ModSecurity/test/test-cases/regression/secruleengine.json

[
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing Disruptive actions (1/n)",
    "expected":{
      "debug_log": " Running action: deny",
      "http_code":404
    },
    "rules":[
      "SecRuleEngine On",
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecRuleEngine On",
      "SecDefaultAction \"phase:2,deny,status:404\"",
      "SecAction \"id:'900001',phase:request,nolog,status:403,t:none\""
    ]
  },
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing Disruptive actions (2/n)",
    "expected":{
      "debug_log": "_Not_ running action: deny. Rule _does not_ contains a disruptive action, but SecRuleEngine is not On.",
      "http_code":200
    },
    "rules":[
      "SecRuleEngine On",
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecRuleEngine Off",
      "SecDefaultAction \"phase:2,deny,status:404\"",
      "SecAction \"'id:'1',phase:request,nolog,t:none\""
    ]
  },
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing Disruptive actions (3/n)",
    "expected":{
      "debug_log": "Not running disruptive action: block. SecRuleEngine is not On",
      "http_code":200
    },
    "rules":[
      "SecRuleEngine On",
      "SecDebugLog \/tmp\/modsec_debug.log",
      "SecRuleEngine DetectionOnly",
      "SecDefaultAction \"phase:2,deny,status:404\"",
      "SecAction \"id:'1',phase:request,nolog,block,t:none\""
    ]
  }
]