From 98b0a7c071bad8455ea7192582fc39e9a4754d7c Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Tue, 16 Sep 2025 15:02:31 +0200
Subject: [PATCH 1/5] Add new test cases based on initial issue

---
 .../action-ctl_rule_remove_target_by_id.json  | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
index 68f09385..3c97ecca 100644
--- a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
@@ -95,5 +95,73 @@
         "SecRule REQUEST_FILENAME \"@endsWith /wp-login.php\" \"id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=1;ARGS\"",
         "SecRule ARGS \"@contains lhebs\" \"id:1,phase:3,t:none,status:202,block,deny,tag:'CRS'\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing CtlRuleRemoveTargetById (4)",
+    "expected":{
+      "http_code": 200
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "text/xml",
+        "Referer": "This is an attack"
+      },
+      "uri":"/index.html",
+      "method":"GET",
+      "body": [ ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRule REQUEST_FILENAME \"@unconditionalMatch\" \"id:1,phase:1,pass,t:none,ctl:ruleRemoveTargetById=2;REQUEST_HEADERS:referer\"",
+        "SecRule REQUEST_HEADERS:Referer \"@contains attack\" \"id:2,phase:1,deny,t:none,log\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing CtlRuleRemoveTargetById (5)",
+    "expected":{
+      "http_code": 200
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120",
+        "Content-Type": "text/xml",
+        "referer": "This is an attack"
+      },
+      "uri":"/index.html",
+      "method":"GET",
+      "body": [ ]
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+        "SecRuleEngine On",
+        "SecRule REQUEST_FILENAME \"@unconditionalMatch\" \"id:1,phase:1,pass,t:none,ctl:ruleRemoveTargetById=2;REQUEST_HEADERS:referer\"",
+        "SecRule REQUEST_HEADERS:Referer \"@contains attack\" \"id:2,phase:1,deny,t:none,log\""
+    ]
   }
 ]

From c56da4ca9cc80e6026f0e51f7d2ea4fc6954afad Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Tue, 16 Sep 2025 15:10:51 +0200
Subject: [PATCH 2/5] Force case comparison when check previously added
 exclusion

---
 src/rule_with_operator.cc | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc
index c79199d0..2166cbd3 100644
--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@@ -166,8 +166,15 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
         if (std::find_if(trans->m_ruleRemoveTargetById.begin(),
                 trans->m_ruleRemoveTargetById.end(),
                 [&, variable, this](const auto &m) -> bool {
-                    return m.first == m_ruleId
-                        && m.second == *variable->m_fullName.get();
+                    const auto& str1 = m.second;
+                    const auto& str2 = *variable->m_fullName.get();
+                    return m.first == m_ruleId &&
+                           str1.size() == str2.size() &&
+                           std::equal(str1.begin(), str1.end(), str2.begin(),
+                                      [](char a, char b) {
+                                          return std::tolower(static_cast<unsigned char>(a)) ==
+                                                 std::tolower(static_cast<unsigned char>(b));
+                                      }); // end-of std::equal
                 }) != trans->m_ruleRemoveTargetById.end()) {
             continue;
         }

From d8bb86b3373e730ef6388820323045d0d1bd9318 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Tue, 16 Sep 2025 15:28:08 +0200
Subject: [PATCH 3/5] Eliminate compiler type mismatch warnings

---
 src/rule_with_operator.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc
index 2166cbd3..9c356b8f 100644
--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@@ -158,7 +158,7 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
     variables::Variables addition;
     getVariablesExceptions(*trans, exclusion, &addition); // cppcheck-suppress ctunullpointer
 
-    for (int i = 0; i < m_variables->size(); i++) {
+    for (std::size_t i = 0; i < m_variables->size(); i++) {
         Variable *variable = m_variables->at(i);
         if (exclusion->contains(variable)) {
             continue;

From b85988d64131ff7da189846ac465c1dfc1157e96 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Wed, 17 Sep 2025 09:17:15 +0200
Subject: [PATCH 4/5] Update
 test/test-cases/regression/action-ctl_rule_remove_target_by_id.json

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
---
 .../regression/action-ctl_rule_remove_target_by_id.json         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
index 3c97ecca..9e820bc7 100644
--- a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
@@ -99,7 +99,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing CtlRuleRemoveTargetById (4)",
+    "title":"Testing CtlRuleRemoveTargetById (4): uppercase `Referer` header",
     "expected":{
       "http_code": 200
     },

From f49b3e520c806673c4b74a69e2445bfbbdca1f61 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Wed, 17 Sep 2025 09:17:23 +0200
Subject: [PATCH 5/5] Update
 test/test-cases/regression/action-ctl_rule_remove_target_by_id.json

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
---
 .../regression/action-ctl_rule_remove_target_by_id.json         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
index 9e820bc7..fce492bb 100644
--- a/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
+++ b/test/test-cases/regression/action-ctl_rule_remove_target_by_id.json
@@ -133,7 +133,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing CtlRuleRemoveTargetById (5)",
+    "title":"Testing CtlRuleRemoveTargetById (5): lowercase `Referer` header",
     "expected":{
       "http_code": 200
     },