github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed: Regression tests with no ID present

Browse Source
This commit is contained in:
Breno Silva
2013-03-24 03:08:03 -04:00
parent 22b8e6cfdf
commit d93be48049
19 changed files with 356 additions and 354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
tests/regression/action/00-disruptive-actions.t
View File

@@ -9,8 +9,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,pass"
SecAction "phase:1,deny"
SecAction "phase:1,pass,id:500033"
SecAction "phase:1,deny,id:500034"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
@@ -30,8 +30,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,pass"
SecAction "phase:2,deny"
SecAction "phase:2,pass,id:500035"
SecAction "phase:2,deny,id:500036"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
@@ -53,8 +53,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:3,pass"
SecAction "phase:3,deny"
SecAction "phase:3,pass,id:500037"
SecAction "phase:3,deny,id:500038"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
@@ -76,8 +76,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:4,pass"
SecAction "phase:4,deny"
SecAction "phase:4,pass,id:500039"
SecAction "phase:4,deny,id:500040"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
@@ -99,8 +99,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,allow"
SecAction "phase:1,deny"
SecAction "phase:1,allow,id:500041"
SecAction "phase:1,deny,id:500042"
),
match_log => {
error => [ qr/ModSecurity: Access allowed \(phase 1\). Unconditional match in SecAction/, 1 ],
@@ -120,8 +120,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,allow"
SecAction "phase:2,deny"
SecAction "phase:2,allow,id:500043"
SecAction "phase:2,deny,id:500044"
),
match_log => {
error => [ qr/ModSecurity: Access allowed \(phase 2\). Unconditional match in SecAction/, 1 ],
@@ -143,8 +143,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:3,allow"
SecAction "phase:3,deny"
SecAction "phase:3,allow,id:500045"
SecAction "phase:3,deny,id:500046"
),
match_log => {
error => [ qr/ModSecurity: Access allowed \(phase 3\). Unconditional match in SecAction/, 1 ],
@@ -166,8 +166,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:4,allow"
SecAction "phase:4,deny"
SecAction "phase:4,allow,id:500047"
SecAction "phase:4,deny,id:500048"
),
match_log => {
error => [ qr/ModSecurity: Access allowed \(phase 4\). Unconditional match in SecAction/, 1 ],
@@ -189,7 +189,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,deny"
SecAction "phase:1,deny,id:500049"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 1\). Unconditional match in SecAction./, 1 ],
@@ -209,7 +209,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,deny"
SecAction "phase:2,deny,id:500050"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 2\). Unconditional match in SecAction./, 1 ],
@@ -231,7 +231,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:3,deny"
SecAction "phase:3,deny,id:500051"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 3\). Unconditional match in SecAction./, 1 ],
@@ -253,7 +253,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:4,deny"
SecAction "phase:4,deny,id:500052"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 4\). Unconditional match in SecAction./, 1 ],
@@ -275,7 +275,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,drop"
SecAction "phase:1,drop,id:500053"
),
match_log => {
error => [ qr/Access denied with connection close \(phase 1\). Unconditional match in SecAction./, 1 ],
@@ -295,7 +295,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,drop"
SecAction "phase:2,drop,id:500054"
),
match_log => {
error => [ qr/Access denied with connection close \(phase 2\). Unconditional match in SecAction./, 1 ],
@@ -317,7 +317,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:3,drop"
SecAction "phase:3,drop,id:500055"
),
match_log => {
error => [ qr/Access denied with connection close \(phase 3\). Unconditional match in SecAction./, 1 ],
@@ -339,7 +339,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:4,drop"
SecAction "phase:4,drop,id:500056"
),
match_log => {
error => [ qr/Access denied with connection close \(phase 4\). Unconditional match in SecAction./, 1 ],
@@ -361,7 +361,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500001"
),
match_log => {
error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 1\)/, 1 ],
@@ -382,7 +382,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500002"
),
match_log => {
error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 2\)/, 1 ],
@@ -405,7 +405,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500003"
),
match_log => {
error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 3\)/, 1 ],
@@ -428,7 +428,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500004"
),
match_log => {
error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 4\)/, 1 ],
@@ -451,7 +451,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500005"
),
match_log => {
error => [ qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1 ],
@@ -472,7 +472,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500006"
),
match_log => {
error => [ qr/ModSecurity: Access denied using proxy to \(phase 2\)/, 1 ],
@@ -495,7 +495,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500007"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 500 \(phase 3\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ],
@@ -517,7 +517,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',id:500008"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 500 \(phase 4\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ],

8
tests/regression/action/10-append-prepend.t
View File

@@ -9,8 +9,8 @@
SecContentInjection On
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecAction "phase:1,setvar:tx.test=test"
SecAction "phase:2,append:'APPEND: \%{tx.test}'"
SecAction "phase:1,setvar:tx.test=test,id:500002"
SecAction "phase:2,append:'APPEND: \%{tx.test}',id:500003"
),
match_log => {
debug => [ "Added content to bottom: APPEND: test", 1 ],
@@ -33,8 +33,8 @@
SecContentInjection On
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecAction "phase:1,setvar:tx.test=test"
SecAction "phase:2,prepend:'PREPEND: \%{tx.test}'"
SecAction "phase:1,setvar:tx.test=test,id:500004"
SecAction "phase:2,prepend:'PREPEND: \%{tx.test}',id:500005"
),
match_log => {
debug => [ "Added content to top: PREPEND: test", 1 ],

6
tests/regression/action/10-ctl.t
View File

@@ -7,7 +7,7 @@
conf => qq(
SecRuleEngine On
SecAction "phase:2,id:666,deny"
SecAction "phase:1,pass,ctl:ruleRemoveById=666"
SecAction "phase:1,pass,ctl:ruleRemoveById=666,id:500030"
),
match_log => {
},
@@ -23,7 +23,7 @@
comment => "ruleRemoveById future rule across phases",
conf => qq(
SecRuleEngine On
SecAction "phase:1,pass,ctl:ruleRemoveById=666"
SecAction "phase:1,pass,ctl:ruleRemoveById=666,id:500031"
SecAction "phase:2,id:666,deny"
),
match_log => {
@@ -40,7 +40,7 @@
comment => "ruleRemoveById future rule same phase",
conf => qq(
SecRuleEngine On
SecAction "phase:1,pass,ctl:ruleRemoveById=666"
SecAction "phase:1,pass,ctl:ruleRemoveById=666,id:500032"
SecAction "phase:1,id:666,deny"
),
match_log => {

64
tests/regression/action/10-detectiononly-actions.t
View File

@@ -11,8 +11,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecAction "phase:1,pass,msg:'PASSED'"
SecAction "phase:1,deny,msg:'DENIED'"
SecAction "phase:1,pass,msg:'PASSED',id:500057"
SecAction "phase:1,deny,msg:'DENIED',id:500058"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
@@ -32,8 +32,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,pass,msg:'PASSED'"
SecAction "phase:2,deny,msg:'DENIED'"
SecAction "phase:2,pass,msg:'PASSED',id:500059"
SecAction "phase:2,deny,msg:'DENIED',id:500060"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
@@ -55,8 +55,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:3,pass,msg:'PASSED'"
SecAction "phase:3,deny,msg:'DENIED'"
SecAction "phase:3,pass,msg:'PASSED',id:500061"
SecAction "phase:3,deny,msg:'DENIED',id:500062"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
@@ -78,8 +78,8 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecAction "phase:4,pass,msg:'PASSED'"
SecAction "phase:4,deny,msg:'DENIED'"
SecAction "phase:4,pass,msg:'PASSED',id:500063"
SecAction "phase:4,deny,msg:'DENIED',id:500064"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
@@ -101,8 +101,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,allow,msg:'ALLOWED'"
SecAction "phase:1,deny,msg:'DENIED'"
SecAction "phase:1,allow,msg:'ALLOWED',id:500065"
SecAction "phase:1,deny,msg:'DENIED',id:500066"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
@@ -125,8 +125,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,allow,msg:'ALLOWED'"
SecAction "phase:2,deny,msg:'DENIED'"
SecAction "phase:2,allow,msg:'ALLOWED',id:500067"
SecAction "phase:2,deny,msg:'DENIED',id:500068"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
@@ -149,8 +149,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:3,allow,msg:'ALLOWED'"
SecAction "phase:3,deny,msg:'DENIED'"
SecAction "phase:3,allow,msg:'ALLOWED',id:500069"
SecAction "phase:3,deny,msg:'DENIED',id:500070"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
@@ -173,8 +173,8 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:4,allow,msg:'ALLOWED'"
SecAction "phase:4,deny,msg:'DENIED'"
SecAction "phase:4,allow,msg:'ALLOWED',id:500071"
SecAction "phase:4,deny,msg:'DENIED',id:500072"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
@@ -199,7 +199,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,deny,msg:'DENIED'"
SecAction "phase:1,deny,msg:'DENIED',id:500073"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
@@ -220,7 +220,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,deny,msg:'DENIED'"
SecAction "phase:2,deny,msg:'DENIED',id:500074"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
@@ -241,7 +241,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:3,deny,msg:'DENIED'"
SecAction "phase:3,deny,msg:'DENIED',id:500075"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
@@ -262,7 +262,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:4,deny,msg:'DENIED'"
SecAction "phase:4,deny,msg:'DENIED',id:500076"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
@@ -285,7 +285,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:1,drop,msg:'DROPPED'"
SecAction "phase:1,drop,msg:'DROPPED',id:500077"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
@@ -306,7 +306,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:2,drop,msg:'DROPPED'"
SecAction "phase:2,drop,msg:'DROPPED',id:500078"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
@@ -327,7 +327,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:3,drop,msg:'DROPPED'"
SecAction "phase:3,drop,msg:'DROPPED',id:500079"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
@@ -348,7 +348,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecAction "phase:4,drop,msg:'DROPPED'"
SecAction "phase:4,drop,msg:'DROPPED',id:500080"
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
@@ -371,7 +371,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500009"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
@@ -393,7 +393,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500010"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
@@ -415,7 +415,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500011"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
@@ -437,7 +437,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500012"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
@@ -461,7 +461,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500013"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
@@ -483,7 +483,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500014"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
@@ -507,7 +507,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500015"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
@@ -530,7 +530,7 @@
SecResponseBodyMimeType null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 4
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500016"
),
match_log => {
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],

48
tests/regression/action/10-logging.t
View File

@@ -11,7 +11,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,log"
SecAction "phase:1,pass,log,id:500006"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -34,7 +34,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,nolog"
SecAction "phase:1,pass,nolog,id:500007"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -59,7 +59,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,log"
SecAction "phase:1,deny,status:403,log,id:500008"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -82,7 +82,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,nolog"
SecAction "phase:1,deny,status:403,nolog,id:500009"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -107,7 +107,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,auditlog"
SecAction "phase:1,pass,auditlog,id:500010"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -130,7 +130,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,noauditlog"
SecAction "phase:1,pass,noauditlog,id:500011"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -155,7 +155,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,auditlog"
SecAction "phase:1,deny,status:403,auditlog,id:500012"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -178,7 +178,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,noauditlog"
SecAction "phase:1,deny,status:403,noauditlog,id:500013"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -203,7 +203,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,log,auditlog"
SecAction "phase:1,pass,log,auditlog,id:500014"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -226,7 +226,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,log,noauditlog"
SecAction "phase:1,pass,log,noauditlog,id:500015"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -249,7 +249,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,nolog,auditlog"
SecAction "phase:1,pass,nolog,auditlog,id:500016"
),
match_log => {
audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
@@ -271,7 +271,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,nolog,noauditlog"
SecAction "phase:1,pass,nolog,noauditlog,id:500017"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -294,7 +294,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,auditlog,log"
SecAction "phase:1,pass,auditlog,log,id:500018"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -317,7 +317,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,auditlog,nolog"
SecAction "phase:1,pass,auditlog,nolog,id:500019"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -340,7 +340,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,noauditlog,log"
SecAction "phase:1,pass,noauditlog,log,id:500020"
),
match_log => {
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
@@ -363,7 +363,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,pass,noauditlog,nolog"
SecAction "phase:1,pass,noauditlog,nolog,id:500021"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -388,7 +388,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,log,auditlog"
SecAction "phase:1,deny,status:403,log,auditlog,id:500022"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -411,7 +411,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,log,noauditlog"
SecAction "phase:1,deny,status:403,log,noauditlog,id:500023"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -434,7 +434,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,nolog,auditlog"
SecAction "phase:1,deny,status:403,nolog,auditlog,id:500024"
),
match_log => {
audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
@@ -457,7 +457,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,nolog,noauditlog"
SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -480,7 +480,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,auditlog,log"
SecAction "phase:1,deny,status:403,auditlog,log,id:500026"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -503,7 +503,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,auditlog,nolog"
SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -526,7 +526,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,noauditlog,log"
SecAction "phase:1,deny,status:403,noauditlog,log,id:500028"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
@@ -549,7 +549,7 @@
SecAuditLogRelevantStatus xxx
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecAction "phase:1,deny,status:403,noauditlog,nolog"
SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],

4
tests/regression/config/10-audit-directives.t
View File

@@ -46,7 +46,7 @@
SecDebugLogLevel 9
SecResponseBodyAccess On
SecDefaultAction "phase:2,log,auditlog,pass"
SecRule REQUEST_URI "." "phase:4,deny"
SecRule REQUEST_URI "." "phase:4,deny,id:500251"
),
match_log => {
audit => [ qr/./, 1 ],
@@ -246,7 +246,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecAuditLogParts "ABCDEFGHIJKZ"
SecAction "phase:4,log,auditlog,allow"
SecAction "phase:4,log,auditlog,allow,id:500086"
),
match_log => {
audit => [ qr/-A--.*-B--.*-C--.*-F--.*-E--.*-H--.*-K--.*-Z--/s, 1 ],

20
tests/regression/config/10-debug-directives.t
View File

@@ -40,7 +40,7 @@
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 0
SecRule REQUEST_URI "." "phase:1,deny"
SecRule REQUEST_URI "." "phase:1,deny,id:500241"
),
match_log => {
-debug => [ qr/./, 1 ],
@@ -60,7 +60,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 1
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500242"
),
match_log => {
debug => [ qr/\]\[[1]\] /, 1 ],
@@ -85,7 +85,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 2
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500243"
),
match_log => {
debug => [ qr/\]\[2\] /, 1 ],
@@ -110,7 +110,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 3
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500244"
),
match_log => {
debug => [ qr/\]\[3\] /, 1 ],
@@ -135,7 +135,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500245"
),
match_log => {
debug => [ qr/\]\[4\] /, 1 ],
@@ -160,7 +160,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 5
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500246"
),
match_log => {
debug => [ qr/\]\[5\] /, 1 ],
@@ -185,7 +185,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 6
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500247"
),
match_log => {
debug => [ qr/\]\[6\] /, 1 ],
@@ -210,7 +210,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 7
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500248"
),
match_log => {
debug => [ qr/\]\[7\] /, 1 ],
@@ -235,7 +235,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 8
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500249"
),
match_log => {
debug => [ qr/\]\[8\] /, 1 ],
@@ -260,7 +260,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRuleScript "test.lua" "phase:1"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus,id:500250"
),
match_log => {
debug => [ qr/\]\[9\] /, 1 ],

4
tests/regression/config/10-misc-directives.t
View File

@@ -13,7 +13,7 @@
conf => qq(
SecRuleEngine on
SecDefaultAction "phase:1,deny,status:500"
SecRule REQUEST_URI "test.txt"
SecRule REQUEST_URI "test.txt,id:500240"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
@@ -52,7 +52,7 @@
conf => qq(
SecRuleEngine On
SecDataDir "$ENV{DATA_DIR}"
SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass
SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass,id:500085
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ],

52
tests/regression/config/10-request-directives.t
View File

@@ -7,8 +7,8 @@
conf => q(
SecRuleEngine On
SecArgumentSeparator ";"
SecRule ARGS:a "@streq 1" "phase:1,deny,chain"
SecRule ARGS:b "@streq 2"
SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500215"
SecRule ARGS:b "@streq 2,id:500216"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 1\)\. String match "2" at ARGS:b\./, 1 ],
@@ -25,8 +25,8 @@
comment => "SecArgumentSeparator (get-neg)",
conf => q(
SecRuleEngine On
SecRule ARGS:a "@streq 1" "phase:1,deny,chain"
SecRule ARGS:b "@streq 2"
SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500217"
SecRule ARGS:b "@streq 2,id:500218"
),
match_log => {
-error => [ qr/Access denied/, 1 ],
@@ -45,8 +45,8 @@
SecRuleEngine On
SecRequestBodyAccess On
SecArgumentSeparator ";"
SecRule ARGS:a "@streq 1" "phase:2,deny,chain"
SecRule ARGS:b "@streq 2"
SecRule ARGS:a "@streq 1" "phase:2,deny,chain,id:500219"
SecRule ARGS:b "@streq 2,id:500220"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
@@ -68,8 +68,8 @@
conf => q(
SecRuleEngine On
SecRequestBodyAccess On
SecRule ARGS:a "@streq 1" "phase:2,deny"
SecRule ARGS:b "@streq 2" "phase:2,deny"
SecRule ARGS:a "@streq 1" "phase:2,deny,id:500221"
SecRule ARGS:b "@streq 2" "phase:2,deny,id:500222"
),
match_log => {
-error => [ qr/Access denied/, 1 ],
@@ -93,8 +93,8 @@
conf => qq(
SecRuleEngine On
SecRequestBodyAccess On
SecRule ARGS:a "\@streq 1" "phase:2,deny,chain"
SecRule ARGS:b "\@streq 2"
SecRule ARGS:a "\@streq 1" "phase:2,deny,chain,id:500223"
SecRule ARGS:b "\@streq 2,id:500224"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
@@ -116,8 +116,8 @@
conf => qq(
SecRuleEngine On
SecRequestBodyAccess Off
SecRule ARGS:a "\@streq 1" "phase:2,deny"
SecRule ARGS:b "\@streq 2" "phase:2,deny"
SecRule ARGS:a "\@streq 1" "phase:2,deny,id:500225"
SecRule ARGS:b "\@streq 2" "phase:2,deny,id:500226"
),
match_log => {
-error => [ qr/Access denied/, 1 ],
@@ -269,8 +269,8 @@
SecRequestBodyAccess On
SecRequestBodyLimit 5
SecAction "phase:1,pass,nolog,ctl:ruleEngine=off"
SecRule REQUEST_BODY "." "phase:2,deny"
SecAction "phase:1,pass,nolog,ctl:ruleEngine=off,id:500081"
SecRule REQUEST_BODY "." "phase:2,deny,id:500227"
),
match_log => {
-error => [ qr/Request body .*is larger than the configured limit/, 1 ],
@@ -294,8 +294,8 @@
SecRequestBodyAccess On
SecRequestBodyLimit 5
SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off"
SecRule REQUEST_BODY "." "phase:2,deny"
SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off,id:500082"
SecRule REQUEST_BODY "." "phase:2,deny,id:500228"
),
match_log => {
-error => [ qr/Request body .*is larger than the configured limit/, 1 ],
@@ -319,8 +319,8 @@
SecRequestBodyAccess On
SecRequestBodyLimit 256
SecAction "phase:1,pass,nolog,ctl:ruleEngine=off"
SecRule REQUEST_BODY "." "phase:2,deny"
SecAction "phase:1,pass,nolog,ctl:ruleEngine=off,id:500083"
SecRule REQUEST_BODY "." "phase:2,deny,id:500229"
),
match_log => {
-error => [ qr/Request body .*is larger than the configured limit/, 1 ],
@@ -363,8 +363,8 @@
SecRequestBodyAccess On
SecRequestBodyLimit 256
SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off"
SecRule REQUEST_BODY "." "phase:2,deny"
SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off,id:500084"
SecRule REQUEST_BODY "." "phase:2,deny,id:500230"
),
match_log => {
-error => [ qr/Request body .*is larger than the configured limit \(256\)\./, 1 ],
@@ -499,9 +499,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 5
SecCookieFormat 1
SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain"
SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500231"
SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain,id:500232"
SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval,id:500233"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ],
@@ -526,9 +526,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 5
SecCookieFormat 0
SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain"
SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500234"
SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain,id:500235"
SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval,id:500236"
),
match_log => {
-error => [ qr/Access denied/, 1 ],

6
tests/regression/config/10-response-directives.t
View File

@@ -10,7 +10,7 @@
SecResponseBodyMimeTypesClear
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule RESPONSE_BODY "TEST" "phase:4,deny"
SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500237"
),
match_log => {
-error => [ qr/Access denied/, 1 ],
@@ -34,7 +34,7 @@
SecDebugLogLevel 9
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain null
SecRule RESPONSE_BODY "TEST" "phase:4,deny"
SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500238"
),
match_log => {
error => [ qr/Access denied with code 403 \(phase 4\)\. Pattern match "TEST" at RESPONSE_BODY\./, 1 ],
@@ -55,7 +55,7 @@
SecDebugLogLevel 9
SecResponseBodyAccess Off
SecResponseBodyMimeType text/plain null
SecRule RESPONSE_BODY "TEST" "phase:4,deny"
SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500239"
),
match_log => {
-error => [ qr/Access denied/, 1 ],

228
tests/regression/misc/00-multipart-parser.t
View File

@@ -9,9 +9,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500055"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500056"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500057"
),
match_log => {
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ],
@@ -55,9 +55,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500058"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500059"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500060"
),
match_log => {
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
@@ -97,9 +97,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500061"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500062"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500063"
),
match_log => {
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
@@ -138,9 +138,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500064"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500065"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500066"
),
match_log => {
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
@@ -181,9 +181,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500067"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500068"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500069"
),
match_log => {
debug => [ qr/Adding request argument \(BODY\): name "a", value "1".*Adding request argument \(BODY\): name "b", value "2"/s, 1 ],
@@ -223,8 +223,8 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500070"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500071"
),
match_log => {
debug => [ qr/Adding request argument \(BODY\): name "a", value "--test".*Adding request argument \(BODY\): name "b", value "--"/s, 1 ],
@@ -420,8 +420,8 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "!\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500072"
SecRule REQBODY_PROCESSOR_ERROR "!\@eq 1" "phase:2,deny,id:500073"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*Invalid part header \(header name missing\)/s, 1 ],
@@ -462,10 +462,10 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500074"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500075"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500076"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500077"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
@@ -503,10 +503,10 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500078"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500079"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500080"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500081"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
@@ -544,10 +544,10 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500082"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500083"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 0" "phase:2,deny,status:403,id:500084"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500085"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
@@ -584,10 +584,10 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500086"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500087"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500088"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500089"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
@@ -624,10 +624,10 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,status:403,id:500090"
SecRule MULTIPART_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500091"
SecRule MULTIPART_INVALID_HEADER_FOLDING "!\@eq 1" "phase:2,deny,status:403,id:500092"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,status:403,id:500093"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*name: b.*variable: 2/s, 1 ],
@@ -666,7 +666,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403"
SecRule MULTIPART_DATA_AFTER "\@eq 1" "phase:2,deny,status:403,id:500094"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*Ignoring data after last boundary/s, 1 ],
@@ -706,9 +706,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny"
SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500095"
SecRule MULTIPART_INVALID_QUOTING "!\@eq 1" "phase:2,deny,id:500096"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "chain,phase:2,deny,id:500097"
),
match_log => {
debug => [ qr/name: a.*variable: 1.*Duplicate Content-Disposition name/s, 1 ],
@@ -748,9 +748,9 @@
conf => qq(
SecRuleEngine On
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500098"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500099"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500100"
),
match_log => {
error => [ qr/Invalid boundary in C-T \(malformed\)/, 1 ],
@@ -795,9 +795,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500101"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500102"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500103"
),
match_log => {
},
@@ -842,9 +842,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500104"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500105"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500106"
),
match_log => {
error => [ qr/Invalid boundary in C-T \(case sensitivity\)/, 1 ],
@@ -889,9 +889,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500107"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500108"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500109"
),
match_log => {
error => [ qr/Invalid boundary in C-T \(parameter name\)/, 1 ],
@@ -938,9 +938,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500110"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500111"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500112"
),
match_log => {
debug => [ qr/Multiple boundary parameters in C-T/, 1 ],
@@ -985,9 +985,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500113"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500114"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500115"
),
match_log => {
debug => [ qr/Multiple boundary parameters in C-T/, 1 ],
@@ -1032,9 +1032,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500116"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500117"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500118"
),
match_log => {
},
@@ -1078,9 +1078,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500119"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500120"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500121"
),
match_log => {
debug => [ qr/boundary whitespace in C-T header/, 1 ],
@@ -1125,9 +1125,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500122"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500123"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500124"
),
match_log => {
debug => [ qr/Added file part [0-9a-h]+ to the list: name "image" file name "image.jpg" \(offset 258, length 10\).*Adding request argument \(BODY\): name "name", value "Brian Rectanus".*Adding request argument \(BODY\): name "email", value "brian.rectanus\@breach.com"/s, 1 ],
@@ -1174,9 +1174,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500125"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500126"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500127"
),
match_log => {
debug => [ qr/No boundaries found in payload/, 1 ],
@@ -1220,9 +1220,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500128"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500129"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500130"
),
match_log => {
debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ],
@@ -1269,9 +1269,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500131"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500132"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500133"
),
match_log => {
debug => [ qr/boundary was quoted/, 1 ],
@@ -1316,9 +1316,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500134"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500135"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500136"
),
match_log => {
debug => [ qr/boundary was quoted.*No boundaries found in payload/s, 1 ],
@@ -1363,9 +1363,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500137"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500138"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500139"
),
match_log => {
debug => [ qr/boundary was quoted.*No boundaries found in payload/s, 1 ],
@@ -1409,9 +1409,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500140"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500141"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500142"
),
match_log => {
debug => [ qr/boundary was quoted/s, 1 ],
@@ -1456,9 +1456,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500143"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500144"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500145"
),
match_log => {
debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ],
@@ -1502,9 +1502,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500146"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500147"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500148"
),
match_log => {
debug => [ qr/Invalid boundary in C-T \(characters\)/, 1 ],
@@ -1548,9 +1548,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500149"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500150"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500151"
),
match_log => {
debug => [ qr/Invalid boundary in C-T \(quote\)/, 1 ],
@@ -1594,9 +1594,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500152"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500153"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500154"
),
match_log => {
debug => [ qr/Invalid boundary in C-T \(quote\)/, 1 ],
@@ -1639,9 +1639,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500155"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500156"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500157"
),
match_log => {
debug => [ qr/Invalid Content-Disposition header/, 1 ],
@@ -1692,9 +1692,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRequestBodyAccess On
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "\@eq 1" "phase:2,deny,id:500158"
SecRule MULTIPART_UNMATCHED_BOUNDARY "\@eq 1" "phase:2,deny,id:500159"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500160"
),
match_log => {
debug => [ qr/Part missing Content-Disposition header/, 1 ],
@@ -1752,20 +1752,20 @@
SecUploadFileLimit 2
# These should be set
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny"
SecRule MULTIPART_FILE_LIMIT_EXCEEDED "!\@eq 1" "phase:2,deny"
SecRule MULTIPART_STRICT_ERROR "!\@eq 1" "phase:2,deny,id:500161"
SecRule MULTIPART_FILE_LIMIT_EXCEEDED "!\@eq 1" "phase:2,deny,id:500162"
# This should not be set
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny"
SecRule REQBODY_PROCESSOR_ERROR "\@eq 1" "phase:2,deny,id:500163"
# Theses should still be accurate
SecRule &FILES "!\@eq 3" "phase:2,deny"
SecRule &FILES_NAMES "!\@eq 3" "phase:2,deny"
SecRule &FILES_SIZES "!\@eq 3" "phase:2,deny"
SecRule FILES_SIZES:/^image/ "\@eq 0" "phase:2,deny"
SecRule &FILES "!\@eq 3" "phase:2,deny,id:500164"
SecRule &FILES_NAMES "!\@eq 3" "phase:2,deny,id:500165"
SecRule &FILES_SIZES "!\@eq 3" "phase:2,deny,id:500166"
SecRule FILES_SIZES:/^image/ "\@eq 0" "phase:2,deny,id:500167"
# This should be the SecUploadFileLimit
SecRule &FILES_TMPNAMES "!\@eq 2" "phase:2,deny"
SecRule &FILES_TMPNAMES "!\@eq 2" "phase:2,deny,id:500168"
),
match_log => {
debug => [ qr/Multipart: Upload file limit exceeded.*name: test.*variable: This is test data/s, 1 ],

40
tests/regression/misc/00-phases.t
View File

@@ -9,10 +9,10 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog"
SecRule ARGS "val1" "phase:1,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog"
SecRule RESPONSE_BODY "TEST" "phase:1,pass,log,auditlog"
SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog,id:500169"
SecRule ARGS "val1" "phase:1,pass,log,auditlog,id:500170"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog,id:500171"
SecRule RESPONSE_BODY "TEST" "phase:1,pass,log,auditlog,id:500172"
),
match_log => {
error => [ qr/Pattern match "\^POST" at REQUEST_LINE/, 1 ],
@@ -39,10 +39,10 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog"
SecRule ARGS "val1" "phase:2,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog"
SecRule RESPONSE_BODY "TEST" "phase:2,pass,log,auditlog"
SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog,id:500173"
SecRule ARGS "val1" "phase:2,pass,log,auditlog,id:500174"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog,id:500175"
SecRule RESPONSE_BODY "TEST" "phase:2,pass,log,auditlog,id:500176"
),
match_log => {
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS/s, 1 ],
@@ -69,10 +69,10 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog"
SecRule ARGS "val1" "phase:3,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog"
SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog"
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog,id:500177"
SecRule ARGS "val1" "phase:3,pass,log,auditlog,id:500178"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog,id:500179"
SecRule RESPONSE_BODY "TEST" "phase:3,pass,log,auditlog,id:500180"
),
match_log => {
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS/s, 1 ],
@@ -101,10 +101,10 @@
SecResponseBodyMimeType text/plain null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog"
SecRule ARGS "val1" "phase:4,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog"
SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog"
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog,id:500181"
SecRule ARGS "val1" "phase:4,pass,log,auditlog,id:500182"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog,id:500183"
SecRule RESPONSE_BODY "TEST" "phase:4,pass,log,auditlog,id:500184"
),
match_log => {
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS.*Pattern match "TEST" at RESPONSE_BODY/s, 1 ],
@@ -130,10 +130,10 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog"
SecRule ARGS "val1" "phase:5,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog"
SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog"
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog,id:500185"
SecRule ARGS "val1" "phase:5,pass,log,auditlog,id:500186"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog,id:500187"
SecRule RESPONSE_BODY "TEST" "phase:5,pass,log,auditlog,id:500188"
),
match_log => {
error => [ qr/Pattern match "\^POST" at REQUEST_LINE.*Pattern match "val1" at ARGS.*Pattern match "\." at RESPONSE_HEADERS.*Pattern match "TEST" at RESPONSE_BODY/s, 1 ],

4
tests/regression/misc/10-pcre.t
View File

@@ -17,9 +17,9 @@
SecPcreMatchLimitRecursion 100
# Poor REGEX
SecRule ARGS "(?:(.{2,})\\1{32,})" "phase:2,deny,capture,msg:'REDoS'"
SecRule ARGS "(?:(.{2,})\\1{32,})" "phase:2,deny,capture,msg:'REDoS',id:500053"
# Detect PCRE limits exceeded
SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "!\@streq 0" "phase:2,deny,msg:'ModSecurity Internal Error Flagged: %{MATCHED_VAR_NAME}'"
SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "!\@streq 0" "phase:2,deny,msg:'ModSecurity Internal Error Flagged: %{MATCHED_VAR_NAME}',id:500054"
),
match_log => {
debug => [ qr/PCRE limits exceeded/, 1 ],

34
tests/regression/misc/10-tfn-cache.t
View File

@@ -12,10 +12,10 @@
SecCacheTransformations On "minlen:1,maxlen:0"
# This should cache it
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500037"
# This should use the cached value
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny"
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500038"
),
match_log => {
debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
@@ -40,10 +40,10 @@
SecCacheTransformations On "minlen:1,maxlen:0,incremental:off,maxitems:0"
# This should cache it
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog"
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog,id:500039"
# This should use the partially cached value
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny"
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500040"
),
match_log => {
debug => [ qr/removeWhiteSpace: "FooBar" .*partially cached/, 1 ],
@@ -67,10 +67,10 @@
SecCacheTransformations On "minlen:1,maxlen:0"
# This should cache it
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500041"
# This should use the cached value
SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny"
SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500042"
),
match_log => {
-debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
@@ -94,10 +94,10 @@
SecCacheTransformations On "minlen:1,maxlen:0"
# This should cache it
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500043"
# This should use the cached value
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny"
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500044"
),
match_log => {
debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
@@ -122,12 +122,12 @@
SecCacheTransformations On "minlen:1,maxlen:0"
# This should cache it
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass"
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,id:500045"
# This should see cached versions of *both* ARGS_GET
SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain"
SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain"
SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase"
SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain,id:500046"
SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain,id:500047"
SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase,id:500017"
),
match_log => {
debug => [ qr/removeWhiteSpace,lowercase: "queryval" .*removeWhiteSpace,lowercase: "firstval" .*cached.*removeWhiteSpace,lowercase: "secondval" .*cached/s, 1 ],
@@ -163,13 +163,13 @@
SecCacheTransformations On "minlen:1,maxlen:0,maxitems:0"
# This should cache it in all phases
SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog"
SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500048"
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500049"
SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500050"
SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500051"
# This should use the cached value
SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny"
SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500052"
),
match_log => {
debug => [ qr/Adding request argument \(BODY\): name "test", value "Foo Bar"/, 60, "Waiting for httpd to process request: "],

12
tests/regression/rule/00-basics.t
View File

@@ -8,7 +8,7 @@
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4
SecAction "nolog"
SecAction "nolog,id:500001"
),
match_log => {
-error => [ qr/ModSecurity: /, 1 ],
@@ -32,7 +32,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 5
SecDefaultAction "phase:2,deny,status:403"
SecRule ARGS:test "value"
SecRule ARGS:test "value,id:500032"
),
match_log => {
error => [ qr/ModSecurity: /, 1 ],
@@ -53,7 +53,7 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 5
SecDefaultAction "phase:2,pass"
SecRule ARGS:test "value" "deny,status:403"
SecRule ARGS:test "value" "deny,status:403,id:500033"
),
match_log => {
error => [ qr/ModSecurity: /, 1 ],
@@ -74,9 +74,9 @@
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 5
SecDefaultAction "phase:2,log,noauditlog,pass,tag:foo"
SecRule ARGS:test "value" "chain,phase:2,deny,status:403"
SecRule &ARGS "\@eq 1" "chain,setenv:tx.foo=bar"
SecRule REQUEST_METHOD "\@streq GET"
SecRule ARGS:test "value" "chain,phase:2,deny,status:403,id:500034"
SecRule &ARGS "\@eq 1" "chain,setenv:tx.foo=bar,id:500035"
SecRule REQUEST_METHOD "\@streq GET,id:500036"
),
match_log => {
error => [ qr/ModSecurity: /, 1 ],

54
tests/regression/rule/10-xml.t
View File

@@ -10,10 +10,10 @@
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500005
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500006
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500007
"phase:2,deny,id:12345"
),
match_log => {
@@ -59,10 +59,10 @@
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500008
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500009
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500010
"phase:2,deny,log,auditlog,id:12345"
),
match_log => {
@@ -108,10 +108,10 @@
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500011
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500012
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500013
"phase:2,deny,id:12345"
),
match_log => {
@@ -158,10 +158,10 @@
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500014
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500015
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope.xsd" \\,id:500016
"phase:2,deny,id:12345"
),
match_log => {
@@ -208,10 +208,10 @@
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLog "$ENV{AUDIT_LOG}"
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500017
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope-bad.xsd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500018
SecRule XML "\@validateSchema $ENV{CONF_DIR}/SoapEnvelope-bad.xsd" \\,id:500019
"phase:2,deny,id:12345"
),
match_log => {
@@ -256,10 +256,10 @@
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500020
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500021
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\,id:500022
"phase:2,deny,id:12345"
),
match_log => {
@@ -299,10 +299,10 @@
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500023
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500024
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\,id:500025
"phase:2,deny,id:12345"
),
match_log => {
@@ -342,10 +342,10 @@
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500026
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500027
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope.dtd" \\,id:500028
"phase:2,deny,id:12345"
),
match_log => {
@@ -385,10 +385,10 @@
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" \\,id:500029
"phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" \\
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500030
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" \\,id:500031
"phase:2,deny,id:12345"
),
match_log => {

8
tests/regression/rule/20-exceptions.t
View File

@@ -109,7 +109,7 @@
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule'"
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',id:500001"
SecRuleRemoveByMsg "testing rule"
),
match_log => {
@@ -134,7 +134,7 @@
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule'"
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',id:500002"
SecRuleUpdateActionById 1 "pass,nolog"
),
match_log => {
@@ -157,8 +157,8 @@
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',chain"
SecRule ARGS "bar"
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule',chain,id:500003"
SecRule ARGS "bar,id:500004"
SecRuleUpdateActionById 1 "pass,nolog"
),
match_log => {

52
tests/regression/target/00-targets.t
View File

@@ -11,8 +11,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS "val1" "phase:2,log,pass"
SecRule ARGS "val2" "phase:2,log,pass"
SecRule ARGS "val1" "phase:2,log,pass,id:500189"
SecRule ARGS "val2" "phase:2,log,pass,id:500190"
),
match_log => {
error => [ qr/Pattern match "val1" at ARGS.*Pattern match "val2" at ARGS/s, 1 ],
@@ -35,8 +35,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS "val1" "phase:2,log,pass"
SecRule ARGS "val2" "phase:2,log,pass"
SecRule ARGS "val1" "phase:2,log,pass,id:500191"
SecRule ARGS "val2" "phase:2,log,pass,id:500192"
),
match_log => {
error => [ qr/Pattern match "val1" at ARGS.*Pattern match "val2" at ARGS/s, 1 ],
@@ -63,7 +63,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass"
SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass,id:500193"
),
match_log => {
error => [ qr/Operator EQ matched 16 at ARGS_COMBINED_SIZE\./s, 1 ],
@@ -83,7 +83,7 @@
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType null
SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass"
SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass,id:500194"
),
match_log => {
error => [ qr/Operator EQ matched 16 at ARGS_COMBINED_SIZE\./s, 1 ],
@@ -111,8 +111,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_NAMES "arg1" "phase:2,log,pass"
SecRule ARGS_NAMES "arg2" "phase:2,log,pass"
SecRule ARGS_NAMES "arg1" "phase:2,log,pass,id:500195"
SecRule ARGS_NAMES "arg2" "phase:2,log,pass,id:500196"
),
match_log => {
error => [ qr/Pattern match "arg1" at ARGS.*Pattern match "arg2" at ARGS/s, 1 ],
@@ -135,8 +135,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_NAMES "arg1" "phase:2,log,pass"
SecRule ARGS_NAMES "arg2" "phase:2,log,pass"
SecRule ARGS_NAMES "arg1" "phase:2,log,pass,id:500197"
SecRule ARGS_NAMES "arg2" "phase:2,log,pass,id:500198"
),
match_log => {
error => [ qr/Pattern match "arg1" at ARGS_NAMES.*Pattern match "arg2" at ARGS_NAMES/s, 1 ],
@@ -165,8 +165,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_GET "val1" "phase:2,log,pass"
SecRule ARGS_GET "val2" "phase:2,log,pass"
SecRule ARGS_GET "val1" "phase:2,log,pass,id:500199"
SecRule ARGS_GET "val2" "phase:2,log,pass,id:500200"
),
match_log => {
error => [ qr/Pattern match "val1" at ARGS_GET.*Pattern match "val2" at ARGS_GET/s, 1 ],
@@ -189,8 +189,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_GET "val1" "phase:2,log,pass"
SecRule ARGS_GET "val2" "phase:2,log,pass"
SecRule ARGS_GET "val1" "phase:2,log,pass,id:500201"
SecRule ARGS_GET "val2" "phase:2,log,pass,id:500202"
),
match_log => {
-error => [ qr/Pattern match/, 1 ],
@@ -219,8 +219,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass"
SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass"
SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass,id:500203"
SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass,id:500204"
),
match_log => {
error => [ qr/Pattern match "arg1" at ARGS_GET.*Pattern match "arg2" at ARGS_GET/s, 1 ],
@@ -243,8 +243,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass"
SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass"
SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass,id:500205"
SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass,id:500206"
),
match_log => {
-error => [ qr/Pattern match/, 1 ],
@@ -273,8 +273,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_POST "val1" "phase:2,log,pass"
SecRule ARGS_POST "val2" "phase:2,log,pass"
SecRule ARGS_POST "val1" "phase:2,log,pass,id:500207"
SecRule ARGS_POST "val2" "phase:2,log,pass,id:500208"
),
match_log => {
-error => [ qr/Pattern match/, 1 ],
@@ -297,8 +297,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_POST "val1" "phase:2,log,pass"
SecRule ARGS_POST "val2" "phase:2,log,pass"
SecRule ARGS_POST "val1" "phase:2,log,pass,id:500209"
SecRule ARGS_POST "val2" "phase:2,log,pass,id:500210"
),
match_log => {
error => [ qr/Pattern match "val1" at ARGS_POST.*Pattern match "val2" at ARGS_POST/s, 1 ],
@@ -327,8 +327,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass"
SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass"
SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass,id:500211"
SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass,id:500212"
),
match_log => {
-error => [ qr/Pattern match/, 1 ],
@@ -351,8 +351,8 @@
SecResponseBodyMimeType null
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass"
SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass"
SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass,id:500213"
SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass,id:500214"
),
match_log => {
error => [ qr/Pattern match "arg1" at ARGS_POST.*Pattern match "arg2" at ARGS_POST/s, 1 ],

2
tests/run-regression-tests.pl.in
View File

@@ -582,6 +582,7 @@ sub httpd_start {
if (defined $out and $out ne "") {
vrb(join(" ", map { quote_shell($_) } @p));
msg("Httpd start failed with error messages:\n$out");
httpd_stop();
return -1
}
@@ -590,6 +591,7 @@ sub httpd_start {
vrb(join(" ", map { quote_shell($_) } @p));
vrb(match_log("error", qr/(^.*ModSecurity: .*)/sm, 10));
msg("Httpd server failed to start.");
httpd_stop();
return -1;
}