ModSecurity/test/test-cases/regression/action-ctl_audit_engine.json

[
  {
    "enabled": 1,
    "version_min": 300000,
    "version_max": 0,
    "title": "auditengine : Config=Off, ctl:auditEngine=on",
    "client": {
      "ip": "200.249.12.31",
      "port": 2313
    },
    "server": {
      "ip": "200.249.12.31",
      "port": 80
    },
    "request": {
      "headers": {
        "Host": "www.modsecurity.org",
        "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
        "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
        "Accept-Language": "en-us,en;q=0.5",
        "Accept-Encoding": "gzip,deflate",
        "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
        "Keep-Alive": "300",
        "Connection": "keep-alive",
        "Pragma": "no-cache",
        "Cache-Control": "no-cache"
      },
      "uri": "\/test.pl?parm1=test1&parm2=test2",
      "method": "GET",
      "http_version": 1.1,
      "body": ""
    },
    "expected": {
      "audit_log": "--A--",
      "error_log": "",
      "http_code": 200
    },
    "rules": [
      "SecRuleEngine On",
      "SecDefaultAction \"phase:2,nolog,pass\"",
      "SecAuditEngine Off",
      "SecAuditLogParts ABCFHZ",
      "SecAuditLog /tmp/modsec_test_ctl_auditengine_auditlog_1.log",
      "SecAuditLogDirMode 0766",
      "SecAuditLogFileMode 0666",
      "SecAuditLogType Serial",
      "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"",
      "SecRule ARGS \"@contains test2\" \"id:1701,phase:2,pass,nolog,ctl:auditEngine=on\""
    ]
  }
]