mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
Fixed: Regression tests with no ID present
This commit is contained in:
Breno Silva
@@ -9,9 +9,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500055"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500056"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500057"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ],
|
||||
@@ -55,9 +55,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500058"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500059"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500060"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
|
||||
@@ -97,9 +97,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500061"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500062"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500063"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
|
||||
@@ -138,9 +138,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500064"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500065"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500066"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
|
||||
@@ -181,9 +181,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500067"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500068"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500069"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
|
||||
@@ -223,8 +223,8 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500070"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500071"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Adding request argument \(BODY\): name "a", value "--test".*Adding request argument \(BODY\): name "b", value "--"/s, 1 ],
|
||||
@@ -420,8 +420,8 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "!\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500072"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "!\@eq 1" "phase:2,deny,id:500073"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*Invalid part header \(header name missing\)/s, 1 ],
|
||||
@@ -462,10 +462,10 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500074"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500075"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500076"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500077"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
|
||||
@@ -503,10 +503,10 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500078"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500079"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500080"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500081"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
|
||||
@@ -544,10 +544,10 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500082"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500083"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500084"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500085"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
|
||||
@@ -584,10 +584,10 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500086"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500087"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500088"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500089"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
|
||||
@@ -624,10 +624,10 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500090"
|
||||
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500091"
|
||||
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500092"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500093"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
|
||||
@@ -666,7 +666,7 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403"
|
||||
SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403,id:500094"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*Ignoring data after last boundary/s, 1 ],
|
||||
@@ -706,9 +706,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500095"
|
||||
SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny,id:500096"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny,id:500097"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/name: a.*variable: 1.*Duplicate Content-Disposition name/s, 1 ],
|
||||
@@ -748,9 +748,9 @@
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500098"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500099"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500100"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Invalid boundary in C-T \(malformed\)/, 1 ],
|
||||
@@ -795,9 +795,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500101"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500102"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500103"
|
||||
),
|
||||
match_log => {
|
||||
},
|
||||
@@ -842,9 +842,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500104"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500105"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500106"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Invalid boundary in C-T \(case sensitivity\)/, 1 ],
|
||||
@@ -889,9 +889,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500107"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500108"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500109"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Invalid boundary in C-T \(parameter name\)/, 1 ],
|
||||
@@ -938,9 +938,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500110"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500111"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500112"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Multiple boundary parameters in C-T/, 1 ],
|
||||
@@ -985,9 +985,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500113"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500114"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500115"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Multiple boundary parameters in C-T/, 1 ],
|
||||
@@ -1032,9 +1032,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500116"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500117"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500118"
|
||||
),
|
||||
match_log => {
|
||||
},
|
||||
@@ -1078,9 +1078,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500119"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500120"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500121"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/boundary whitespace in C-T header/, 1 ],
|
||||
@@ -1125,9 +1125,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500122"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500123"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500124"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ],
|
||||
@@ -1174,9 +1174,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500125"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500126"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500127"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/No boundaries found in payload/, 1 ],
|
||||
@@ -1220,9 +1220,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500128"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500129"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500130"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ],
|
||||
@@ -1269,9 +1269,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500131"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500132"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500133"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/boundary was quoted/, 1 ],
|
||||
@@ -1316,9 +1316,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500134"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500135"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500136"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/boundary was quoted.*No boundaries found in payload/s, 1 ],
|
||||
@@ -1363,9 +1363,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500137"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500138"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500139"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/boundary was quoted.*No boundaries found in payload/s, 1 ],
|
||||
@@ -1409,9 +1409,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500140"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500141"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500142"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/boundary was quoted/s, 1 ],
|
||||
@@ -1456,9 +1456,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500143"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500144"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500145"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ],
|
||||
@@ -1502,9 +1502,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500146"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500147"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500148"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ],
|
||||
@@ -1548,9 +1548,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500149"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500150"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500151"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Invalid boundary in C-T \(quote\)/, 1 ],
|
||||
@@ -1594,9 +1594,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500152"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500153"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500154"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Invalid boundary in C-T \(quote\)/, 1 ],
|
||||
@@ -1639,9 +1639,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500155"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500156"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500157"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Invalid Content-Disposition header/, 1 ],
|
||||
@@ -1692,9 +1692,9 @@
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRequestBodyAccess On
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500158"
|
||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500159"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500160"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Part missing Content-Disposition header/, 1 ],
|
||||
@@ -1752,20 +1752,20 @@
|
||||
SecUploadFileLimit 2
|
||||
|
||||
# These should be set
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_FILE_LIMIT_EXCEEDED "!\@eq 1" "phase:2,deny"
|
||||
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500161"
|
||||
SecRule MULTIPART_FILE_LIMIT_EXCEEDED "!\@eq 1" "phase:2,deny,id:500162"
|
||||
|
||||
# This should not be set
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
|
||||
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500163"
|
||||
|
||||
# Theses should still be accurate
|
||||
SecRule &FILES "!\@eq 3" "phase:2,deny"
|
||||
SecRule &FILES_NAMES "!\@eq 3" "phase:2,deny"
|
||||
SecRule &FILES_SIZES "!\@eq 3" "phase:2,deny"
|
||||
SecRule FILES_SIZES:/^image/ "\@eq 0" "phase:2,deny"
|
||||
SecRule &FILES "!\@eq 3" "phase:2,deny,id:500164"
|
||||
SecRule &FILES_NAMES "!\@eq 3" "phase:2,deny,id:500165"
|
||||
SecRule &FILES_SIZES "!\@eq 3" "phase:2,deny,id:500166"
|
||||
SecRule FILES_SIZES:/^image/ "\@eq 0" "phase:2,deny,id:500167"
|
||||
|
||||
# This should be the SecUploadFileLimit
|
||||
SecRule &FILES_TMPNAMES "!\@eq 2" "phase:2,deny"
|
||||
SecRule &FILES_TMPNAMES "!\@eq 2" "phase:2,deny,id:500168"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Multipart: Upload file limit exceeded.*name: test.*variable: This is test data/s, 1 ],
|
||||
|
||||
@@ -9,10 +9,10 @@
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType text/plain null
|
||||
SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog"
|
||||
SecRule ARGS "val1" "phase:1,pass,log,auditlog"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:1,pass,log,auditlog"
|
||||
SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog,id:500169"
|
||||
SecRule ARGS "val1" "phase:1,pass,log,auditlog,id:500170"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog,id:500171"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:1,pass,log,auditlog,id:500172"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Pattern match "\^POST" at REQUEST_LINE/, 1 ],
|
||||
@@ -39,10 +39,10 @@
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType text/plain null
|
||||
SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog"
|
||||
SecRule ARGS "val1" "phase:2,pass,log,auditlog"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:2,pass,log,auditlog"
|
||||
SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog,id:500173"
|
||||
SecRule ARGS "val1" "phase:2,pass,log,auditlog,id:500174"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog,id:500175"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:2,pass,log,auditlog,id:500176"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS/s, 1 ],
|
||||
@@ -69,10 +69,10 @@
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType text/plain null
|
||||
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog"
|
||||
SecRule ARGS "val1" "phase:3,pass,log,auditlog"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog"
|
||||
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog,id:500177"
|
||||
SecRule ARGS "val1" "phase:3,pass,log,auditlog,id:500178"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog,id:500179"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog,id:500180"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS/s, 1 ],
|
||||
@@ -101,10 +101,10 @@
|
||||
SecResponseBodyMimeType text/plain null
|
||||
SecDebugLog "$ENV{DEBUG_LOG}"
|
||||
SecDebugLogLevel 9
|
||||
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog"
|
||||
SecRule ARGS "val1" "phase:4,pass,log,auditlog"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog"
|
||||
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog,id:500181"
|
||||
SecRule ARGS "val1" "phase:4,pass,log,auditlog,id:500182"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog,id:500183"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog,id:500184"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS.*Pattern match "TEST" at RESPONSE_BODY/s, 1 ],
|
||||
@@ -130,10 +130,10 @@
|
||||
SecRequestBodyAccess On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType text/plain null
|
||||
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog"
|
||||
SecRule ARGS "val1" "phase:5,pass,log,auditlog"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog"
|
||||
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog,id:500185"
|
||||
SecRule ARGS "val1" "phase:5,pass,log,auditlog,id:500186"
|
||||
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog,id:500187"
|
||||
SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog,id:500188"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS.*Pattern match "TEST" at RESPONSE_BODY/s, 1 ],
|
||||
|
||||
@@ -17,9 +17,9 @@
|
||||
SecPcreMatchLimitRecursion 100
|
||||
|
||||
# Poor REGEX
|
||||
SecRule ARGS "(?:(.{2,})\\1{32,})" "phase:2,deny,capture,msg:'REDoS'"
|
||||
SecRule ARGS "(?:(.{2,})\\1{32,})" "phase:2,deny,capture,msg:'REDoS',id:500053"
|
||||
# Detect PCRE limits exceeded
|
||||
SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "!\@streq 0" "phase:2,deny,msg:'ModSecurity Internal Error Flagged: %{MATCHED_VAR_NAME}'"
|
||||
SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "!\@streq 0" "phase:2,deny,msg:'ModSecurity Internal Error Flagged: %{MATCHED_VAR_NAME}',id:500054"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/PCRE limits exceeded/, 1 ],
|
||||
|
||||
@@ -12,10 +12,10 @@
|
||||
SecCacheTransformations On "minlen:1,maxlen:0"
|
||||
|
||||
# This should cache it
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500037"
|
||||
|
||||
# This should use the cached value
|
||||
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny"
|
||||
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500038"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
|
||||
@@ -40,10 +40,10 @@
|
||||
SecCacheTransformations On "minlen:1,maxlen:0,incremental:off,maxitems:0"
|
||||
|
||||
# This should cache it
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog"
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog,id:500039"
|
||||
|
||||
# This should use the partially cached value
|
||||
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny"
|
||||
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500040"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/removeWhiteSpace: "FooBar" .*partially cached/, 1 ],
|
||||
@@ -67,10 +67,10 @@
|
||||
SecCacheTransformations On "minlen:1,maxlen:0"
|
||||
|
||||
# This should cache it
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500041"
|
||||
|
||||
# This should use the cached value
|
||||
SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny"
|
||||
SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500042"
|
||||
),
|
||||
match_log => {
|
||||
-debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
|
||||
@@ -94,10 +94,10 @@
|
||||
SecCacheTransformations On "minlen:1,maxlen:0"
|
||||
|
||||
# This should cache it
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500043"
|
||||
|
||||
# This should use the cached value
|
||||
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny"
|
||||
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500044"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
|
||||
@@ -122,12 +122,12 @@
|
||||
SecCacheTransformations On "minlen:1,maxlen:0"
|
||||
|
||||
# This should cache it
|
||||
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass"
|
||||
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,id:500045"
|
||||
|
||||
# This should see cached versions of *both* ARGS_GET
|
||||
SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain"
|
||||
SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain"
|
||||
SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase"
|
||||
SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain,id:500046"
|
||||
SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain,id:500047"
|
||||
SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase,id:500017"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/removeWhiteSpace,lowercase: "queryval" .*removeWhiteSpace,lowercase: "firstval" .*cached.*removeWhiteSpace,lowercase: "secondval" .*cached/s, 1 ],
|
||||
@@ -163,13 +163,13 @@
|
||||
SecCacheTransformations On "minlen:1,maxlen:0,maxitems:0"
|
||||
|
||||
# This should cache it in all phases
|
||||
SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
|
||||
SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500048"
|
||||
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500049"
|
||||
SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500050"
|
||||
SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500051"
|
||||
|
||||
# This should use the cached value
|
||||
SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny"
|
||||
SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500052"
|
||||
),
|
||||
match_log => {
|
||||
debug => [ qr/Adding request argument \(BODY\): name "test", value "Foo Bar"/, 60, "Waiting for httpd to process request: "],
|
||||
|
||||
Reference in New Issue
Block a user