mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-16 07:56:12 +03:00
9bf1f6a2b3
IfDefines such as: <IfDefine MODSEC_2.5> are just compatible with Apache a solution to check if some resource is available or not have to be developed to be used in situations like that. This commit just removes the IfDefine.
188 lines
5.8 KiB
Perl
188 lines
5.8 KiB
Perl
### Transformation Caching
|
|
|
|
{
|
|
type => "misc",
|
|
comment => "tfncache (simple fully cached)",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
|
|
# We need to make this work no matter what the defaults may change to
|
|
SecCacheTransformations On "minlen:1,maxlen:0"
|
|
|
|
# This should cache it
|
|
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500037"
|
|
|
|
# This should use the cached value
|
|
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500038"
|
|
),
|
|
match_log => {
|
|
debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
|
|
-debug => [ qr/partially cached/, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^403$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Foo+Bar",
|
|
),
|
|
},
|
|
{
|
|
type => "misc",
|
|
comment => "tfncache (simple partially cached)",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
|
|
# We need to make this work no matter what the defaults may change to
|
|
SecCacheTransformations On "minlen:1,maxlen:0,incremental:off,maxitems:0"
|
|
|
|
# This should cache it
|
|
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,pass,nolog,id:500039"
|
|
|
|
# This should use the partially cached value
|
|
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500040"
|
|
),
|
|
match_log => {
|
|
debug => [ qr/removeWhiteSpace: "FooBar" .*partially cached/, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^403$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Foo+Bar",
|
|
),
|
|
},
|
|
{
|
|
type => "misc",
|
|
comment => "tfncache (separate phases)",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
|
|
# We need to make this work no matter what the defaults may change to
|
|
SecCacheTransformations On "minlen:1,maxlen:0"
|
|
|
|
# This should cache it
|
|
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500041"
|
|
|
|
# This should use the cached value
|
|
SecRule ARGS_GET:test "foobar" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500042"
|
|
),
|
|
match_log => {
|
|
-debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^403$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Foo+Bar",
|
|
),
|
|
},
|
|
{
|
|
type => "misc",
|
|
comment => "tfncache (non-modifying tfns cached)",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
|
|
# We need to make this work no matter what the defaults may change to
|
|
SecCacheTransformations On "minlen:1,maxlen:0"
|
|
|
|
# This should cache it
|
|
SecRule ARGS_GET "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500043"
|
|
|
|
# This should use the cached value
|
|
SecRule ARGS_GET:test "foobar" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500044"
|
|
),
|
|
match_log => {
|
|
debug => [ qr/removeWhiteSpace,lowercase: "foobar" .*cached/, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^403$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=foo+bar",
|
|
),
|
|
},
|
|
{
|
|
type => "misc",
|
|
comment => "tfncache (unique keys)",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
SecRequestBodyAccess On
|
|
|
|
# We need to make this work no matter what the defaults may change to
|
|
SecCacheTransformations On "minlen:1,maxlen:0"
|
|
|
|
# This should cache it
|
|
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,id:500045"
|
|
|
|
# This should see cached versions of *both* ARGS_GET
|
|
SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain,id:500046"
|
|
SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain"
|
|
SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase"
|
|
),
|
|
match_log => {
|
|
debug => [ qr/removeWhiteSpace,lowercase: "queryval" .*removeWhiteSpace,lowercase: "firstval" .*cached.*removeWhiteSpace,lowercase: "secondval" .*cached/s, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^403$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html?test=Query+Val",
|
|
[
|
|
"Content-Type" => "application/x-www-form-urlencoded",
|
|
],
|
|
# Args
|
|
"test=First+Val&test=Second+Val",
|
|
),
|
|
},
|
|
{
|
|
type => "misc",
|
|
comment => "tfncache (large cache)",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
SecRequestBodyAccess On
|
|
|
|
SecRequestBodyNoFilesLimit 1048576
|
|
SecRequestBodyInMemoryLimit 131072
|
|
SecResponseBodyLimit 1048576
|
|
|
|
# We need to make this work no matter what the defaults may change to
|
|
SecCacheTransformations On "minlen:1,maxlen:0,maxitems:0"
|
|
|
|
# This should cache it in all phases
|
|
SecRule ARGS "WillNotMatch" "phase:1,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500048"
|
|
SecRule ARGS "WillNotMatch" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500049"
|
|
SecRule ARGS "WillNotMatch" "phase:3,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500050"
|
|
SecRule ARGS "WillNotMatch" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,pass,nolog,id:500051"
|
|
|
|
# This should use the cached value
|
|
SecRule ARGS "foobar" "phase:4,t:none,t:removeWhiteSpace,t:lowercase,deny,id:500052"
|
|
),
|
|
match_log => {
|
|
debug => [ qr/Adding request argument \(BODY\): name "test", value "Foo Bar"/, 60, "Waiting for httpd to process request: "],
|
|
-error => [ qr/segmentation fault/i, 60 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^403$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
|
|
[
|
|
"Content-Type" => "application/x-www-form-urlencoded",
|
|
],
|
|
# 1000 Args
|
|
join("&", map { sprintf "arg%08d=0123456789abcdef+0123456789ABCDEF+0123456789abcdef", $_ } (1 .. 1000))."&test=Foo+Bar",
|
|
),
|
|
},
|