diff --git a/src/assay.cc b/src/assay.cc index fb6255c7..4d04a3f7 100644 --- a/src/assay.cc +++ b/src/assay.cc @@ -169,6 +169,7 @@ int Assay::processConnection(const char *client, int cPort, const char *server, debug(4, "Transaction context created (blah blah)"); debug(4, "Starting phase CONNECTION. (SecRules 0)"); + this->store_variable("REMOTE_HOST", m_serverIpAddress); this->store_variable("REMOTE_ADDR", m_clientIpAddress); this->m_rules->evaluate(ModSecurity::ConnectionPhase, this); return true; diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index 12fd7137..786153b0 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -60,7 +60,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim) -VARIABLE (?i:MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO) +VARIABLE (?i:REMOTE_HOST|MULTIPART_STRICT_ERROR|PATH_INFO|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MATCHED_VAR_NAME|MATCHED_VARS_NAMES|MATCHED_VAR|MATCHED_VARS|INBOUND_DATA_ERROR|OUTBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO) RUN_TIME_VAR_DUR (?i:DURATION) RUN_TIME_VAR_ENV (?i:ENV) RUN_TIME_VAR_BLD (?i:MODSEC_BUILD) diff --git a/test/test-cases/regression/variable-REMOTE_HOST.json b/test/test-cases/regression/variable-REMOTE_HOST.json index 3c5277b7..6145bf8a 100644 --- a/test/test-cases/regression/variable-REMOTE_HOST.json +++ b/test/test-cases/regression/variable-REMOTE_HOST.json @@ -8,7 +8,7 @@ "port":123 }, "server":{ - "ip":"200.249.12.31", + "ip":"200.249.12.11", "port":80 }, "request":{ @@ -33,7 +33,50 @@ ] }, "expected":{ - "debug_log":"key2=v\\%20a\\%20l\\%20u\\%20e\\%202\" \\(Variable: REMOTE_HOST\\)" + "debug_log":"Target value: \"200.249.12.11\" \\(Variable: REMOTE_HOST\\)" + }, + "rules":[ + "SecRuleEngine On", + "SecDebugLog \/tmp\/modsec_debug.log", + "SecDebugLogLevel 9", + "SecRule REMOTE_HOST \"@contains test \" \"phase:3,pass,t:trim\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing Variables :: REMOTE_HOST", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"::1", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"27", + "Content-Type":"application/x-www-form-urlencoded" + }, + "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", + "protocol":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "debug_log":"Target value: \"::1\" \\(Variable: REMOTE_HOST\\)" }, "rules":[ "SecRuleEngine On",