### Tests all of the actions in each phase in detection only mode # Pass { type => "action", comment => "pass in phase:1", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAction "phase:1,pass,msg:'PASSED',id:500057" SecAction "phase:1,deny,msg:'DENIED',id:500058" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "pass in phase:2", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:2,pass,msg:'PASSED',id:500059" SecAction "phase:2,deny,msg:'DENIED',id:500060" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "pass in phase:3", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 SecAction "phase:3,pass,msg:'PASSED',id:500061" SecAction "phase:3,deny,msg:'DENIED',id:500062" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "pass in phase:4", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 SecAction "phase:4,pass,msg:'PASSED',id:500063" SecAction "phase:4,deny,msg:'DENIED',id:500064" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # Allow { type => "action", comment => "allow in phase:1", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:1,allow,msg:'ALLOWED',id:500065" SecAction "phase:1,deny,msg:'DENIED',id:500066" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], -error => [ qr/Access allowed/, 1 ], # TODO: Allow should probably stop rule execution # -error => [ qr/DENIED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "allow in phase:2", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:2,allow,msg:'ALLOWED',id:500067" SecAction "phase:2,deny,msg:'DENIED',id:500068" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], -error => [ qr/Access allowed/, 1 ], # TODO: Allow should probably stop rule execution # -error => [ qr/DENIED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "allow in phase:3", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:3,allow,msg:'ALLOWED',id:500069" SecAction "phase:3,deny,msg:'DENIED',id:500070" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], -error => [ qr/Access allowed/, 1 ], # TODO: Allow should probably stop rule execution # -error => [ qr/DENIED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "allow in phase:4", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:4,allow,msg:'ALLOWED',id:500071" SecAction "phase:4,deny,msg:'DENIED',id:500072" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ], -error => [ qr/Access allowed/, 1 ], # TODO: Allow should probably stop rule execution # -error => [ qr/DENIED/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # Deny { type => "action", comment => "deny in phase:1", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:1,deny,msg:'DENIED',id:500073" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "deny in phase:2", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:2,deny,msg:'DENIED',id:500074" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "deny in phase:3", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:3,deny,msg:'DENIED',id:500075" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "deny in phase:4", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:4,deny,msg:'DENIED',id:500076" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # Drop { type => "action", comment => "drop in phase:1", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:1,drop,msg:'DROPPED',id:500077" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "drop in phase:2", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:2,drop,msg:'DROPPED',id:500078" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "drop in phase:3", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:3,drop,msg:'DROPPED',id:500079" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "drop in phase:4", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecAction "phase:4,drop,msg:'DROPPED',id:500080" ), match_log => { error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # Redirect { type => "action", comment => "redirect in phase:1 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500009" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, content => qr/^TEST 2$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, { type => "action", comment => "redirect in phase:2 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500010" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, content => qr/^TEST 2$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, { type => "action", comment => "redirect in phase:3 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500011" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, content => qr/^TEST 2$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, { type => "action", comment => "redirect in phase:4 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED',id:500012" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, content => qr/^TEST 2$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, # Proxy { type => "action", comment => "proxy in phase:1 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500013" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, content => qr/^TEST 2$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, { type => "action", comment => "proxy in phase:2 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500014" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, content => qr/^TEST 2$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, { type => "action", comment => "proxy in phase:3 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500015" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), }, { type => "action", comment => "proxy in phase:4 (get)", conf => qq( SecRuleEngine DetectionOnly SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType null SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 4 SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED',id:500016" ), match_log => { error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ], -error => [ qr/Access denied/, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt", ), },