github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to the variables: REMOTE_HOST, SERVER_{ADDR,PORT}

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-07-22 02:29:11 -03:00
parent ae81bb1433
commit d20a47fb03
5 changed files with 182 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/assay.cc
View File

@ -177,8 +177,10 @@ int Assay::processConnection(const char *client, int cPort, const char *server,
debug(4, "Transaction context created (blah blah)"); debug(4, "Transaction context created (blah blah)");
debug(4, "Starting phase CONNECTION. (SecRules 0)"); debug(4, "Starting phase CONNECTION. (SecRules 0)");
this->store_variable("REMOTE_HOST", m_serverIpAddress); this->store_variable("REMOTE_HOST", m_clientIpAddress);
this->store_variable("REMOTE_ADDR", m_clientIpAddress); this->store_variable("REMOTE_ADDR", m_clientIpAddress);
this->store_variable("SERVER_ADDR", m_serverIpAddress);
this->store_variable("SERVER_PORT", std::to_string(this->m_serverPort));
this->store_variable("REMOTE_PORT", std::to_string(this->m_clientPort)); this->store_variable("REMOTE_PORT", std::to_string(this->m_clientPort));
this->m_rules->evaluate(ModSecurity::ConnectionPhase, this); this->m_rules->evaluate(ModSecurity::ConnectionPhase, this);
return true; return true;

2
src/parser/seclang-scanner.ll
View File

@ -60,7 +60,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim) TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
VARIABLE (?i:REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO) VARIABLE (?i:SERVER_PORT|SERVER_ADDR|REMOTE_PORT|REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
RUN_TIME_VAR_DUR (?i:DURATION) RUN_TIME_VAR_DUR (?i:DURATION)
RUN_TIME_VAR_ENV (?i:ENV) RUN_TIME_VAR_ENV (?i:ENV)
RUN_TIME_VAR_BLD (?i:MODSEC_BUILD) RUN_TIME_VAR_BLD (?i:MODSEC_BUILD)

4
test/test-cases/regression/variable-REMOTE_HOST.json
View File

@ -33,7 +33,7 @@
] ]
}, },
"expected":{ "expected":{
"debug_log":"Target value: \"200.249.12.11\" \\(Variable: REMOTE_HOST\\)" "debug_log":"Target value: \"200.249.12.31\" \\(Variable: REMOTE_HOST\\)"
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",
@ -76,7 +76,7 @@
] ]
}, },
"expected":{ "expected":{
"debug_log":"Target value: \"::1\" \\(Variable: REMOTE_HOST\\)" "debug_log":"Target value: \"200.249.12.31\" \\(Variable: REMOTE_HOST\\)"
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",

88
test/test-cases/regression/variable-SERVER_ADDR.json Normal file
View File

@ -0,0 +1,88 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing Variables :: SERVER_ADDR",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.11",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"27",
"Content-Type":"application/x-www-form-urlencoded"
},
"uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202",
"protocol":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"200.249.12.11\" \\(Variable: SERVER_ADDR\\)"
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule SERVER_ADDR \"@contains test \" \"phase:3,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing Variables :: SERVER_ADDR",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"::1",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"27",
"Content-Type":"application/x-www-form-urlencoded"
},
"uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202",
"protocol":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"::1\" \\(Variable: SERVER_ADDR\\)"
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule SERVER_ADDR \"@contains test \" \"phase:3,pass,t:trim\""
]
}
]

88
test/test-cases/regression/variable-SERVER_PORT.json Normal file
View File

@ -0,0 +1,88 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing Variables :: SERVER_PORT",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.11",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"27",
"Content-Type":"application/x-www-form-urlencoded"
},
"uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202",
"protocol":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"80\" \\(Variable: SERVER_PORT\\)"
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule SERVER_PORT \"@contains test \" \"phase:3,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing Variables :: SERVER_PORT",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"::1",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"27",
"Content-Type":"application/x-www-form-urlencoded"
},
"uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202",
"protocol":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"80\" \\(Variable: SERVER_PORT\\)"
},
"rules":[
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule SERVER_PORT \"@contains test \" \"phase:3,pass,t:trim\""
]
}
]