ModSecurity/test/test-cases/regression/secargumentslimit.json

[
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing SecArgumentLimit not over limit (1/1)",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{
      "ip":"200.249.12.31",
      "port":80
    },
    "request":{
      "headers":{
        "Host":"localhost",
        "User-Agent":"curl/7.38.0",
        "Content-Type":"application/json"
      },
      "uri":"/?foo=bar",
      "method":"POST",
      "body": [
        "{",
        "       \"k1\":\"v1\",",
        "       \"k2\":\"v2\",",
        "       \"k3\":\"v3\",",
        "       \"k4\":\"v4\",",
        "       \"k5\":\"v5\"",
        "}"
      ]
    },
    "expected":{
      "debug_log": " Running action deny",
      "http_code":403
    },
    "rules":[
      "SecRuleEngine On",
      "SecArgumentsLimit 6",
      "SecRule REQUEST_HEADERS:Content-Type \"^application/json\" \"id:'200001',phase:1,t:none,pass,nolog,ctl:requestBodyProcessor=JSON\"",
      "SecRule REQBODY_ERROR \"!@eq 0\" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}'\"",
      "SecRule ARGS:/k5/ \"@rx v5\" \"id:'1234',phase:2,deny,status:403,t:none,log,auditlog\""
    ]
  },
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing SecArgumentLimit over limit (2/2)",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{
      "ip":"200.249.12.31",
      "port":80
    },
    "request":{
      "headers":{
        "Host":"localhost",
        "User-Agent":"curl/7.38.0",
        "Content-Type":"application/json"
      },
      "uri":"/?foo=bar",
      "method":"POST",
      "body": [
        "{",
        "       \"k1\":\"v1\",",
        "       \"k2\":\"v2\",",
        "       \"k3\":\"v3\",",
        "       \"k4\":\"v4\",",
        "       \"k5\":\"v5\"",
        "}"
      ]
    },
    "expected":{
      "debug_log": "Skipping request argument, over limit",
      "http_code":400
    },
    "rules":[
      "SecRuleEngine On",
      "SecArgumentsLimit 5",
      "SecRule REQUEST_HEADERS:Content-Type \"^application/json\" \"id:'200001',phase:1,t:none,pass,nolog,ctl:requestBodyProcessor=JSON\"",
      "SecRule REQBODY_ERROR \"!@eq 0\" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}'\"",
      "SecRule ARGS:/k5/ \"@rx v5\" \"id:'1234',phase:2,deny,status:403,t:none,log,auditlog\""
    ]
  }
]