mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
Adds Status test case with the SecServerSignature being used
If SecServerSignature is used ModSecurity should send the real data, not the one informed to SecServerSignature. Originally reported by: Linas
This commit is contained in:
Felipe Zimmerle
73
tests/regression/misc/20-status-engine.t
Normal file
73
tests/regression/misc/20-status-engine.t
Normal file
@@ -0,0 +1,73 @@
|
||||
### Test the SecStatusEngine
|
||||
|
||||
# On
|
||||
{
|
||||
type => "misc",
|
||||
comment => "Setting SecStatusEngine to On",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecStatusEngine On
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: StatusEngine call successfully sent/, 1],
|
||||
-error => [ qr/Status engine is currently disabled, enable it by set SecStatusEngine to On/, 1],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "application/x-www-form-urlencoded",
|
||||
],
|
||||
"arg1=val1&arg2=val2",
|
||||
),
|
||||
},
|
||||
# Off
|
||||
{
|
||||
type => "misc",
|
||||
comment => "Setting SecStatusEngine to Off",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecStatusEngine Off
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: StatusEngine call successfully sent/, 1],
|
||||
error => [ qr/Status engine is currently disabled, enable it by set SecStatusEngine to On/, 1],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "application/x-www-form-urlencoded",
|
||||
],
|
||||
"arg1=val1&arg2=val2",
|
||||
),
|
||||
},
|
||||
# On and SecServerSignature
|
||||
{
|
||||
type => "misc",
|
||||
comment => "SecStatusEngine On using SecServerSignature",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecServerSignature "SpiderServer v0.1a"
|
||||
SecStatusEngine On
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: StatusEngine call successfully sent/, 1],
|
||||
-error => [ qr/StatusEngine call: .*SpiderServer v0.1a.*/, 1],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "application/x-www-form-urlencoded",
|
||||
],
|
||||
"arg1=val1&arg2=val2",
|
||||
),
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user