[ { "enabled":1, "version_min":300000, "title":"Testing Operator :: @rx", "client":{ "ip":"200.249.12.31", "port":123 }, "server":{ "ip":"200.249.12.31", "port":80 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Content-Length": "27", "Content-Type": "application/x-www-form-urlencoded" }, "uri":"/", "method":"POST", "body": [ "param1=value1¶m2=value2" ] }, "response":{ "headers":{ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", "Content-Type":"text/html" }, "body":[ "no need." ] }, "expected":{ "debug_log":"Executing operator \"Rx" }, "rules":[ "SecRuleEngine On", "SecRule ARGS \"@rx (value1)\" \"id:1,phase:2,pass,t:trim\"" ] }, { "enabled":1, "version_min":300000, "title":"Testing Operator :: @rx in implicit form with negation ('!')", "client":{ "ip":"200.249.12.31", "port":123 }, "server":{ "ip":"200.249.12.31", "port":80 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Content-Length": "27", "Content-Type": "application/x-www-form-urlencoded" }, "uri":"/", "method":"HEAD", "body": [ ] }, "response":{ "headers":{ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", "Content-Type":"text/html" }, "body":[ "no need." ] }, "expected":{ "debug_log":"Executing operator \"Rx\" with param \"\\^0\\$\"", "error_log":"Matched \"Operator `Rx' with parameter `\\^0\\$'" }, "rules":[ "SecRuleEngine On", "SecRule REQUEST_HEADERS:Content-Length \"!^0$\" \"id:1,phase:2,pass,t:trim,block\"" ] }, { "enabled":1, "version_min":300000, "title":"Testing Operator :: @rx with non-compiling pattern", "client":{ "ip":"200.249.12.31", "port":123 }, "server":{ "ip":"200.249.12.31", "port":80 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Content-Length": "27", "Content-Type": "application/x-www-form-urlencoded" }, "uri":"/", "method":"HEAD", "body": [ ] }, "response":{ "headers":{ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", "Content-Type":"text/html" }, "body":[ "no need." ] }, "expected":{ "debug_log":"Error with regular expression" }, "rules":[ "SecRuleEngine On", "SecRule REQUEST_HEADERS:Content-Type \"@rx a(b\" \"id:1,phase:2,pass,t:trim,block\"" ] }, { "enabled":1, "version_min":300000, "title":"Testing Operator :: @rx with PCRE error", "client":{ "ip":"200.249.12.31", "port":123 }, "server":{ "ip":"200.249.12.31", "port":80 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Content-Length": "27", "Content-Type": "application/x-www-form-urlencoded" }, "uri":"/?rxtest=wwwwwwwwwwwwwwwwwwwwwowwwwwwwwwww", "method":"HEAD", "body": [ ] }, "response":{ "headers":{ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", "Content-Type":"text/html" }, "body":[ "no need." ] }, "expected":{ "debug_log":"rx: regex error 'MATCH_LIMIT' for pattern", "error_log":"Matched \"Operator `StrEq' with parameter `1' against variable `MSC_PCRE_ERROR'" }, "rules":[ "SecRuleEngine On", "SecPcreMatchLimit 2", "SecRule ARGS:rxtest \"@rx (w+)+$\" \"id:1,phase:1,pass,t:trim,block\"", "SecRule MSC_PCRE_ERROR \"@streq 1\" \"id:2,phase:1,pass,t:trim,block\"" ] }, { "enabled":1, "version_min":300000, "title":"Testing Operator :: @rx with PCRE match limits exceeded", "client":{ "ip":"200.249.12.31", "port":123 }, "server":{ "ip":"200.249.12.31", "port":80 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Content-Length": "27", "Content-Type": "application/x-www-form-urlencoded" }, "uri":"/?rxtest=wwwwwwwwwwwwwwwwwwwwwowwwwwwwwwww", "method":"HEAD", "body": [ ] }, "response":{ "headers":{ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", "Content-Type":"text/html" }, "body":[ "no need." ] }, "expected":{ "debug_log":"rx: regex error 'MATCH_LIMIT' for pattern", "error_log":"Matched \"Operator `StrEq' with parameter `1' against variable `MSC_PCRE_LIMITS_EXCEEDED'" }, "rules":[ "SecRuleEngine On", "SecPcreMatchLimit 2", "SecRule ARGS:rxtest \"@rx (w+)+$\" \"id:1,phase:1,pass,t:trim,block\"", "SecRule MSC_PCRE_LIMITS_EXCEEDED \"@streq 1\" \"id:2,phase:1,pass,t:trim,block\"" ] }, { "enabled":1, "version_min":300000, "title":"Testing Operator :: @rx with PCRE match limits exceeded", "client":{ "ip":"200.249.12.31", "port":123 }, "server":{ "ip":"200.249.12.31", "port":80 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Content-Length": "27", "Content-Type": "application/x-www-form-urlencoded" }, "uri":"/?rxtest=wwwwwwwwwwwwwwwwwwwwwowwwwwwwwwww", "method":"HEAD", "body": [ ] }, "response":{ "headers":{ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", "Content-Type":"text/html" }, "body":[ "no need." ] }, "expected":{ "debug_log":"rx: regex error 'MATCH_LIMIT' for pattern", "error_log":"Matched \"Operator `StrEq' with parameter `1' against variable `TX:MSC_PCRE_LIMITS_EXCEEDED'" }, "rules":[ "SecRuleEngine On", "SecPcreMatchLimit 2", "SecRule ARGS:rxtest \"@rx (w+)+$\" \"id:1,phase:1,pass,t:trim,block\"", "SecRule TX:MSC_PCRE_LIMITS_EXCEEDED \"@streq 1\" \"id:2,phase:1,pass,t:trim,block\"" ] } ]