mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 13:56:01 +03:00
There is a memory leak in the variable resolution that should be contained by an internal change in the way that the variables are resolved.
37 lines
1.3 KiB
JSON
37 lines
1.3 KiB
JSON
[
|
|
{
|
|
"enabled":1,
|
|
"version_min":300000,
|
|
"title":"Testing initcol action",
|
|
"expected":{
|
|
"debug_log": "Saving variable: IP:auth_attempt with value: "
|
|
},
|
|
"client":{
|
|
"ip":"200.249.12.31",
|
|
"port":123
|
|
},
|
|
"request":{
|
|
"headers":{
|
|
"Host":"localhost",
|
|
"User-Agent":"curl/7.38.0",
|
|
"Accept":"*/*",
|
|
"User-Agent":"My sweet little browser"
|
|
},
|
|
"uri":"/?key=value&key=other_value",
|
|
"method":"GET"
|
|
},
|
|
"server":{
|
|
"ip":"200.249.12.31",
|
|
"port":80
|
|
},
|
|
"rules":[
|
|
"SecRuleEngine On",
|
|
"SecDebugLog \/tmp\/modsec_debug.log",
|
|
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var},nolog,pass\"",
|
|
"SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,pass\"",
|
|
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900019',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass\"",
|
|
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900020',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass\"",
|
|
"SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900022',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass\""
|
|
]
|
|
}
|
|
] |