### Logging tests # log/nolog (pass) { type => "action", comment => "log (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,log,id:500006" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "nolog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,nolog,id:500007" ), match_log => { -error => [ qr/500007/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # log/nolog (deny) { type => "action", comment => "log (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,log,id:500008" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "nolog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,nolog,id:500009" ), match_log => { -error => [ qr/500009/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # auditlog/noauditlog (pass) { type => "action", comment => "auditlog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,auditlog,id:500010" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "noauditlog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,noauditlog,id:500011" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # auditlog/noauditlog (deny) { type => "action", comment => "auditlog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,auditlog,id:500012" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "noauditlog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,noauditlog,id:500013" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # All log/nolog auditlog/noauditlog combos (pass) { type => "action", comment => "log,auditlog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,log,auditlog,id:500014" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "log,noauditlog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,log,noauditlog,id:500015" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "nolog,auditlog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,nolog,auditlog,id:500016" ), match_log => { audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "nolog,noauditlog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,nolog,noauditlog,id:500017" ), match_log => { -error => [ qr/500017/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "auditlog,log (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,auditlog,log,id:500018" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "auditlog,nolog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,auditlog,nolog,id:500019" ), match_log => { -error => [ qr/500019/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "noauditlog,log (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,noauditlog,log,id:500020" ), match_log => { error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "noauditlog,nolog (pass)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,pass,noauditlog,nolog,id:500021" ), match_log => { -error => [ qr/500021/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^200$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, # All log/nolog auditlog/noauditlog combos (deny) { type => "action", comment => "log,auditlog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,log,auditlog,id:500022" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "log,noauditlog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,log,noauditlog,id:500023" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "nolog,auditlog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,nolog,auditlog,id:500024" ), match_log => { audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ], }, match_response => { -error => [ qr/ModSecurity: /, 1 ], status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "nolog,noauditlog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025" ), match_log => { -error => [ qr/500025/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "auditlog,log (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,auditlog,log,id:500026" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "auditlog,nolog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027" ), match_log => { -error => [ qr/500027/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "noauditlog,log (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,noauditlog,log,id:500028" ), match_log => { error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), }, { type => "action", comment => "noauditlog,nolog (deny)", conf => qq( SecRuleEngine On SecDebugLog "$ENV{DEBUG_LOG}" SecDebugLogLevel 9 SecAuditLogRelevantStatus xxx SecAuditEngine RelevantOnly SecAuditLog "$ENV{AUDIT_LOG}" SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029" ), match_log => { -error => [ qr/500029/, 1 ], -audit => [ qr/./, 1 ], }, match_response => { status => qr/^403$/, }, request => new HTTP::Request( GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", ), },