a/tests/regression/action/00-disruptive-actions.t b/tests/regression/action/00-disruptive-actions.t index c37133b1..028bf4b3 100644 --- a/tests/regression/action/00-disruptive-actions.t +++ b/tests/regression/action/00-disruptive-actions.t @@ -9,8 +9,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,pass" - SecAction "phase:1,deny" + SecAction "phase:1,pass,id:500033" + SecAction "phase:1,deny,id:500034" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ], @@ -30,8 +30,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,pass" - SecAction "phase:2,deny" + SecAction "phase:2,pass,id:500035" + SecAction "phase:2,deny,id:500036" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ], @@ -53,8 +53,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:3,pass" - SecAction "phase:3,deny" + SecAction "phase:3,pass,id:500037" + SecAction "phase:3,deny,id:500038" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ], @@ -76,8 +76,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:4,pass" - SecAction "phase:4,deny" + SecAction "phase:4,pass,id:500039" + SecAction "phase:4,deny,id:500040" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ], @@ -99,8 +99,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,allow" - SecAction "phase:1,deny" + SecAction "phase:1,allow,id:500041" + SecAction "phase:1,deny,id:500042" ), match_log => { error => [ qr/ModSecurity: Access allowed \(phase 1\). Unconditional match in SecAction/, 1 ], @@ -120,8 +120,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,allow" - SecAction "phase:2,deny" + SecAction "phase:2,allow,id:500043" + SecAction "phase:2,deny,id:500044" ), match_log => { error => [ qr/ModSecurity: Access allowed \(phase 2\). Unconditional match in SecAction/, 1 ], @@ -143,8 +143,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:3,allow" - SecAction "phase:3,deny" + SecAction "phase:3,allow,id:500045" + SecAction "phase:3,deny,id:500046" ), match_log => { error => [ qr/ModSecurity: Access allowed \(phase 3\). Unconditional match in SecAction/, 1 ], @@ -166,8 +166,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:4,allow" - SecAction "phase:4,deny" + SecAction "phase:4,allow,id:500047" + SecAction "phase:4,deny,id:500048" ), match_log => { error => [ qr/ModSecurity: Access allowed \(phase 4\). Unconditional match in SecAction/, 1 ], @@ -189,7 +189,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,deny" + SecAction "phase:1,deny,id:500049" ), match_log => { error => [ qr/Access denied with code 403 \(phase 1\). Unconditional match in SecAction./, 1 ], @@ -209,7 +209,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,deny" + SecAction "phase:2,deny,id:500050" ), match_log => { error => [ qr/Access denied with code 403 \(phase 2\). Unconditional match in SecAction./, 1 ], @@ -231,7 +231,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:3,deny" + SecAction "phase:3,deny,id:500051" ), match_log => { error => [ qr/Access denied with code 403 \(phase 3\). Unconditional match in SecAction./, 1 ], @@ -253,7 +253,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:4,deny" + SecAction "phase:4,deny,id:500052" ), match_log => { error => [ qr/Access denied with code 403 \(phase 4\). Unconditional match in SecAction./, 1 ], @@ -275,7 +275,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,drop" + SecAction "phase:1,drop,id:500053" ), match_log => { error => [ qr/Access denied with connection close \(phase 1\). Unconditional match in SecAction./, 1 ], @@ -295,7 +295,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,drop" + SecAction "phase:2,drop,id:500054" ), match_log => { error => [ qr/Access denied with connection close \(phase 2\). Unconditional match in SecAction./, 1 ], @@ -317,7 +317,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:3,drop" + SecAction "phase:3,drop,id:500055" ), match_log => { error => [ qr/Access denied with connection close \(phase 3\). Unconditional match in SecAction./, 1 ], @@ -339,7 +339,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:4,drop" + SecAction "phase:4,drop,id:500056" ), match_log => { error => [ qr/Access denied with connection close \(phase 4\). Unconditional match in SecAction./, 1 ], @@ -361,7 +361,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500001" ), match_log => { error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 1\)/, 1 ], @@ -382,7 +382,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500002" ), match_log => { error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 2\)/, 1 ], @@ -405,7 +405,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500003" ), match_log => { error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 3\)/, 1 ], @@ -428,7 +428,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500004" ), match_log => { error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 4\)/, 1 ], @@ -451,7 +451,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005" ), match_log => { error => [ qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1 ], @@ -472,7 +472,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500006" ), match_log => { error => [ qr/ModSecurity: Access denied using proxy to \(phase 2\)/, 1 ], @@ -495,7 +495,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500007" ), match_log => { error => [ qr/ModSecurity: Access denied with code 500 \(phase 3\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ], @@ -517,7 +517,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500008" ), match_log => { error => [ qr/ModSecurity: Access denied with code 500 \(phase 4\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ], diff --git a/tests/regression/action/10-append-prepend.t b/tests/regression/action/10-append-prepend.t index 97f28685..4e89f629 100644 --- a/tests/regression/action/10-append-prepend.t +++ b/tests/regression/action/10-append-prepend.t @@ -9,8 +9,8 @@ SecContentInjection On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 - SecAction "phase:1,setvar:tx.test=test" - SecAction "phase:2,append:'APPEND: \%{tx.test}'" + SecAction "phase:1,setvar:tx.test=test,id:500002" + SecAction "phase:2,append:'APPEND: \%{tx.test}',id:500003" ), match_log => { debug => [ "Added content to bottom: APPEND: test", 1 ], @@ -33,8 +33,8 @@ SecContentInjection On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 - SecAction "phase:1,setvar:tx.test=test" - SecAction "phase:2,prepend:'PREPEND: \%{tx.test}'" + SecAction "phase:1,setvar:tx.test=test,id:500004" + SecAction "phase:2,prepend:'PREPEND: \%{tx.test}',id:500005" ), match_log => { debug => [ "Added content to top: PREPEND: test", 1 ], diff --git a/tests/regression/action/10-ctl.t b/tests/regression/action/10-ctl.t index 1aa9fd15..a4940a34 100644 --- a/tests/regression/action/10-ctl.t +++ b/tests/regression/action/10-ctl.t @@ -7,7 +7,7 @@ conf => qq( SecRuleEngine On SecAction "phase:2,id:666,deny" - SecAction "phase:1,pass,ctl:ruleRemoveById=666" + SecAction "phase:1,pass,ctl:ruleRemoveById=666,id:500030" ), match_log => { }, @@ -23,7 +23,7 @@ comment => "ruleRemoveById future rule across phases", conf => qq( SecRuleEngine On - SecAction "phase:1,pass,ctl:ruleRemoveById=666" + SecAction "phase:1,pass,ctl:ruleRemoveById=666,id:500031" SecAction "phase:2,id:666,deny" ), match_log => { @@ -40,7 +40,7 @@ comment => "ruleRemoveById future rule same phase", conf => qq( SecRuleEngine On - SecAction "phase:1,pass,ctl:ruleRemoveById=666" + SecAction "phase:1,pass,ctl:ruleRemoveById=666,id:500032" SecAction "phase:1,id:666,deny" ), match_log => { diff --git a/tests/regression/action/10-detectiononly-actions.t b/tests/regression/action/10-detectiononly-actions.t index 238972c7..42a8dfa2 100644 --- a/tests/regression/action/10-detectiononly-actions.t +++ b/tests/regression/action/10-detectiononly-actions.t @@ -11,8 +11,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 - SecAction "phase:1,pass,msg:'PASSED'" - SecAction "phase:1,deny,msg:'DENIED'" + SecAction "phase:1,pass,msg:'PASSED',id:500057" + SecAction "phase:1,deny,msg:'DENIED',id:500058" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], @@ -32,8 +32,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,pass,msg:'PASSED'" - SecAction "phase:2,deny,msg:'DENIED'" + SecAction "phase:2,pass,msg:'PASSED',id:500059" + SecAction "phase:2,deny,msg:'DENIED',id:500060" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], @@ -55,8 +55,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:3,pass,msg:'PASSED'" - SecAction "phase:3,deny,msg:'DENIED'" + SecAction "phase:3,pass,msg:'PASSED',id:500061" + SecAction "phase:3,deny,msg:'DENIED',id:500062" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], @@ -78,8 +78,8 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecAction "phase:4,pass,msg:'PASSED'" - SecAction "phase:4,deny,msg:'DENIED'" + SecAction "phase:4,pass,msg:'PASSED',id:500063" + SecAction "phase:4,deny,msg:'DENIED',id:500064" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], @@ -101,8 +101,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,allow,msg:'ALLOWED'" - SecAction "phase:1,deny,msg:'DENIED'" + SecAction "phase:1,allow,msg:'ALLOWED',id:500065" + SecAction "phase:1,deny,msg:'DENIED',id:500066" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], @@ -125,8 +125,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,allow,msg:'ALLOWED'" - SecAction "phase:2,deny,msg:'DENIED'" + SecAction "phase:2,allow,msg:'ALLOWED',id:500067" + SecAction "phase:2,deny,msg:'DENIED',id:500068" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], @@ -149,8 +149,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:3,allow,msg:'ALLOWED'" - SecAction "phase:3,deny,msg:'DENIED'" + SecAction "phase:3,allow,msg:'ALLOWED',id:500069" + SecAction "phase:3,deny,msg:'DENIED',id:500070" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], @@ -173,8 +173,8 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:4,allow,msg:'ALLOWED'" - SecAction "phase:4,deny,msg:'DENIED'" + SecAction "phase:4,allow,msg:'ALLOWED',id:500071" + SecAction "phase:4,deny,msg:'DENIED',id:500072" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], @@ -199,7 +199,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,deny,msg:'DENIED'" + SecAction "phase:1,deny,msg:'DENIED',id:500073" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], @@ -220,7 +220,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,deny,msg:'DENIED'" + SecAction "phase:2,deny,msg:'DENIED',id:500074" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], @@ -241,7 +241,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:3,deny,msg:'DENIED'" + SecAction "phase:3,deny,msg:'DENIED',id:500075" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], @@ -262,7 +262,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:4,deny,msg:'DENIED'" + SecAction "phase:4,deny,msg:'DENIED',id:500076" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], @@ -285,7 +285,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:1,drop,msg:'DROPPED'" + SecAction "phase:1,drop,msg:'DROPPED',id:500077" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], @@ -306,7 +306,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:2,drop,msg:'DROPPED'" + SecAction "phase:2,drop,msg:'DROPPED',id:500078" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], @@ -327,7 +327,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:3,drop,msg:'DROPPED'" + SecAction "phase:3,drop,msg:'DROPPED',id:500079" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], @@ -348,7 +348,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecAction "phase:4,drop,msg:'DROPPED'" + SecAction "phase:4,drop,msg:'DROPPED',id:500080" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], @@ -371,7 +371,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500009" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], @@ -393,7 +393,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500010" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], @@ -415,7 +415,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500011" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], @@ -437,7 +437,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500012" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], @@ -461,7 +461,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500013" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], @@ -483,7 +483,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500014" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], @@ -507,7 +507,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500015" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], @@ -530,7 +530,7 @@ SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 - SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'" + SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500016" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], diff --git a/tests/regression/action/10-logging.t b/tests/regression/action/10-logging.t index 3c1d42b2..d460ab01 100644 --- a/tests/regression/action/10-logging.t +++ b/tests/regression/action/10-logging.t @@ -11,7 +11,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,log" + SecAction "phase:1,pass,log,id:500006" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -34,7 +34,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,nolog" + SecAction "phase:1,pass,nolog,id:500007" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -59,7 +59,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,log" + SecAction "phase:1,deny,status:403,log,id:500008" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -82,7 +82,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,nolog" + SecAction "phase:1,deny,status:403,nolog,id:500009" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -107,7 +107,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,auditlog" + SecAction "phase:1,pass,auditlog,id:500010" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -130,7 +130,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,noauditlog" + SecAction "phase:1,pass,noauditlog,id:500011" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -155,7 +155,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,auditlog" + SecAction "phase:1,deny,status:403,auditlog,id:500012" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -178,7 +178,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,noauditlog" + SecAction "phase:1,deny,status:403,noauditlog,id:500013" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -203,7 +203,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,log,auditlog" + SecAction "phase:1,pass,log,auditlog,id:500014" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -226,7 +226,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,log,noauditlog" + SecAction "phase:1,pass,log,noauditlog,id:500015" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -249,7 +249,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,nolog,auditlog" + SecAction "phase:1,pass,nolog,auditlog,id:500016" ), match_log => { audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ], @@ -271,7 +271,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,nolog,noauditlog" + SecAction "phase:1,pass,nolog,noauditlog,id:500017" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -294,7 +294,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,auditlog,log" + SecAction "phase:1,pass,auditlog,log,id:500018" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -317,7 +317,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,auditlog,nolog" + SecAction "phase:1,pass,auditlog,nolog,id:500019" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -340,7 +340,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,noauditlog,log" + SecAction "phase:1,pass,noauditlog,log,id:500020" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], @@ -363,7 +363,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,pass,noauditlog,nolog" + SecAction "phase:1,pass,noauditlog,nolog,id:500021" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -388,7 +388,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,log,auditlog" + SecAction "phase:1,deny,status:403,log,auditlog,id:500022" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -411,7 +411,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,log,noauditlog" + SecAction "phase:1,deny,status:403,log,noauditlog,id:500023" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -434,7 +434,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,nolog,auditlog" + SecAction "phase:1,deny,status:403,nolog,auditlog,id:500024" ), match_log => { audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ], @@ -457,7 +457,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,nolog,noauditlog" + SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -480,7 +480,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,auditlog,log" + SecAction "phase:1,deny,status:403,auditlog,log,id:500026" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -503,7 +503,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,auditlog,nolog" + SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -526,7 +526,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,noauditlog,log" + SecAction "phase:1,deny,status:403,noauditlog,log,id:500028" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], @@ -549,7 +549,7 @@ SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecAction "phase:1,deny,status:403,noauditlog,nolog" + SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], diff --git a/tests/regression/config/10-audit-directives.t b/tests/regression/config/10-audit-directives.t index 8a9d1663..16aad95c 100644 --- a/tests/regression/config/10-audit-directives.t +++ b/tests/regression/config/10-audit-directives.t @@ -46,7 +46,7 @@ SecDebugLogLevel 9 SecResponseBodyAccess On SecDefaultAction "phase:2,log,auditlog,pass" - SecRule REQUEST_URI "." "phase:4,deny" + SecRule REQUEST_URI "." "phase:4,deny,id:500251" ), match_log => { audit => [ qr/./, 1 ], @@ -246,7 +246,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecAuditLogParts "ABCDEFGHIJKZ" - SecAction "phase:4,log,auditlog,allow" + SecAction "phase:4,log,auditlog,allow,id:500086" ), match_log => { audit => [ qr/-A--.*-B--.*-C--.*-F--.*-E--.*-H--.*-K--.*-Z--/s, 1 ], diff --git a/tests/regression/config/10-debug-directives.t b/tests/regression/config/10-debug-directives.t index b5376879..bf788018 100644 --- a/tests/regression/config/10-debug-directives.t +++ b/tests/regression/config/10-debug-directives.t @@ -40,7 +40,7 @@ SecRuleEngine On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 0 - SecRule REQUEST_URI "." "phase:1,deny" + SecRule REQUEST_URI "." "phase:1,deny,id:500241" ), match_log => { -debug => [ qr/./, 1 ], @@ -60,7 +60,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 1 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500242" ), match_log => { debug => [ qr/\]\[[1]\] /, 1 ], @@ -85,7 +85,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 2 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500243" ), match_log => { debug => [ qr/\]\[2\] /, 1 ], @@ -110,7 +110,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 3 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500244" ), match_log => { debug => [ qr/\]\[3\] /, 1 ], @@ -135,7 +135,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 4 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500245" ), match_log => { debug => [ qr/\]\[4\] /, 1 ], @@ -160,7 +160,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 5 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500246" ), match_log => { debug => [ qr/\]\[5\] /, 1 ], @@ -185,7 +185,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 6 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500247" ), match_log => { debug => [ qr/\]\[6\] /, 1 ], @@ -210,7 +210,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 7 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500248" ), match_log => { debug => [ qr/\]\[7\] /, 1 ], @@ -235,7 +235,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 8 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500249" ), match_log => { debug => [ qr/\]\[8\] /, 1 ], @@ -260,7 +260,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRuleScript "test.lua" "phase:1" - SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus" + SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500250" ), match_log => { debug => [ qr/\]\[9\] /, 1 ], diff --git a/tests/regression/config/10-misc-directives.t b/tests/regression/config/10-misc-directives.t index 0dffcaf1..65db99ee 100644 --- a/tests/regression/config/10-misc-directives.t +++ b/tests/regression/config/10-misc-directives.t @@ -13,7 +13,7 @@ conf => qq( SecRuleEngine on SecDefaultAction "phase:1,deny,status:500" - SecRule REQUEST_URI "test.txt" + SecRule REQUEST_URI "test.txt,id:500240" ), match_log => { error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ], @@ -52,7 +52,7 @@ conf => qq( SecRuleEngine On SecDataDir "$ENV{DATA_DIR}" - SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass + SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass,id:500085 ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ], diff --git a/tests/regression/config/10-request-directives.t b/tests/regression/config/10-request-directives.t index 16094ca7..75f15cf2 100644 --- a/tests/regression/config/10-request-directives.t +++ b/tests/regression/config/10-request-directives.t @@ -7,8 +7,8 @@ conf => q( SecRuleEngine On SecArgumentSeparator ";" - SecRule ARGS:a "@streq 1" "phase:1,deny,chain" - SecRule ARGS:b "@streq 2" + SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500215" + SecRule ARGS:b "@streq 2,id:500216" ), match_log => { error => [ qr/Access denied with code 403 \(phase 1\)\. String match "2" at ARGS:b\./, 1 ], @@ -25,8 +25,8 @@ comment => "SecArgumentSeparator (get-neg)", conf => q( SecRuleEngine On - SecRule ARGS:a "@streq 1" "phase:1,deny,chain" - SecRule ARGS:b "@streq 2" + SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500217" + SecRule ARGS:b "@streq 2,id:500218" ), match_log => { -error => [ qr/Access denied/, 1 ], @@ -45,8 +45,8 @@ SecRuleEngine On SecRequestBodyAccess On SecArgumentSeparator ";" - SecRule ARGS:a "@streq 1" "phase:2,deny,chain" - SecRule ARGS:b "@streq 2" + SecRule ARGS:a "@streq 1" "phase:2,deny,chain,id:500219" + SecRule ARGS:b "@streq 2,id:500220" ), match_log => { error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ], @@ -68,8 +68,8 @@ conf => q( SecRuleEngine On SecRequestBodyAccess On - SecRule ARGS:a "@streq 1" "phase:2,deny" - SecRule ARGS:b "@streq 2" "phase:2,deny" + SecRule ARGS:a "@streq 1" "phase:2,deny,id:500221" + SecRule ARGS:b "@streq 2" "phase:2,deny,id:500222" ), match_log => { -error => [ qr/Access denied/, 1 ], @@ -93,8 +93,8 @@ conf => qq( SecRuleEngine On SecRequestBodyAccess On - SecRule ARGS:a "\@streq 1" "phase:2,deny,chain" - SecRule ARGS:b "\@streq 2" + SecRule ARGS:a "\@streq 1" "phase:2,deny,chain,id:500223" + SecRule ARGS:b "\@streq 2,id:500224" ), match_log => { error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ], @@ -116,8 +116,8 @@ conf => qq( SecRuleEngine On SecRequestBodyAccess Off - SecRule ARGS:a "\@streq 1" "phase:2,deny" - SecRule ARGS:b "\@streq 2" "phase:2,deny" + SecRule ARGS:a "\@streq 1" "phase:2,deny,id:500225" + SecRule ARGS:b "\@streq 2" "phase:2,deny,id:500226" ), match_log => { -error => [ qr/Access denied/, 1 ], @@ -269,8 +269,8 @@ SecRequestBodyAccess On SecRequestBodyLimit 5 - SecAction "phase:1,pass,nolog,ctl:ruleEngine=off" - SecRule REQUEST_BODY "." "phase:2,deny" + SecAction "phase:1,pass,nolog,ctl:ruleEngine=off,id:500081" + SecRule REQUEST_BODY "." "phase:2,deny,id:500227" ), match_log => { -error => [ qr/Request body .*is larger than the configured limit/, 1 ], @@ -294,8 +294,8 @@ SecRequestBodyAccess On SecRequestBodyLimit 5 - SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off" - SecRule REQUEST_BODY "." "phase:2,deny" + SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off,id:500082" + SecRule REQUEST_BODY "." "phase:2,deny,id:500228" ), match_log => { -error => [ qr/Request body .*is larger than the configured limit/, 1 ], @@ -319,8 +319,8 @@ SecRequestBodyAccess On SecRequestBodyLimit 256 - SecAction "phase:1,pass,nolog,ctl:ruleEngine=off" - SecRule REQUEST_BODY "." "phase:2,deny" + SecAction "phase:1,pass,nolog,ctl:ruleEngine=off,id:500083" + SecRule REQUEST_BODY "." "phase:2,deny,id:500229" ), match_log => { -error => [ qr/Request body .*is larger than the configured limit/, 1 ], @@ -363,8 +363,8 @@ SecRequestBodyAccess On SecRequestBodyLimit 256 - SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off" - SecRule REQUEST_BODY "." "phase:2,deny" + SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off,id:500084" + SecRule REQUEST_BODY "." "phase:2,deny,id:500230" ), match_log => { -error => [ qr/Request body .*is larger than the configured limit \(256\)\./, 1 ], @@ -499,9 +499,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 5 SecCookieFormat 1 - SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain" - SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain" - SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval" + SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500231" + SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain,id:500232" + SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval,id:500233" ), match_log => { error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ], @@ -526,9 +526,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 5 SecCookieFormat 0 - SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain" - SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain" - SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval" + SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500234" + SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain,id:500235" + SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval,id:500236" ), match_log => { -error => [ qr/Access denied/, 1 ], diff --git a/tests/regression/config/10-response-directives.t b/tests/regression/config/10-response-directives.t index 60617a29..51f10c4c 100644 --- a/tests/regression/config/10-response-directives.t +++ b/tests/regression/config/10-response-directives.t @@ -10,7 +10,7 @@ SecResponseBodyMimeTypesClear SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule RESPONSE_BODY "TEST" "phase:4,deny" + SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500237" ), match_log => { -error => [ qr/Access denied/, 1 ], @@ -34,7 +34,7 @@ SecDebugLogLevel 9 SecResponseBodyAccess On SecResponseBodyMimeType text/plain null - SecRule RESPONSE_BODY "TEST" "phase:4,deny" + SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500238" ), match_log => { error => [ qr/Access denied with code 403 \(phase 4\)\. Pattern match "TEST" at RESPONSE_BODY\./, 1 ], @@ -55,7 +55,7 @@ SecDebugLogLevel 9 SecResponseBodyAccess Off SecResponseBodyMimeType text/plain null - SecRule RESPONSE_BODY "TEST" "phase:4,deny" + SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500239" ), match_log => { -error => [ qr/Access denied/, 1 ], diff --git a/tests/regression/misc/00-multipart-parser.t b/tests/regression/misc/00-multipart-parser.t index 5ed94ebc..2a181e6c 100644 --- a/tests/regression/misc/00-multipart-parser.t +++ b/tests/regression/misc/00-multipart-parser.t @@ -9,9 +9,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500055" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500056" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500057" ), match_log => { debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ], @@ -55,9 +55,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500058" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500059" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500060" ), match_log => { debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ], @@ -97,9 +97,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500061" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500062" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500063" ), match_log => { debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ], @@ -138,9 +138,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500064" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500065" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500066" ), match_log => { debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ], @@ -181,9 +181,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500067" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500068" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500069" ), match_log => { debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ], @@ -223,8 +223,8 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500070" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500071" ), match_log => { debug => [ qr/Adding request argument \(BODY\): name "a", value "--test".*Adding request argument \(BODY\): name "b", value "--"/s, 1 ], @@ -420,8 +420,8 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "!\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500072" + SecRule REQBODY_PROCESSOR_ERROR "!\@eq 1" "phase:2,deny,id:500073" ), match_log => { debug => [ qr/name: a.*variable: 1.*Invalid part header \(header name missing\)/s, 1 ], @@ -462,10 +462,10 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500074" + SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500075" + SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500076" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500077" ), match_log => { debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ], @@ -503,10 +503,10 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500078" + SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500079" + SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500080" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500081" ), match_log => { debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ], @@ -544,10 +544,10 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500082" + SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500083" + SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500084" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500085" ), match_log => { debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ], @@ -584,10 +584,10 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500086" + SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500087" + SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500088" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500089" ), match_log => { debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ], @@ -624,10 +624,10 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500090" + SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500091" + SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500092" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500093" ), match_log => { debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ], @@ -666,7 +666,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403" + SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403,id:500094" ), match_log => { debug => [ qr/name: a.*variable: 1.*Ignoring data after last boundary/s, 1 ], @@ -706,9 +706,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny" - SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500095" + SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny,id:500096" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny,id:500097" ), match_log => { debug => [ qr/name: a.*variable: 1.*Duplicate Content-Disposition name/s, 1 ], @@ -748,9 +748,9 @@ conf => qq( SecRuleEngine On SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500098" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500099" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500100" ), match_log => { error => [ qr/Invalid boundary in C-T \(malformed\)/, 1 ], @@ -795,9 +795,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500101" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500102" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500103" ), match_log => { }, @@ -842,9 +842,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500104" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500105" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500106" ), match_log => { error => [ qr/Invalid boundary in C-T \(case sensitivity\)/, 1 ], @@ -889,9 +889,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500107" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500108" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500109" ), match_log => { error => [ qr/Invalid boundary in C-T \(parameter name\)/, 1 ], @@ -938,9 +938,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500110" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500111" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500112" ), match_log => { debug => [ qr/Multiple boundary parameters in C-T/, 1 ], @@ -985,9 +985,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500113" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500114" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500115" ), match_log => { debug => [ qr/Multiple boundary parameters in C-T/, 1 ], @@ -1032,9 +1032,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500116" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500117" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500118" ), match_log => { }, @@ -1078,9 +1078,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500119" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500120" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500121" ), match_log => { debug => [ qr/boundary whitespace in C-T header/, 1 ], @@ -1125,9 +1125,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500122" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500123" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500124" ), match_log => { debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ], @@ -1174,9 +1174,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500125" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500126" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500127" ), match_log => { debug => [ qr/No boundaries found in payload/, 1 ], @@ -1220,9 +1220,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500128" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500129" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500130" ), match_log => { debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ], @@ -1269,9 +1269,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500131" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500132" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500133" ), match_log => { debug => [ qr/boundary was quoted/, 1 ], @@ -1316,9 +1316,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500134" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500135" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500136" ), match_log => { debug => [ qr/boundary was quoted.*No boundaries found in payload/s, 1 ], @@ -1363,9 +1363,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500137" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500138" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500139" ), match_log => { debug => [ qr/boundary was quoted.*No boundaries found in payload/s, 1 ], @@ -1409,9 +1409,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500140" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500141" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500142" ), match_log => { debug => [ qr/boundary was quoted/s, 1 ], @@ -1456,9 +1456,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500143" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500144" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500145" ), match_log => { debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ], @@ -1502,9 +1502,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500146" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500147" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500148" ), match_log => { debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ], @@ -1548,9 +1548,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500149" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500150" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500151" ), match_log => { debug => [ qr/Invalid boundary in C-T \(quote\)/, 1 ], @@ -1594,9 +1594,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500152" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500153" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500154" ), match_log => { debug => [ qr/Invalid boundary in C-T \(quote\)/, 1 ], @@ -1639,9 +1639,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500155" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500156" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500157" ), match_log => { debug => [ qr/Invalid Content-Disposition header/, 1 ], @@ -1692,9 +1692,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 SecRequestBodyAccess On - SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny" - SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny" - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500158" + SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500159" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500160" ), match_log => { debug => [ qr/Part missing Content-Disposition header/, 1 ], @@ -1752,20 +1752,20 @@ SecUploadFileLimit 2 # These should be set - SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny" - SecRule MULTIPART_FILE_LIMIT_EXCEEDED "!\@eq 1" "phase:2,deny" + SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500161" + SecRule MULTIPART_FILE_LIMIT_EXCEEDED "!\@eq 1" "phase:2,deny,id:500162" # This should not be set - SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny" + SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500163" # Theses should still be accurate - SecRule &FILES "!\@eq 3" "phase:2,deny" - SecRule &FILES_NAMES "!\@eq 3" "phase:2,deny" - SecRule &FILES_SIZES "!\@eq 3" "phase:2,deny" - SecRule FILES_SIZES:/^image/ "\@eq 0" "phase:2,deny" + SecRule &FILES "!\@eq 3" "phase:2,deny,id:500164" + SecRule &FILES_NAMES "!\@eq 3" "phase:2,deny,id:500165" + SecRule &FILES_SIZES "!\@eq 3" "phase:2,deny,id:500166" + SecRule FILES_SIZES:/^image/ "\@eq 0" "phase:2,deny,id:500167" # This should be the SecUploadFileLimit - SecRule &FILES_TMPNAMES "!\@eq 2" "phase:2,deny" + SecRule &FILES_TMPNAMES "!\@eq 2" "phase:2,deny,id:500168" ), match_log => { debug => [ qr/Multipart: Upload file limit exceeded.*name: test.*variable: This is test data/s, 1 ], diff --git a/tests/regression/misc/00-phases.t b/tests/regression/misc/00-phases.t index 97a40a52..2f1c4e59 100644 --- a/tests/regression/misc/00-phases.t +++ b/tests/regression/misc/00-phases.t @@ -9,10 +9,10 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain null - SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog" - SecRule ARGS "val1" "phase:1,pass,log,auditlog" - SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog" - SecRule RESPONSE_BODY "TEST" "phase:1,pass,log,auditlog" + SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog,id:500169" + SecRule ARGS "val1" "phase:1,pass,log,auditlog,id:500170" + SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog,id:500171" + SecRule RESPONSE_BODY "TEST" "phase:1,pass,log,auditlog,id:500172" ), match_log => { error => [ qr/Pattern match "\^POST" at REQUEST_LINE/, 1 ], @@ -39,10 +39,10 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain null - SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog" - SecRule ARGS "val1" "phase:2,pass,log,auditlog" - SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog" - SecRule RESPONSE_BODY "TEST" "phase:2,pass,log,auditlog" + SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog,id:500173" + SecRule ARGS "val1" "phase:2,pass,log,auditlog,id:500174" + SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog,id:500175" + SecRule RESPONSE_BODY "TEST" "phase:2,pass,log,auditlog,id:500176" ), match_log => { error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS/s, 1 ], @@ -69,10 +69,10 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain null - SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog" - SecRule ARGS "val1" "phase:3,pass,log,auditlog" - SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog" - SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog" + SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog,id:500177" + SecRule ARGS "val1" "phase:3,pass,log,auditlog,id:500178" + SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog,id:500179" + SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog,id:500180" ), match_log => { error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS/s, 1 ], @@ -101,10 +101,10 @@ SecResponseBodyMimeType text/plain null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 - SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog" - SecRule ARGS "val1" "phase:4,pass,log,auditlog" - SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog" - SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog" + SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog,id:500181" + SecRule ARGS "val1" "phase:4,pass,log,auditlog,id:500182" + SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog,id:500183" + SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog,id:500184" ), match_log => { error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS.*Pattern match "TEST" at RESPONSE_BODY/s, 1 ], @@ -130,10 +130,10 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain null - SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog" - SecRule ARGS "val1" "phase:5,pass,log,auditlog" - SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog" - SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog" + SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog,id:500185" + SecRule ARGS "val1" "phase:5,pass,log,auditlog,id:500186" + SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog,id:500187" + SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog,id:500188" ), match_log => { error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS.*Pattern match "TEST" at RESPONSE_BODY/s, 1 ], diff --git a/tests/regression/misc/10-pcre.t b/tests/regression/misc/10-pcre.t index c66f4f9e..61c0a301 100644 --- a/tests/regression/misc/10-pcre.t +++ b/tests/regression/misc/10-pcre.t @@ -17,9 +17,9 @@ SecPcreMatchLimitRecursion 100 # Poor REGEX - SecRule ARGS "(?:(.{2,})\\1{32,})" "phase:2,deny,capture,msg:'REDoS'" + SecRule ARGS "(?:(.{2,})\\1{32,})" "phase:2,deny,capture,msg:'REDoS',id:500053" # Detect PCRE limits exceeded - SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "!\@streq 0" "phase:2,deny,msg:'ModSecurity Internal Error Flagged: %{MATCHED_VAR_NAME}'" + SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "!\@streq 0" "phase:2,deny,msg:'ModSecurity Internal Error Flagged: %{MATCHED_VAR_NAME}',id:500054" ), match_log => { debug => [ qr/PCRE limits exceeded/, 1 ], diff --git a/tests/regression/misc/10-tfn-cache.t b/tests/regression/misc/10-tfn-cache.t index 271834db..e3a5a5c3 100644 --- a/tests/regression/misc/10-tfn-cache.t +++ b/tests/regression/misc/10-tfn-cache.t @@ -12,10 +12,10 @@ SecCacheTransformations On "minlen:1,maxlen:0" # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" + SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500037" # This should use the cached value - SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny" + SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500038" ), match_log => { debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ], @@ -40,10 +40,10 @@ SecCacheTransformations On "minlen:1,maxlen:0,incremental:off,maxitems:0" # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog" + SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog,id:500039" # This should use the partially cached value - SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny" + SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500040" ), match_log => { debug => [ qr/removeWhiteSpace: "FooBar" .*partially cached/, 1 ], @@ -67,10 +67,10 @@ SecCacheTransformations On "minlen:1,maxlen:0" # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" + SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500041" # This should use the cached value - SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny" + SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500042" ), match_log => { -debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ], @@ -94,10 +94,10 @@ SecCacheTransformations On "minlen:1,maxlen:0" # This should cache it - SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" + SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500043" # This should use the cached value - SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny" + SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500044" ), match_log => { debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ], @@ -122,12 +122,12 @@ SecCacheTransformations On "minlen:1,maxlen:0" # This should cache it - SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass" + SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,id:500045" # This should see cached versions of *both* ARGS_GET - SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain" - SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain" - SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase" + SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain,id:500046" + SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain,id:500047" + SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase,id:500017" ), match_log => { debug => [ qr/removeWhiteSpace,lowercase: "queryval" .*removeWhiteSpace,lowercase: "firstval" .*cached.*removeWhiteSpace,lowercase: "secondval" .*cached/s, 1 ], @@ -163,13 +163,13 @@ SecCacheTransformations On "minlen:1,maxlen:0,maxitems:0" # This should cache it in all phases - SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" - SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" - SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" - SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog" + SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500048" + SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500049" + SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500050" + SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500051" # This should use the cached value - SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny" + SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500052" ), match_log => { debug => [ qr/Adding request argument \(BODY\): name "test", value "Foo Bar"/, 60, "Waiting for httpd to process request: "], diff --git a/tests/regression/rule/00-basics.t b/tests/regression/rule/00-basics.t index 295bbc99..f6854a71 100644 --- a/tests/regression/rule/00-basics.t +++ b/tests/regression/rule/00-basics.t @@ -8,7 +8,7 @@ SecRuleEngine On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 4 - SecAction "nolog" + SecAction "nolog,id:500001" ), match_log => { -error => [ qr/ModSecurity: /, 1 ], @@ -32,7 +32,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 5 SecDefaultAction "phase:2,deny,status:403" - SecRule ARGS:test "value" + SecRule ARGS:test "value,id:500032" ), match_log => { error => [ qr/ModSecurity: /, 1 ], @@ -53,7 +53,7 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 5 SecDefaultAction "phase:2,pass" - SecRule ARGS:test "value" "deny,status:403" + SecRule ARGS:test "value" "deny,status:403,id:500033" ), match_log => { error => [ qr/ModSecurity: /, 1 ], @@ -74,9 +74,9 @@ SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 5 SecDefaultAction "phase:2,log,noauditlog,pass,tag:foo" - SecRule ARGS:test "value" "chain,phase:2,deny,status:403" - SecRule &ARGS "\@eq 1" "chain,setenv:tx.foo=bar" - SecRule REQUEST_METHOD "\@streq GET" + SecRule ARGS:test "value" "chain,phase:2,deny,status:403,id:500034" + SecRule &ARGS "\@eq 1" "chain,setenv:tx.foo=bar,id:500035" + SecRule REQUEST_METHOD "\@streq GET,id:500036" ), match_log => { error => [ qr/ModSecurity: /, 1 ], diff --git a/tests/regression/rule/10-xml.t b/tests/regression/rule/10-xml.t index 4ec937dd..edfa5684 100644 --- a/tests/regression/rule/10-xml.t +++ b/tests/regression/rule/10-xml.t @@ -10,10 +10,10 @@ SecRequestBodyAccess On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500005 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500006 + SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500007 "phase:2,deny,id:12345" ), match_log => { @@ -59,10 +59,10 @@ SecDebugLogLevel 9 SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500008 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500009 + SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500010 "phase:2,deny,log,auditlog,id:12345" ), match_log => { @@ -108,10 +108,10 @@ SecDebugLogLevel 9 SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500011 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500012 + SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500013 "phase:2,deny,id:12345" ), match_log => { @@ -158,10 +158,10 @@ SecDebugLogLevel 9 SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500014 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500015 + SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500016 "phase:2,deny,id:12345" ), match_log => { @@ -208,10 +208,10 @@ SecDebugLogLevel 9 SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500017 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope-bad.xsd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500018 + SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope-bad.xsd" \\,id:500019 "phase:2,deny,id:12345" ), match_log => { @@ -256,10 +256,10 @@ SecRequestBodyAccess On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500020 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500021 + SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\,id:500022 "phase:2,deny,id:12345" ), match_log => { @@ -299,10 +299,10 @@ SecRequestBodyAccess On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500023 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500024 + SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\,id:500025 "phase:2,deny,id:12345" ), match_log => { @@ -342,10 +342,10 @@ SecRequestBodyAccess On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500026 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500027 + SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\,id:500028 "phase:2,deny,id:12345" ), match_log => { @@ -385,10 +385,10 @@ SecRequestBodyAccess On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\ + SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500029 "phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" - SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345 - SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" \\ + SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500030 + SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" \\,id:500031 "phase:2,deny,id:12345" ), match_log => { diff --git a/tests/regression/rule/20-exceptions.t b/tests/regression/rule/20-exceptions.t index 12c058e9..6bdb44c3 100644 --- a/tests/regression/rule/20-exceptions.t +++ b/tests/regression/rule/20-exceptions.t @@ -109,7 +109,7 @@ SecRuleEngine On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule'" + SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',id:500001" SecRuleRemoveByMsg "testing rule" ), match_log => { @@ -134,7 +134,7 @@ SecRuleEngine On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule'" + SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',id:500002" SecRuleUpdateActionById 1 "pass,nolog" ), match_log => { @@ -157,8 +157,8 @@ SecRuleEngine On SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',chain" - SecRule ARGS "bar" + SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',chain,id:500003" + SecRule ARGS "bar,id:500004" SecRuleUpdateActionById 1 "pass,nolog" ), match_log => { diff --git a/tests/regression/target/00-targets.t b/tests/regression/target/00-targets.t index d24f3777..2e9b2889 100644 --- a/tests/regression/target/00-targets.t +++ b/tests/regression/target/00-targets.t @@ -11,8 +11,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS "val1" "phase:2,log,pass" - SecRule ARGS "val2" "phase:2,log,pass" + SecRule ARGS "val1" "phase:2,log,pass,id:500189" + SecRule ARGS "val2" "phase:2,log,pass,id:500190" ), match_log => { error => [ qr/Pattern match "val1" at ARGS.*Pattern match "val2" at ARGS/s, 1 ], @@ -35,8 +35,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS "val1" "phase:2,log,pass" - SecRule ARGS "val2" "phase:2,log,pass" + SecRule ARGS "val1" "phase:2,log,pass,id:500191" + SecRule ARGS "val2" "phase:2,log,pass,id:500192" ), match_log => { error => [ qr/Pattern match "val1" at ARGS.*Pattern match "val2" at ARGS/s, 1 ], @@ -63,7 +63,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass" + SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass,id:500193" ), match_log => { error => [ qr/Operator EQ matched 16 at ARGS_COMBINED_SIZE\./s, 1 ], @@ -83,7 +83,7 @@ SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null - SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass" + SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass,id:500194" ), match_log => { error => [ qr/Operator EQ matched 16 at ARGS_COMBINED_SIZE\./s, 1 ], @@ -111,8 +111,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_NAMES "arg1" "phase:2,log,pass" - SecRule ARGS_NAMES "arg2" "phase:2,log,pass" + SecRule ARGS_NAMES "arg1" "phase:2,log,pass,id:500195" + SecRule ARGS_NAMES "arg2" "phase:2,log,pass,id:500196" ), match_log => { error => [ qr/Pattern match "arg1" at ARGS.*Pattern match "arg2" at ARGS/s, 1 ], @@ -135,8 +135,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_NAMES "arg1" "phase:2,log,pass" - SecRule ARGS_NAMES "arg2" "phase:2,log,pass" + SecRule ARGS_NAMES "arg1" "phase:2,log,pass,id:500197" + SecRule ARGS_NAMES "arg2" "phase:2,log,pass,id:500198" ), match_log => { error => [ qr/Pattern match "arg1" at ARGS_NAMES.*Pattern match "arg2" at ARGS_NAMES/s, 1 ], @@ -165,8 +165,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_GET "val1" "phase:2,log,pass" - SecRule ARGS_GET "val2" "phase:2,log,pass" + SecRule ARGS_GET "val1" "phase:2,log,pass,id:500199" + SecRule ARGS_GET "val2" "phase:2,log,pass,id:500200" ), match_log => { error => [ qr/Pattern match "val1" at ARGS_GET.*Pattern match "val2" at ARGS_GET/s, 1 ], @@ -189,8 +189,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_GET "val1" "phase:2,log,pass" - SecRule ARGS_GET "val2" "phase:2,log,pass" + SecRule ARGS_GET "val1" "phase:2,log,pass,id:500201" + SecRule ARGS_GET "val2" "phase:2,log,pass,id:500202" ), match_log => { -error => [ qr/Pattern match/, 1 ], @@ -219,8 +219,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass" - SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass" + SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass,id:500203" + SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass,id:500204" ), match_log => { error => [ qr/Pattern match "arg1" at ARGS_GET.*Pattern match "arg2" at ARGS_GET/s, 1 ], @@ -243,8 +243,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass" - SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass" + SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass,id:500205" + SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass,id:500206" ), match_log => { -error => [ qr/Pattern match/, 1 ], @@ -273,8 +273,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_POST "val1" "phase:2,log,pass" - SecRule ARGS_POST "val2" "phase:2,log,pass" + SecRule ARGS_POST "val1" "phase:2,log,pass,id:500207" + SecRule ARGS_POST "val2" "phase:2,log,pass,id:500208" ), match_log => { -error => [ qr/Pattern match/, 1 ], @@ -297,8 +297,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_POST "val1" "phase:2,log,pass" - SecRule ARGS_POST "val2" "phase:2,log,pass" + SecRule ARGS_POST "val1" "phase:2,log,pass,id:500209" + SecRule ARGS_POST "val2" "phase:2,log,pass,id:500210" ), match_log => { error => [ qr/Pattern match "val1" at ARGS_POST.*Pattern match "val2" at ARGS_POST/s, 1 ], @@ -327,8 +327,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass" - SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass" + SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass,id:500211" + SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass,id:500212" ), match_log => { -error => [ qr/Pattern match/, 1 ], @@ -351,8 +351,8 @@ SecResponseBodyMimeType null SecDebugLog $ENV{DEBUG_LOG} SecDebugLogLevel 9 - SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass" - SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass" + SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass,id:500213" + SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass,id:500214" ), match_log => { error => [ qr/Pattern match "arg1" at ARGS_POST.*Pattern match "arg2" at ARGS_POST/s, 1 ], diff --git a/tests/run-regression-tests.pl.in b/tests/run-regression-tests.pl.in index 15614e94..019ccf2c 100755 --- a/tests/run-regression-tests.pl.in +++ b/tests/run-regression-tests.pl.in @@ -582,6 +582,7 @@ sub httpd_start { if (defined $out and $out ne "") { vrb(join(" ", map { quote_shell($_) } @p)); msg("Httpd start failed with error messages:\n$out"); + httpd_stop(); return -1 } @@ -590,6 +591,7 @@ sub httpd_start { vrb(join(" ", map { quote_shell($_) } @p)); vrb(match_log("error", qr/(^.*ModSecurity: .*)/sm, 10)); msg("Httpd server failed to start."); + httpd_stop(); return -1; }