Redo build system to properly use autotools and avoid compilation with apxs util.

2025-09-29 11:16:33 +03:00 · 2010-04-25 23:24:09 +00:00
parent 972e46825c
commit eb6b9274af
148 changed files with 49047 additions and 7149 deletions
--- a/tests/regression/action/00-disruptive-actions.t
+++ b/tests/regression/action/00-disruptive-actions.t
@@ -0,0 +1,531 @@
+### Tests all of the actions in each phase
+
+# Pass
+{
+	type => "action",
+	comment => "pass in phase:1",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,pass"
+		SecAction "phase:1,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "pass in phase:2",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,pass"
+		SecAction "phase:2,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "pass in phase:3",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:3,pass"
+		SecAction "phase:3,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "pass in phase:4",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:4,pass"
+		SecAction "phase:4,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Allow
+{
+	type => "action",
+	comment => "allow in phase:1",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,allow"
+		SecAction "phase:1,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access allowed \(phase 1\). Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "allow in phase:2",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,allow"
+		SecAction "phase:2,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access allowed \(phase 2\). Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "allow in phase:3",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:3,allow"
+		SecAction "phase:3,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access allowed \(phase 3\). Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "allow in phase:4",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:4,allow"
+		SecAction "phase:4,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access allowed \(phase 4\). Unconditional match in SecAction/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Deny
+{
+	type => "action",
+	comment => "deny in phase:1",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,deny"
+	),
+	match_log => {
+		error => [ qr/Access denied with code 403 \(phase 1\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "deny in phase:2",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,deny"
+	),
+	match_log => {
+		error => [ qr/Access denied with code 403 \(phase 2\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "deny in phase:3",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:3,deny"
+	),
+	match_log => {
+		error => [ qr/Access denied with code 403 \(phase 3\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "deny in phase:4",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:4,deny"
+	),
+	match_log => {
+		error => [ qr/Access denied with code 403 \(phase 4\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Drop
+{
+	type => "action",
+	comment => "drop in phase:1",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,drop"
+	),
+	match_log => {
+		error => [ qr/Access denied with connection close \(phase 1\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^500$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "drop in phase:2",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,drop"
+	),
+	match_log => {
+		error => [ qr/Access denied with connection close \(phase 2\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^500$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "drop in phase:3",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:3,drop"
+	),
+	match_log => {
+		error => [ qr/Access denied with connection close \(phase 3\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^500$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "drop in phase:4",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:4,drop"
+	),
+	match_log => {
+		error => [ qr/Access denied with connection close \(phase 4\). Unconditional match in SecAction./, 1 ],
+	},
+	match_response => {
+		status => qr/^500$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Redirect
+{
+	type => "action",
+	comment => "redirect in phase:1 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 1\)/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "redirect in phase:2 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 2\)/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "redirect in phase:3 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 3\)/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "redirect in phase:4 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with redirection to .* using status 302 \(phase 4\)/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+
+# Proxy
+{
+	type => "action",
+	comment => "proxy in phase:1 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied using proxy to \(phase 1\)/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "proxy in phase:2 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied using proxy to \(phase 2\)/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "proxy in phase:3 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 500 \(phase 3\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ],
+	},
+	match_response => {
+		status => qr/^500$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "proxy in phase:4 (get)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 500 \(phase 4\) \(Configuration Error: Proxy action requested but it does not work in output phases\)./, 1 ],
+	},
+	match_response => {
+		status => qr/^500$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
--- a/tests/regression/action/00-meta.t
+++ b/tests/regression/action/00-meta.t
@@ -0,0 +1,8 @@
+### Test meta actions
+
+# TODO: id
+# TODO: logdata
+# TODO: msg
+# TODO: rev
+# TODO: severity
+# TODO: tag
--- a/tests/regression/action/00-misc.t
+++ b/tests/regression/action/00-misc.t
@@ -0,0 +1,22 @@
+### Test misc actions
+
+# TODO: block
+# TODO: capture
+# TODO: chain
+# TODO: deprecatevar
+# TODO: exec
+# TODO: expirevar
+# TODO: initcol
+# TODO: multiMatch
+# TODO: pause
+# TODO: sanitiseArg
+# TODO: sanitiseMatched
+# TODO: sanitiseRequestHeader
+# TODO: sanitiseResponseHeader
+# TODO: setuid
+# TODO: setsid
+# TODO: setenv
+# TODO: setvar
+# TODO: skip
+# TODO: skipAfter
+# TODO: xmlns
--- a/tests/regression/action/00-transformations.t
+++ b/tests/regression/action/00-transformations.t
@@ -0,0 +1,8 @@
+### Transformation tests
+
+# NOTE: individual tests done in unit tests
+
+# TODO: t:none to override default
+# TODO: t:none inline
+# TODO: combined
+# TODO: caching
--- a/tests/regression/action/10-append-prepend.t
+++ b/tests/regression/action/10-append-prepend.t
@@ -0,0 +1,49 @@
+# TODO: Need more tests here
+
+### append
+{
+	type => "action",
+	comment => "append content",
+	conf => qq(
+		SecRuleEngine On
+        SecContentInjection On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+		SecAction "phase:1,setvar:tx.test=test"
+		SecAction "phase:2,append:'APPEND: \%{tx.test}'"
+	),
+	match_log => {
+        debug => [ "Added content to bottom: APPEND: test", 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/APPEND: test$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+### prepend
+{
+	type => "action",
+	comment => "prepend content",
+	conf => qq(
+		SecRuleEngine On
+        SecContentInjection On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+		SecAction "phase:1,setvar:tx.test=test"
+		SecAction "phase:2,prepend:'PREPEND: \%{tx.test}'"
+	),
+	match_log => {
+        debug => [ "Added content to top: PREPEND: test", 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^PREPEND: test/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
--- a/tests/regression/action/10-ctl.t
+++ b/tests/regression/action/10-ctl.t
@@ -0,0 +1,56 @@
+### ctl
+
+### ruleRemoveById
+{
+	type => "action",
+	comment => "ruleRemoveById existing rule across phases",
+	conf => qq(
+		SecRuleEngine On
+		SecAction "phase:2,id:666,deny"
+		SecAction "phase:1,pass,ctl:ruleRemoveById=666"
+	),
+	match_log => {
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "ruleRemoveById future rule across phases",
+	conf => qq(
+		SecRuleEngine On
+		SecAction "phase:1,pass,ctl:ruleRemoveById=666"
+		SecAction "phase:2,id:666,deny"
+	),
+	match_log => {
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "ruleRemoveById future rule same phase",
+	conf => qq(
+		SecRuleEngine On
+		SecAction "phase:1,pass,ctl:ruleRemoveById=666"
+		SecAction "phase:1,id:666,deny"
+	),
+	match_log => {
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+
--- a/tests/regression/action/10-detectiononly-actions.t
+++ b/tests/regression/action/10-detectiononly-actions.t
@@ -0,0 +1,545 @@
+### Tests all of the actions in each phase in detection only mode
+
+# Pass
+{
+	type => "action",
+	comment => "pass in phase:1",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+		SecAction "phase:1,pass,msg:'PASSED'"
+		SecAction "phase:1,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "pass in phase:2",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,pass,msg:'PASSED'"
+		SecAction "phase:2,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "pass in phase:3",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:3,pass,msg:'PASSED'"
+		SecAction "phase:3,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "pass in phase:4",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecAction "phase:4,pass,msg:'PASSED'"
+		SecAction "phase:4,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Allow
+{
+	type => "action",
+	comment => "allow in phase:1",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,allow,msg:'ALLOWED'"
+		SecAction "phase:1,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
+		-error => [ qr/Access allowed/, 1 ],
+# TODO: Allow should probably stop rule execution
+#		-error => [ qr/DENIED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "allow in phase:2",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,allow,msg:'ALLOWED'"
+		SecAction "phase:2,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
+		-error => [ qr/Access allowed/, 1 ],
+# TODO: Allow should probably stop rule execution
+#		-error => [ qr/DENIED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "allow in phase:3",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:3,allow,msg:'ALLOWED'"
+		SecAction "phase:3,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
+		-error => [ qr/Access allowed/, 1 ],
+# TODO: Allow should probably stop rule execution
+#		-error => [ qr/DENIED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "allow in phase:4",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:4,allow,msg:'ALLOWED'"
+		SecAction "phase:4,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
+		-error => [ qr/Access allowed/, 1 ],
+# TODO: Allow should probably stop rule execution
+#		-error => [ qr/DENIED/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Deny
+{
+	type => "action",
+	comment => "deny in phase:1",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "deny in phase:2",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "deny in phase:3",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:3,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "deny in phase:4",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:4,deny,msg:'DENIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Drop
+{
+	type => "action",
+	comment => "drop in phase:1",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:1,drop,msg:'DROPPED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "drop in phase:2",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:2,drop,msg:'DROPPED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "drop in phase:3",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:3,drop,msg:'DROPPED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "drop in phase:4",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecAction "phase:4,drop,msg:'DROPPED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# Redirect
+{
+	type => "action",
+	comment => "redirect in phase:1 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST 2$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "redirect in phase:2 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST 2$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "redirect in phase:3 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST 2$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "redirect in phase:4 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST 2$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+
+# Proxy
+{
+	type => "action",
+	comment => "proxy in phase:1 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST 2$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "proxy in phase:2 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+		content => qr/^TEST 2$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "proxy in phase:3 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
+{
+	type => "action",
+	comment => "proxy in phase:4 (get)",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecResponseBodyMimeType null
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 4
+		SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
+		-error => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
+	),
+},
--- a/tests/regression/action/10-logging.t
+++ b/tests/regression/action/10-logging.t
@@ -0,0 +1,564 @@
+### Logging tests
+
+# log/nolog (pass)
+{
+	type => "action",
+	comment => "log (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,log"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "nolog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# log/nolog (deny)
+{
+	type => "action",
+	comment => "log (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,log"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "nolog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# auditlog/noauditlog (pass)
+{
+	type => "action",
+	comment => "auditlog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,auditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "noauditlog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,noauditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# auditlog/noauditlog (deny)
+{
+	type => "action",
+	comment => "auditlog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,auditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "noauditlog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,noauditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# All log/nolog auditlog/noauditlog combos (pass)
+{
+	type => "action",
+	comment => "log,auditlog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,log,auditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "log,noauditlog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,log,noauditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "nolog,auditlog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,nolog,auditlog"
+	),
+	match_log => {
+		audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "nolog,noauditlog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,nolog,noauditlog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "auditlog,log (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,auditlog,log"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "auditlog,nolog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,auditlog,nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "noauditlog,log (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,noauditlog,log"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "noauditlog,nolog (pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,pass,noauditlog,nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# All log/nolog auditlog/noauditlog combos (deny)
+{
+	type => "action",
+	comment => "log,auditlog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,log,auditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "log,noauditlog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,log,noauditlog"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "nolog,auditlog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,nolog,auditlog"
+	),
+	match_log => {
+		audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
+	},
+	match_response => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "nolog,noauditlog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,nolog,noauditlog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "auditlog,log (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,auditlog,log"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "auditlog,nolog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,auditlog,nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "noauditlog,log (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,noauditlog,log"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "action",
+	comment => "noauditlog,nolog (deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog "$ENV{DEBUG_LOG}"
+		SecDebugLogLevel 9
+        SecAuditLogRelevantStatus xxx
+		SecAuditEngine RelevantOnly
+		SecAuditLog "$ENV{AUDIT_LOG}"
+		SecAction "phase:1,deny,status:403,noauditlog,nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},