├── tests └── test-cases │ ├── data │ ├── ipMatchFromFile.txt │ ├── config_example2.txt │ ├── config_example-ops-include.txt │ ├── geo │ │ ├── README.txt │ │ └── GeoIPCity.dat │ ├── config_example.txt │ ├── config_example3.txt │ ├── config_example-bad-op-include.txt │ ├── SoapEnvelope-bad.dtd │ ├── SoapEnvelope.dtd │ └── script.lua │ ├── Working Tests │ ├── variable-WEBSERVER_ERROR_LOG.json │ ├── misc.json │ ├── issue-394.json │ ├── variable-REQUEST_METHOD.json │ ├── variable-REQUEST_PROTOCOL.json │ ├── variable-RESPONSE_BODY.json │ ├── variable-REQUEST_URI.json │ ├── variable-REQUEST_LINE.json │ ├── variable-REQUEST_URI_RAW.json │ ├── operator-rx.json │ ├── variable-RESPONSE_CONTENT_LENGTH.json │ ├── variable-RESPONSE_CONTENT_TYPE.json │ ├── variable-RESPONSE_PROTOCOL.json │ ├── variable-TIME.json │ ├── variable-TIME_DAY.json │ ├── variable-TIME_MIN.json │ ├── variable-TIME_MON.json │ ├── variable-TIME_SEC.json │ ├── variable-TIME_HOUR.json │ ├── variable-TIME_WDAY.json │ ├── variable-TIME_YEAR.json │ ├── variable-UNIQUE_ID.json │ ├── variable-TIME_EPOCH.json │ ├── operator-UnconditionalMatch.json │ ├── variable-QUERY_STRING.json │ ├── variable-REMOTE_USER.json │ ├── variable-REQUEST_BASENAME.json │ ├── variable-REQUEST_FILENAME.json │ ├── variable-MODSEC_BUILD.json │ ├── action-setuid.json │ ├── action-setsid.json │ ├── action-initcol.json │ ├── variable-DURATION.json │ ├── sec_component_signature.json │ ├── variable-FILES.json │ ├── variable-FILES_NAMES.json │ ├── variable-FILES_SIZES.json │ ├── variable-FILES_COMBINED_SIZE.json │ ├── variable-MULTIPART_UNMATCHED_BOUNDARY.json │ ├── variable-REQUEST_HEADERS.json │ ├── variable-REQUEST_BODY_LENGTH.json │ ├── variable-FULL_REQUEST_LENGTH.json │ ├── variable-REQUEST_BODY.json │ ├── variable-FULL_REQUEST.json │ ├── action-disruptive.json │ ├── variable-RESPONSE_HEADERS.json │ ├── variable-RESPONSE_HEADERS_NAMES.json │ ├── variable-USERID.json │ ├── variable-REQUEST_HEADERS_NAMES.json │ ├── config-include-bad.json │ ├── variable-ARGS_GET_NAMES.json │ ├── secaction.json │ ├── config-response_type.json │ ├── debug_log.json │ ├── collection-case-insensitive.json │ ├── variable-SERVER_NAME.json │ ├── variable-TX.json │ ├── variable-REMOTE_PORT.json │ ├── variable-SERVER_PORT.json │ ├── variable-HIGHEST_SEVERITY.json │ ├── variable-REMOTE_ADDR.json │ ├── variable-SERVER_ADDR.json │ ├── variable-REMOTE_HOST.json │ ├── secruleengine.json │ ├── variable-ARGS_POST.json │ ├── variable-MATCHED_VAR.json │ ├── variable-SESSIONID.json │ ├── request-body-parser-json.json │ ├── variable-ARGS_POST_NAMES.json │ ├── variable-MATCHED_VARS.json │ ├── config-calling_phases_by_name.json │ ├── variable-MATCHED_VAR_NAME.json │ ├── variable-AUTH_TYPE.json │ ├── variable-MATCHED_VARS_NAMES.json │ ├── variable-STATUS.json │ ├── action-allow.json │ ├── config-secremoterules.json │ ├── variable-INBOUND_DATA_ERROR.json │ ├── variable-ARGS_GET.json │ ├── config-remove_by_id.json │ ├── variable-REQUEST_COOKIES.json │ ├── variable-REQUEST_COOKIES_NAMES.json │ ├── action-skip.json │ ├── variable-ENV.json │ ├── variable-PATH_INFO.json │ ├── operator-ipMatchFromFile.json │ ├── variable-OUTBOUND_DATA_ERROR.json │ ├── action-xmlns.json │ ├── variable-MULTIPART_NAME.json │ └── variable-MULTIPART_CRLF_LF_LINES.json │ └── Failed Tests │ ├── variable-MULTIPART_INVALID_HEADER_FOLDING.json │ └── request-body-parser-multipart-crlf.json ├── index.js ├── Makefile ├── todo.md ├── package.json ├── .gitignore ├── binding.gyp ├── modsecurity ├── customTypemaps.i └── modsecurity.i ├── LICENSE └── README.md /tests/test-cases/data/ipMatchFromFile.txt: -------------------------------------------------------------------------------- 1 | 127.0.0.1 2 | 10.10.10.1 3 | ::1 4 | 200.249.12.31 5 | -------------------------------------------------------------------------------- /tests/test-cases/data/config_example2.txt: -------------------------------------------------------------------------------- 1 | SecRule ARGS "@contains config_example2" "id:40,pass,t:trim" -------------------------------------------------------------------------------- /tests/test-cases/data/config_example-ops-include.txt: -------------------------------------------------------------------------------- 1 | Include test-cases/data/config_example-not-exist.txt -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | var modsecurity = require("./build/Release/modsecurity"); 2 | 3 | console.log(modsecurity.ModSecurity.whoAmI()); -------------------------------------------------------------------------------- /tests/test-cases/data/geo/README.txt: -------------------------------------------------------------------------------- 1 | This data was download from: 2 | 3 | https://github.com/maxmind/geoip-api-php/tree/master/tests 4 | 5 | -------------------------------------------------------------------------------- /tests/test-cases/data/geo/GeoIPCity.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/manishmalik/Modsecurity-nodejs/HEAD/tests/test-cases/data/geo/GeoIPCity.dat -------------------------------------------------------------------------------- /tests/test-cases/data/config_example.txt: -------------------------------------------------------------------------------- 1 | Include ./tests/test-cases/data/config_example2.txt 2 | SecRule ARGS "@contains config_example" "id:101,pass,t:trim" -------------------------------------------------------------------------------- /tests/test-cases/data/config_example3.txt: -------------------------------------------------------------------------------- 1 | Include ./tests/test-cases/data/config_example2.txt 2 | SecRule ARGS "@contains config_example" ops "id:1000,pass,t:trim" -------------------------------------------------------------------------------- /tests/test-cases/data/config_example-bad-op-include.txt: -------------------------------------------------------------------------------- 1 | SecRule ARGS "@contains config_example" "id:10,pass,t:trim" 2 | SecRule ARGS "@missingOperator config_example" "id:11,pass,t:trim" 3 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | swig -I/usr/include/ -javascript -node -Wall -Wextra -c++ modsecurity/modsecurity.i 3 | npm install 4 | ./node_modules/node-gyp/bin/node-gyp.js configure 5 | ./node_modules/node-gyp/bin/node-gyp.js build 6 | 7 | 8 | -------------------------------------------------------------------------------- /tests/test-cases/data/SoapEnvelope-bad.dtd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /tests/test-cases/data/SoapEnvelope.dtd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /todo.md: -------------------------------------------------------------------------------- 1 | #TODO: 2 | The following are the known issues with this binding: 3 | - [ ] `std_multimap.i` is not supported 4 | - [ ] Automate the search for linking libraries 5 | - [x] Add Unit tests 6 | - [ ] Variable not updating when they passed by pointer (or passed by reference) (for instance `char const ** error` in `msc_rules_add_file`) 7 | - [ ] Adding a callback function in `msc_set_log_cb`. Currently it's unable to register the call back function. 8 | - [ ] Running test cases synchronously. 9 | - [ ] Multimaps are unstable -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-WEBSERVER_ERROR_LOG.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "version_max":0, 6 | "title":"Testing Variables :: WEBSERVER_ERROR_LOG (1/1)", 7 | "expected":{ 8 | "parser_error":"Line: 1. Column: 27. Variable VARIABLE_WEBSERVER_ERROR_LOG is not supported by libModSecurity" 9 | }, 10 | "rules":[ 11 | "secrule WEBSERVER_ERROR_LOG \"@contains test\" \"id:1,t:lowercase,t:none,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"" 12 | ] 13 | } 14 | ] 15 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "modsecurity-nodejs", 3 | "version": "0.0.1", 4 | "description": "NodeJS connector for ModSecurity", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "./node_modules/mocha/bin/mocha tests/unit_tests.js", 8 | "regression_test" : "./node_modules/mocha/bin/mocha tests/regression_tests.js" 9 | }, 10 | "keywords": [ 11 | "ModSecurity", 12 | "libModSecurity" 13 | ], 14 | "author": "Manish Malik (www.m2n.me)", 15 | "license": "ISC", 16 | "dependencies": { 17 | "node-gyp": "^3.3.1", 18 | "mocha": "~2.5.3", 19 | "chai": "~3.5.0" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/misc.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "version_max":0, 6 | "title":"Testing action :: SecRule directives should be case insensitive", 7 | "expected":{ 8 | "audit_log":"", 9 | "debug_log":"Executing operator \"@contains\" with param \"PHPSESSID\" against REQUEST_HEADERS.", 10 | "error_log":"" 11 | }, 12 | "rules":[ 13 | "secruleengine On", 14 | "secdebuglog \/tmp\/modsec_debug.log", 15 | "secdebugloglevel 9", 16 | "secrule REQUEST_HEADERS \"@contains PHPSESSID\" \"id:1,t:lowercase,t:none,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 17 | "secrule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 18 | ] 19 | } 20 | ] -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | 6 | # Runtime data 7 | pids 8 | *.pid 9 | *.seed 10 | 11 | # Directory for instrumented libs generated by jscoverage/JSCover 12 | lib-cov 13 | 14 | # Coverage directory used by tools like istanbul 15 | coverage 16 | 17 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 18 | .grunt 19 | 20 | # node-waf configuration 21 | .lock-wscript 22 | 23 | # Compiled binary addons (http://nodejs.org/api/addons.html) 24 | build/Release 25 | 26 | # Dependency directory 27 | node_modules 28 | 29 | # Optional npm cache directory 30 | .npm 31 | 32 | # Optional REPL history 33 | .node_repl_history 34 | 35 | # ModSecurity Swig Wrapper 36 | modsecurity_wrap.cxx 37 | 38 | # Build directories 39 | build -------------------------------------------------------------------------------- /binding.gyp: -------------------------------------------------------------------------------- 1 | { 2 | "targets": [ 3 | { 4 | "target_name": "modsecurity", 5 | "sources": [ "modsecurity_wrap.cxx" ], 6 | "include_dirs": ['/usr/include/modsecurity/',], 7 | "libraries": ['/usr/lib/libmodsecurity.a', 8 | '/usr/lib/libmodsecurity.so', 9 | '/usr/lib/libmodsecurity.a', 10 | '/usr/lib/libmodsecurity.so.3.0.0', 11 | '/usr/lib/x86_64-linux-gnu/libxml2.so', 12 | '/usr/lib/x86_64-linux-gnu/libcurl.so', 13 | '/lib/x86_64-linux-gnu/libpcre.so.3', 14 | '/usr/lib/x86_64-linux-gnu/libyajl.so', 15 | '/usr/lib/x86_64-linux-gnu/libGeoIP.so', 16 | '/usr/lib/x86_64-linux-gnu/liblmdb.so'], 17 | "cflags" : [ "-std=c++11" ], 18 | 'cflags!': [ '-fno-exceptions' ], 19 | 'cflags_cc!': [ '-fno-exceptions' ] 20 | } 21 | ] 22 | } -------------------------------------------------------------------------------- /modsecurity/customTypemaps.i: -------------------------------------------------------------------------------- 1 | %inline %{ 2 | #include 3 | #include 4 | #include 5 | %} 6 | 7 | /* 8 | Type map for char const **error supplied as input argument 9 | */ 10 | %typemap(in) const char **error { 11 | if(!($input)->IsString()) { 12 | SWIG_exception_fail(SWIG_ERROR, "Expected a string variable for error"); 13 | } 14 | 15 | char const *error = NULL; 16 | 17 | $1 = (char **)&error; 18 | } 19 | 20 | /* 21 | Type map for char const** error for output argument 22 | */ 23 | %typemap(argout) const char **error { 24 | v8::HandleScope scope; 25 | 26 | $input = scope.Close(v8::String::New(*($1))); 27 | } 28 | 29 | /* 30 | Type map for unsigned char * supplied as input argument mostly in msc_append_request_body and msc_add_n_response_header 31 | */ 32 | %typemap(in) unsigned char * { 33 | if(!($input)->IsString()) { 34 | SWIG_exception_fail(SWIG_ERROR, "Expected a string"); 35 | } 36 | 37 | v8::String::Utf8Value str(args[0]->ToString()); 38 | 39 | $1 = (unsigned char*) *str; 40 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Manish Malik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/issue-394.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled": 1, 4 | "version_min": 209000, 5 | "version_max": -1, 6 | "title": "Segmentation fault when uploading file with SecStreamInBodyInspection enabled", 7 | "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/394", 8 | "gihub_issue": 394, 9 | "client": { 10 | "ip": "200.249.12.31", 11 | "port": 2313 12 | }, 13 | "server": { 14 | "ip": "200.249.12.31", 15 | "port": 80 16 | }, 17 | "request": { 18 | "headers": {}, 19 | "body": "", 20 | "method": "GET", 21 | "http_version": 1.1 22 | }, 23 | "response": { 24 | "headers": {}, 25 | "body": [] 26 | }, 27 | "expected": { 28 | "audit_logs": "", 29 | "debug_logs": "", 30 | "error_logs": "" 31 | }, 32 | "rules": [ 33 | "SecRuleEngine On", 34 | "SecRequestBodyAccess On", 35 | "SecResponseBodyAccess On", 36 | "SecAuditEngine On", 37 | "SecAuditLogType Serial", 38 | "SecAuditLog logs\/modsec_audit.log", 39 | "SecAuditLogParts ABCDEFHJKZ", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9" 42 | ] 43 | } 44 | ] 45 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_METHOD.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_METHOD", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"GET\" \\(Variable: REQUEST_METHOD\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_METHOD \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_PROTOCOL.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_PROTOCOL", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"HTTP/1.1\" \\(Variable: REQUEST_PROTOCOL\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_PROTOCOL \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-RESPONSE_BODY.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: RESPONSE_BODY", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"no need.\" \\(Variable: RESPONSE_BODY\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule RESPONSE_BODY \"@contains test \" \"id:1,phase:4,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_URI.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_URI", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"/\\?key=value\\&key=other_value\" \\(Variable: REQUEST_URI\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_URI \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_LINE.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_LINE", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"GET /\\?key=value\\&key=other_value HTTP/1.1\" \\(Variable: REQUEST_LINE\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_LINE \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_URI_RAW.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_URI_RAW", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"/\\?key=value\\&key=other_value\" \\(Variable: REQUEST_URI_RAW\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_URI_RAW \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/operator-rx.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Operator :: @rx", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Executing operator \"@rx" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule ARGS \"@rx (value1)\" \"id:1,phase:2,pass,t:trim\"" 46 | ] 47 | } 48 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-RESPONSE_CONTENT_LENGTH.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: RESPONSE_CONTENT_LENGTH", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"9\" \\(Variable: RESPONSE_CONTENT_LENGTH\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule RESPONSE_CONTENT_LENGTH \"@contains test \" \"id:1,phase:4,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-RESPONSE_CONTENT_TYPE.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: RESPONSE_CONTENT_TYPE", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"text/html\" \\(Variable: RESPONSE_CONTENT_TYPE\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule RESPONSE_CONTENT_TYPE \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 42 | ] 43 | } 44 | ] 45 | 46 | -------------------------------------------------------------------------------- /tests/test-cases/data/script.lua: -------------------------------------------------------------------------------- 1 | -- Your script must define the main entry 2 | -- point, as below. 3 | function main() 4 | -- Log something at level 1. Normally you shouldn't be 5 | -- logging anything, especially not at level 1, but this is 6 | -- just to show you can. Useful for debugging. 7 | m.log(1, "Hello world!"); 8 | 9 | -- Retrieve one variable. 10 | local var1 = m.getvar("REMOTE_ADDR"); 11 | 12 | -- Retrieve one variable, applying one transformation function. 13 | -- The second parameter is a string. 14 | local var2 = m.getvar("ARGS", "lowercase"); 15 | 16 | -- Retrieve one variable, applying several transformation functions. 17 | -- The second parameter is now a list. You should note that m.getvar() 18 | -- requires the use of comma to separate collection names from 19 | -- variable names. This is because only one variable is returned. 20 | local var3 = m.getvar("ARGS.p", { "lowercase", "compressWhitespace" } ); 21 | 22 | -- If you want this rule to match return a string 23 | -- containing the error message. The message must contain the name 24 | -- of the variable where the problem is located. 25 | -- return "Variable ARGS:p looks suspicious!" 26 | 27 | -- Otherwise, simply return nil. 28 | return nil; 29 | end -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-RESPONSE_PROTOCOL.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: RESPONSE_PROTOCOL", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "protocol": "HTTP/1.1", 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"HTTP/1.1\" \\(Variable: RESPONSE_PROTOCOL\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule RESPONSE_PROTOCOL \"^HTTP\" \"id:1,phase:5,pass,t:trim\"" 43 | ] 44 | } 45 | ] 46 | 47 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+):([0-9]+):([0-9]+)\" \\(Variable: TIME\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_DAY.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_DAY", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_DAY\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_DAY \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_MIN.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_MIN", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_MIN\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_MIN \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_MON.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_MON", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_MON\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_MON \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_SEC.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_SEC", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_SEC\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_SEC \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_HOUR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_HOUR", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_HOUR\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_HOUR \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_WDAY.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_WDAY", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_WDAY\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_WDAY \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_YEAR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_YEAR", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_YEAR\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_YEAR \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-UNIQUE_ID.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: UNIQUE_ID", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9.]+)\" \\(Variable: UNIQUE_ID\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule UNIQUE_ID \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TIME_EPOCH.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TIME_EPOCH", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"([0-9]+)\" \\(Variable: TIME_EPOCH\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule TIME_EPOCH \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/operator-UnconditionalMatch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Operator :: @UnconditionalMatch", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Rule returned 1" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule ARGS \"@UnconditionalMatch\" \"id:1,phase:2,pass,t:trim\"" 46 | ] 47 | } 48 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-QUERY_STRING.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: QUERY_STRING", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"key2=v\\%20a\\%20l\\%20u\\%20e\\%202\" \\(Variable: QUERY_STRING\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule QUERY_STRING \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REMOTE_USER.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REMOTE_USER", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded", 21 | "Authorization": "Basic QWxhZGRpbjpPcGVuU2VzYW1l" 22 | }, 23 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 24 | "method":"GET" 25 | }, 26 | "response":{ 27 | "headers":{ 28 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 29 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 30 | "Content-Type":"text/html" 31 | }, 32 | "body":[ 33 | "no need." 34 | ] 35 | }, 36 | "expected":{ 37 | "debug_log":"t:trim: \"Aladdin\"" 38 | }, 39 | "rules":[ 40 | "SecRuleEngine On", 41 | "SecDebugLog \/tmp\/modsec_debug.log", 42 | "SecDebugLogLevel 9", 43 | "SecRule REMOTE_USER \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 44 | ] 45 | } 46 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_BASENAME.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_BASENAME", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/login.php?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"/login.php\" \\(Variable: REQUEST_BASENAME\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule REQUEST_BASENAME \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_FILENAME.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_FILENAME", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/login.php?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"/one/two/login.php\" \\(Variable: REQUEST_FILENAME\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule REQUEST_FILENAME \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | } 45 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MODSEC_BUILD.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MODSEC_BUILD (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Target value: \"03([0-9]+)\" \\(Variable: MODSEC_BUILD\\)" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule MODSEC_BUILD \"@contains test\" \"id:1,phase:3,pass,t:trim\"" 46 | ] 47 | } 48 | ] 49 | 50 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-setuid.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing setuid action", 6 | "expected":{ 7 | "debug_log": "Saving variable: USER:score with value: 5" 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "User-Agent":"My sweet little browser", 19 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "server":{ 25 | "ip":"200.249.12.31", 26 | "port":80 27 | }, 28 | "rules":[ 29 | "SecRuleEngine On", 30 | "SecDebugLog \/tmp\/modsec_debug.log", 31 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setuid:%{REQUEST_COOKIES:USER}%,nolog,pass\"", 32 | "SecRule REQUEST_HEADERS \".*\" \"id:'900021',phase:1,setvar:USER.score=+10\"", 33 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900068',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}2,nolog,pass\"", 34 | "SecRule REQUEST_HEADERS \".*\" \"id:'900022',phase:1,setvar:USER.score=+5\"" 35 | ] 36 | } 37 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-setsid.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing setsid action", 6 | "expected":{ 7 | "debug_log": "Saving variable: SESSION:score with value: 5" 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "User-Agent":"My sweet little browser", 19 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "server":{ 25 | "ip":"200.249.12.31", 26 | "port":80 27 | }, 28 | "rules":[ 29 | "SecRuleEngine On", 30 | "SecDebugLog \/tmp\/modsec_debug.log", 31 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}%,nolog,pass\"", 32 | "SecRule REQUEST_HEADERS \".*\" \"id:'900021',phase:1,setvar:SESSION.score=+10\"", 33 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900068',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}2,nolog,pass\"", 34 | "SecRule REQUEST_HEADERS \".*\" \"id:'900022',phase:1,setvar:SESSION.score=+5\"" 35 | ] 36 | } 37 | ] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | This repo contains the binding of libModSecurity(aka ModSecurity v3) in Node.js. These bindings will allow users to utilize the exposed libmodsecurity interfaces directly from node.js. 4 | 5 | 6 | Please head over to the project [**Wiki**](https://github.com/manishmalik/Modsecurity-nodejs/wiki) for more details. 7 | 8 | # Installation guide 9 | Before you follow the following steps make sure you have npm, nodejs and swig(3.0+) installed in your system. 10 | 11 | 1. First build libModSecurity in your system. [Compilation recipes](https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes) 12 | 13 | 2. Open `binding.gyp`, edit `include_dirs` and `libraries` to point to the headers(include directories) and libraries folder of modsecurity. By default it's looking at: 14 | ``` 15 | "include_dirs": ['/usr/include/modsecurity/',], 16 | "libraries": ['/usr/lib/libmodsecurity.a','other_shared_libraries'] 17 | ``` 18 | 3. Then type: `make` 19 | The `Makefile` will first generates the wrapper `modsecurity_wrap.cxx` , then installs node package and finally `node-gyp` generate the node module of modsecurity. You must see `ok` at the end to make sure that build was successfull. 20 | 21 | 4. To test the node module, you may use : `npm test`. Further to test the simple connector you can `cd` into `example` and type `node simple_example.js`. 22 | 23 | # Disclaimer 24 | This is in early development phase and is highly unstable. To see some known bugs or issues you may check [this](todo.md). 25 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-initcol.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing initcol action", 6 | "expected":{ 7 | "debug_log": "Saving variable: IP:auth_attempt with value: 3" 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "User-Agent":"My sweet little browser" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "server":{ 24 | "ip":"200.249.12.31", 25 | "port":80 26 | }, 27 | "rules":[ 28 | "SecRuleEngine On", 29 | "SecDebugLog \/tmp\/modsec_debug.log", 30 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var},nolog,pass\"", 31 | "SecRule &TX:REAL_IP \"@eq 0\" \"id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,pass\"", 32 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900019',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass\"", 33 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900020',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass\"", 34 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900022',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass\"" 35 | ] 36 | } 37 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-DURATION.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: AUTH_TYPE", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded", 21 | "Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body": [ 26 | "param1=value1¶m2=value2" 27 | ] 28 | }, 29 | "response":{ 30 | "headers":{ 31 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 32 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 33 | "Content-Type":"text/html" 34 | }, 35 | "body":[ 36 | "no need." 37 | ] 38 | }, 39 | "expected":{ 40 | "debug_log":"Target value: \"[0-9\\.]+\"" 41 | }, 42 | "rules":[ 43 | "SecRuleEngine On", 44 | "SecDebugLog \/tmp\/modsec_debug.log", 45 | "SecDebugLogLevel 9", 46 | "SecRule DURATION \"@contains test \" \"id:1,phase:3,pass,t:trim\"", 47 | "SecRule DURATION \"@contains test \" \"id:2,phase:3,pass,t:trim\"", 48 | "SecRule DURATION \"@contains test \" \"id:3,phase:3,pass,t:trim\"" 49 | ] 50 | } 51 | ] 52 | 53 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/sec_component_signature.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "version_max":0, 6 | "title":"SecComponentSignature", 7 | "client": { 8 | "ip": "200.249.12.31", 9 | "port": 2313 10 | }, 11 | "server": { 12 | "ip": "200.249.12.31", 13 | "port": 80 14 | }, 15 | "request": { 16 | "headers": { 17 | "Host": "www.modsecurity.org", 18 | "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 19 | "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 20 | "Accept-Language": "en-us,en;q=0.5", 21 | "Accept-Encoding": "gzip,deflate", 22 | "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", 23 | "Keep-Alive": "300", 24 | "Connection": "keep-alive", 25 | "Pragma": "no-cache", 26 | "Cache-Control": "no-cache" 27 | }, 28 | "uri": "\/test.pl?param1= test ¶m2=test2", 29 | "method": "GET", 30 | "http_version": 1.1, 31 | "body": "" 32 | }, 33 | "response": { 34 | "headers": { 35 | "Content-Type": "plain\/text\n\r" 36 | }, 37 | "body": [ 38 | "test" 39 | ] 40 | }, 41 | "expected":{ 42 | "audit_log":"", 43 | "debug_log":".*", 44 | "error_log":"", 45 | "http_code": 403 46 | }, 47 | "rules":[ 48 | "SecRuleEngine On", 49 | "SecDebugLog \/tmp\/modsec_debug.log", 50 | "SecDebugLogLevel 9", 51 | "SecComponentSignature \"OWASP_CRS/2.2.9\"", 52 | "SecRule ARGS \"@contains test\" \"id:1,t:trim,deny,status:403,auditlog\"" 53 | ] 54 | } 55 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-FILES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FILES (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "----------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "----------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "----------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "----------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"T \\(1\\) t:trim: \"small_text_file" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule FILES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-FILES_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FILES_NAMES (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "----------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "----------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "----------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "----------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"T \\(1\\) t:trim: \"filedata" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule FILES_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-FILES_SIZES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FILES_NAMES (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "----------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "----------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "----------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "----------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"38\" \\(Variable: FILES_SIZES:filedata\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule FILES_SIZES \"@gt 70.000000\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-FILES_COMBINED_SIZE.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FILES_NAMES (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "----------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "----------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "----------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "----------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"70\" \\(Variable: FILES_COMBINED_SIZE\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule FILES_COMBINED_SIZE \"@gt 70\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MULTIPART_UNMATCHED_BOUNDARY.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MULTIPART_UNMATCHED_BOUNDARY", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"1\" \\(Variable: MULTIPART_UNMATCHED_BOUNDARY\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule MULTIPART_UNMATCHED_BOUNDARY \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_HEADERS.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_HEADERS", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"localhost\" \\(Variable: REQUEST_HEADERS:Host\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule REQUEST_HEADERS \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_BODY_LENGTH.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_BODY_LENGTH", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"508\" \\(Variable: REQUEST_BODY_LENGTH\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule REQUEST_BODY_LENGTH \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-FULL_REQUEST_LENGTH.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FULL_REQUEST_LENGTH (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"690\" \\(Variable: FULL_REQUEST_LENGTH\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule FULL_REQUEST_LENGTH \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_BODY.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_BODY", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"--------------------------756b6d74fa1a8ee2\\x0aContent-Disposition: form-data; na" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule REQUEST_BODY \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-FULL_REQUEST.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FULL_REQUEST (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Content-Type: multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule FULL_REQUEST \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-disruptive.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Disruptive actions (1/n)", 6 | "expected":{ 7 | "debug_log": " Running action: deny", 8 | "http_code":404 9 | }, 10 | "rules":[ 11 | "SecRuleEngine On", 12 | "SecDebugLog \/tmp\/modsec_debug.log", 13 | "SecDefaultAction \"phase:2,deny,status:404\"", 14 | "SecAction \"id:'900001',phase:request,nolog,status:403,t:none\"" 15 | ] 16 | }, 17 | { 18 | "enabled":1, 19 | "version_min":300000, 20 | "title":"Testing Disruptive actions (2/n)", 21 | "expected":{ 22 | "debug_log": " Running action: deny", 23 | "http_code":404 24 | }, 25 | "rules":[ 26 | "SecRuleEngine On", 27 | "SecDebugLog \/tmp\/modsec_debug.log", 28 | "SecDefaultAction \"phase:2,deny,status:404\"", 29 | "SecAction \"id:'1',phase:request,nolog,t:none\"" 30 | ] 31 | }, 32 | { 33 | "enabled":1, 34 | "version_min":300000, 35 | "title":"Testing Disruptive actions (3/n)", 36 | "expected":{ 37 | "debug_log": "Running action block", 38 | "http_code":404 39 | }, 40 | "rules":[ 41 | "SecRuleEngine On", 42 | "SecDebugLog \/tmp\/modsec_debug.log", 43 | "SecDefaultAction \"phase:2,deny,status:404\"", 44 | "SecAction \"id:'1',phase:request,nolog,block,t:none\"" 45 | ] 46 | }, 47 | { 48 | "enabled":1, 49 | "version_min":300000, 50 | "title":"Testing Disruptive actions (4/n)", 51 | "expected":{ 52 | "http_code":200 53 | }, 54 | "rules":[ 55 | "SecRuleEngine On", 56 | "SecDebugLog \/tmp\/modsec_debug.log", 57 | "SecAction \"id:'1',phase:request,nolog,t:none\"" 58 | ] 59 | }, 60 | { 61 | "enabled":1, 62 | "version_min":300000, 63 | "title":"Testing Disruptive actions (5/n)", 64 | "expected":{ 65 | "http_code":200 66 | }, 67 | "rules":[ 68 | "SecRuleEngine On", 69 | "SecDebugLog \/tmp\/modsec_debug.log", 70 | "SecDefaultAction \"phase:2,deny,status:404\"", 71 | "SecAction \"id:'1',phase:request,nolog,pass,t:none\"" 72 | ] 73 | } 74 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-RESPONSE_HEADERS.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: RESPONSE_HEADERS", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"Mon, 13 Jul 2015 20:02:41 GMT\" \\(Variable: RESPONSE_HEADERS:Date\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule RESPONSE_HEADERS \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-RESPONSE_HEADERS_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: RESPONSE_HEADERS_NAMES", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"Content-Type Last-Modified Date\" \\(Variable: RESPONSE_HEADERS_NAMES\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule RESPONSE_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-USERID.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing USERID variable (1/2)", 6 | "expected":{ 7 | "debug_log": "Target value: \"zimmerle2\"" 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "User-Agent":"My sweet little browser", 19 | "Cookie": "USER=zimmerle" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "server":{ 25 | "ip":"200.249.12.31", 26 | "port":80 27 | }, 28 | "rules":[ 29 | "SecRuleEngine On", 30 | "SecDebugLog \/tmp\/modsec_debug.log", 31 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setuid:%{REQUEST_COOKIES:USER}%,nolog,pass\"", 32 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900068',phase:1,t:none,t:sha1,t:hexEncode,setuid:%{REQUEST_COOKIES:USER}2,nolog,pass\"", 33 | "SecRule USERID \".*\" \"id:1239,phase:1,log,pass\"" 34 | ] 35 | }, 36 | { 37 | "enabled":1, 38 | "version_min":300000, 39 | "title":"Testing USERID variable (2/2)", 40 | "expected":{ 41 | "debug_log": "Target value: \"whee\"" 42 | }, 43 | "client":{ 44 | "ip":"200.249.12.31", 45 | "port":123 46 | }, 47 | "request":{ 48 | "headers":{ 49 | "Host":"localhost", 50 | "User-Agent":"curl/7.38.0", 51 | "Accept":"*/*", 52 | "User-Agent":"My sweet little browser", 53 | "Cookie": "USER=whee" 54 | }, 55 | "uri":"/?key=value&key=other_value", 56 | "method":"GET" 57 | }, 58 | "server":{ 59 | "ip":"200.249.12.31", 60 | "port":80 61 | }, 62 | "rules":[ 63 | "SecRuleEngine On", 64 | "SecDebugLog \/tmp\/modsec_debug.log", 65 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setuid:%{REQUEST_COOKIES:USER}%,nolog,pass\"", 66 | "SecRule USERID \".*\" \"id:1239,phase:1,log,pass\"" 67 | ] 68 | } 69 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_HEADERS_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_HEADERS_NAMES", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "--------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "--------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "--------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "--------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"[Accept|Expect|Content\\-Type|User\\-Agent|Content\\-Length|Host| ]+\" \\(Variable: REQUEST_HEADERS_NAMES\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule REQUEST_HEADERS_NAMES \"@contains small_text_file.txt\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | } 63 | ] -------------------------------------------------------------------------------- /tests/test-cases/Failed Tests/variable-MULTIPART_INVALID_HEADER_FOLDING.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MULTIPART_INVALID_HEADER_FOLDING", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=-----------------------------69343412719991675451336310646", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "-------------------------------69343412719991675451336310646", 27 | "Content-Disposition: form-data;", 28 | " name=\"a\"", 29 | "", 30 | "1", 31 | "-------------------------------69343412719991675451336310646", 32 | "Content-Disposition: form-data;", 33 | " name=\"b\"", 34 | "", 35 | "2", 36 | "-------------------------------69343412719991675451336310646--" 37 | ] 38 | }, 39 | "response":{ 40 | "headers":{ 41 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 42 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 43 | "Content-Type":"text/html" 44 | }, 45 | "body":[ 46 | "no need." 47 | ] 48 | }, 49 | "expected":{ 50 | "debug_log":"ARGS:a" 51 | }, 52 | "rules":[ 53 | "SecRule MULTIPART_STRICT_ERROR \"!@eq 1\" \"phase:2,deny,status:403,id:500074\"", 54 | "SecRule MULTIPART_HEADER_FOLDING \"!@eq 1\" \"phase:2,deny,status:403,id:500075\"", 55 | "SecRule MULTIPART_INVALID_HEADER_FOLDING \"!@eq 0\" \"phase:2,deny,status:403,id:500076\"", 56 | "SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,status:403,id:500077\"", 57 | "SecRule ARGS \"@eq 1\" \"phase:2,deny,status:403,id:5000277\"" 58 | ] 59 | } 60 | ] 61 | 62 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/config-include-bad.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Include - bad rule", 6 | "expected":{ 7 | "parser_error": "Rules error. File: test-cases/data/config_example3.txt. Line: 2. Column: 41. invalid character o" 8 | }, 9 | "rules":[ 10 | "SecRuleEngine On", 11 | "SecDebugLog \/tmp\/modsec_debug.log", 12 | "SecDebugLogLevel 9", 13 | "Include test-cases/data/config_example3.txt", 14 | "SecRule ARGS \"@missing_operator test\" \"id:19,pass,t:trim\"" 15 | ] 16 | }, 17 | { 18 | "enabled":1, 19 | "version_min":300000, 20 | "title":"Include - missing file", 21 | "expected":{ 22 | "parser_error": "Rules error. File: config-include-bad.json. Line: 4. Column: 54. test-cases/data/config_example-ops.txt: Not able to open file." 23 | }, 24 | "rules":[ 25 | "SecRuleEngine On", 26 | "SecDebugLog \/tmp\/modsec_debug.log", 27 | "SecDebugLogLevel 9", 28 | "Include test-cases/data/config_example-ops.txt", 29 | "SecRule ARGS \"@contains test\" \"id:19,pass,t:trim\"" 30 | ] 31 | }, 32 | { 33 | "enabled":1, 34 | "version_min":300000, 35 | "title":"Include - missing at include", 36 | "expected":{ 37 | "parser_error": "Rules error. File: test-cases/data/config_example-ops-include.txt. Line: 1. Column: 52. test-cases/data/config_example-not-exist.txt: Not able to open file." 38 | }, 39 | "rules":[ 40 | "SecRuleEngine On", 41 | "SecDebugLog \/tmp\/modsec_debug.log", 42 | "SecDebugLogLevel 9", 43 | "Include test-cases/data/config_example-ops-include.txt", 44 | "SecRule ARGS \"@contains test\" \"id:19,pass,t:trim\"" 45 | ] 46 | }, 47 | { 48 | "enabled":1, 49 | "version_min":300000, 50 | "title":"Include - duplicate id", 51 | "expected":{ 52 | "parser_error": "Rule id: 40 is duplicated" 53 | }, 54 | "rules":[ 55 | "SecRuleEngine On", 56 | "SecDebugLog \/tmp\/modsec_debug.log", 57 | "SecDebugLogLevel 9", 58 | "Include test-cases/data/config_example.txt", 59 | "Include test-cases/data/config_example.txt", 60 | "SecRule ARGS \"@missing_operator test\" \"id:19,pass,t:trim\"" 61 | ] 62 | } 63 | ] 64 | -------------------------------------------------------------------------------- /tests/test-cases/Failed Tests/request-body-parser-multipart-crlf.json: -------------------------------------------------------------------------------- 1 | [ 2 | 3 | { 4 | "enabled":1, 5 | "version_min":300000, 6 | "title":"multipart parser (final CRLF)", 7 | "client":{ 8 | "ip":"200.249.12.31", 9 | "port":123 10 | }, 11 | "server":{ 12 | "ip":"200.249.12.31", 13 | "port":80 14 | }, 15 | "request":{ 16 | "headers":{ 17 | "Host":"localhost", 18 | "User-Agent":"curl/7.38.0", 19 | "Accept":"*/*", 20 | "Content-Length":"330", 21 | "Content-Type":"multipart/form-data; boundary=---------------------------69343412719991675451336310646", 22 | "Expect":"100-continue" 23 | }, 24 | "uri":"/", 25 | "method":"POST", 26 | "body":[ 27 | "-----------------------------69343412719991675451336310646", 28 | "Content-Disposition: form-data; name=\"a\"\r", 29 | "\r", 30 | "1\r", 31 | "1.1\r", 32 | "1.2\r", 33 | "1.3\r", 34 | "-----------------------------69343412719991675451336310646", 35 | "Content-Disposition: form-data; name=\"b\"\r", 36 | "\r", 37 | "2\r", 38 | "2.1\r", 39 | "2.2\r", 40 | "2.3\r", 41 | "-----------------------------69343412719991675451336310646--" 42 | ] 43 | }, 44 | "response":{ 45 | "headers":{ 46 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 47 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 48 | "Content-Type":"text/html" 49 | }, 50 | "body":[ 51 | "no need." 52 | ] 53 | }, 54 | "expected":{ 55 | "debug_log":"Adding request argument \\(BODY\\): name \"b\", value \"22.12.22.3\"", 56 | "http_code":403 57 | }, 58 | "rules":[ 59 | "SecRuleEngine On", 60 | "SecRequestBodyAccess On", 61 | "SecRule MULTIPART_STRICT_ERROR \"@eq 1\" \"phase:2,deny,id:500055\"", 62 | "SecRule MULTIPART_UNMATCHED_BOUNDARY \"@eq 1\" \"phase:2,deny,id:500056\"", 63 | "SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,id:500057\"", 64 | "SecRule ARGS_POST \"@eq 1231\" \"phase:2,deny,id:500067\"" 65 | ] 66 | } 67 | ] 68 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-ARGS_GET_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: ARGS_GET_NAMES (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"key key\"" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS_GET_NAMES \"@contains test \" \"id:1,pass,t:trim\"" 41 | ] 42 | }, 43 | { 44 | "enabled":1, 45 | "version_min":300000, 46 | "title":"Testing Variables :: ARGS_GET_NAMES (2/2)", 47 | "client":{ 48 | "ip":"200.249.12.31", 49 | "port":123 50 | }, 51 | "server":{ 52 | "ip":"200.249.12.31", 53 | "port":80 54 | }, 55 | "request":{ 56 | "headers":{ 57 | "Host":"localhost", 58 | "User-Agent":"curl/7.38.0", 59 | "Accept":"*/*" 60 | }, 61 | "uri":"/?key=value&key=other_value", 62 | "method":"GET" 63 | }, 64 | "response":{ 65 | "headers":{ 66 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 67 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 68 | "Content-Type":"text/html" 69 | }, 70 | "body":[ 71 | "no need." 72 | ] 73 | }, 74 | "expected":{ 75 | "debug_log":"Target value: \"key key\"" 76 | }, 77 | "rules":[ 78 | "SecRuleEngine On", 79 | "SecDebugLog \/tmp\/modsec_debug.log", 80 | "SecDebugLogLevel 9", 81 | "SecRule ARGS_GET_NAMES \"@contains test \" \"id:1,pass,t:trim\"" 82 | ] 83 | } 84 | ] 85 | 86 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/secaction.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled": 1, 4 | "version_min": 300000, 5 | "version_max": 0, 6 | "title": "sec action", 7 | "client": { 8 | "ip": "200.249.12.31", 9 | "port": 2313 10 | }, 11 | "server": { 12 | "ip": "200.249.12.31", 13 | "port": 80 14 | }, 15 | "request": { 16 | "headers": { 17 | "Host": "net.tutsplus.com", 18 | "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 19 | "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 20 | "Accept-Language": "en-us,en;q=0.5", 21 | "Accept-Encoding": "gzip,deflate", 22 | "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", 23 | "Keep-Alive": "300", 24 | "Connection": "keep-alive", 25 | "Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120", 26 | "Pragma": "no-cache", 27 | "Cache-Control": "no-cache" 28 | }, 29 | "uri": "\/test.pl?param1= test ¶m2=test2", 30 | "method": "GET", 31 | "http_version": 1.1, 32 | "body": "" 33 | }, 34 | "response": { 35 | "headers": { 36 | "Content-Type": "text\/xml; charset=utf-8\n\r", 37 | "Content-Length": "length\n\r" 38 | }, 39 | "body": [ 40 | "\n\r", 41 | "\n\r", 42 | " \n\r", 43 | " \n\r", 44 | " string<\/EnlightenResult>\n\r", 45 | " <\/EnlightenResponse>\n\r", 46 | " <\/soap:Body>\n\r", 47 | "<\/soap:Envelope>\n\r" 48 | ] 49 | }, 50 | "expected": { 51 | "audit_log": "", 52 | "debug_log": "Running unconditional rule.", 53 | "error_log": "" 54 | }, 55 | "rules": [ 56 | "SecRuleEngine On", 57 | "SecDebugLog \/tmp\/modsec_debug.log", 58 | "SecDebugLogLevel 9", 59 | "SecRule ARGS \"@contains test\" \"phase:2,id:1,t:trim\"", 60 | "SecAction \"phase:2,nolog,pass\"" 61 | ] 62 | } 63 | ] 64 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/config-response_type.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"SecResponseBodyMimeType (1/x)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"T \\(0\\) t:trim: \"no need.\"" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecResponseBodyMimeType text\/plain text\/html text\/xml", 41 | "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"SecResponseBodyMimeType (1/x)", 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "server":{ 53 | "ip":"200.249.12.31", 54 | "port":80 55 | }, 56 | "request":{ 57 | "headers":{ 58 | "Host":"localhost", 59 | "User-Agent":"curl/7.38.0", 60 | "Accept":"*/*" 61 | }, 62 | "uri":"/?key=value&key=other_value", 63 | "method":"GET" 64 | }, 65 | "response":{ 66 | "headers":{ 67 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 68 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 69 | "Content-Type":"text/html" 70 | }, 71 | "body":[ 72 | "no need." 73 | ] 74 | }, 75 | "expected":{ 76 | "debug_log":"Response Content-Type is text/html. It is not marked to be inspected." 77 | }, 78 | "rules":[ 79 | "SecRuleEngine On", 80 | "SecDebugLog \/tmp\/modsec_debug.log", 81 | "SecDebugLogLevel 9", 82 | "SecResponseBodyMimeType application\/something", 83 | "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\"" 84 | ] 85 | } 86 | 87 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/debug_log.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled": 1, 4 | "version_min": 300000, 5 | "version_max": 0, 6 | "title": "Debug log", 7 | "client": { 8 | "ip": "200.249.12.31", 9 | "port": 2313 10 | }, 11 | "server": { 12 | "ip": "200.249.12.31", 13 | "port": 80 14 | }, 15 | "request": { 16 | "headers": { 17 | "Host": "net.tutsplus.com", 18 | "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 19 | "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 20 | "Accept-Language": "en-us,en;q=0.5", 21 | "Accept-Encoding": "gzip,deflate", 22 | "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", 23 | "Keep-Alive": "300", 24 | "Connection": "keep-alive", 25 | "Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120", 26 | "Pragma": "no-cache", 27 | "Cache-Control": "no-cache" 28 | }, 29 | "uri": "\/test.pl?param1=test¶2=test2", 30 | "method": "GET", 31 | "http_version": 1.1, 32 | "body": "" 33 | }, 34 | "response": { 35 | "headers": { 36 | "Content-Type": "text\/xml; charset=utf-8\n\r", 37 | "Content-Length": "length\n\r" 38 | }, 39 | "body": [ 40 | "\n\r", 41 | "\n\r", 42 | " \n\r", 43 | " \n\r", 44 | " string<\/EnlightenResult>\n\r", 45 | " <\/EnlightenResponse>\n\r", 46 | " <\/soap:Body>\n\r", 47 | "<\/soap:Envelope>\n\r" 48 | ] 49 | }, 50 | "expected": { 51 | "audit_log": "", 52 | "debug_log": ".*", 53 | "error_log": "" 54 | }, 55 | "rules": [ 56 | "SecRuleEngine On", 57 | "SecDebugLog \/tmp\/modsec_debug.log", 58 | "SecDebugLogLevel 9", 59 | "SecRule ARGS \"@contains test\" \"id:3,pass\"", 60 | "SecRule ARGS \"@contains /test.txt\" \"id:4,allow\"", 61 | "SecRule ARGS:teste \"@contains /test.txt\" \" id:1,allow,deny\"", 62 | "SecRule ARGS \"@contains /test.txt\" \"allow, allow,id:2,deny\"" 63 | 64 | ] 65 | } 66 | ] 67 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/collection-case-insensitive.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "version_max":0, 6 | "title":"Testing collection :: Case insensitive (1/1)", 7 | "client":{ 8 | "ip":"200.249.12.31", 9 | "port":2313 10 | }, 11 | "server":{ 12 | "ip":"200.249.12.31", 13 | "port":80 14 | }, 15 | "request":{ 16 | "headers":{ 17 | "User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 18 | "Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 19 | "Accept-Language":"en-us,en;q=0.5", 20 | "Accept-Encoding":"gzip,deflate", 21 | "Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7", 22 | "Keep-Alive":"300", 23 | "Connection":"keep-alive", 24 | "Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 25 | "Pragma":"no-cache", 26 | "Cache-Control":"no-cache" 27 | }, 28 | "uri":"\/test.pl?param1= test ¶m2=test2", 29 | "method":"GET", 30 | "http_version":1.1, 31 | "body":"" 32 | }, 33 | "response":{ 34 | "headers":{ 35 | "Content-Type":"text\/xml; charset=utf-8\n\r", 36 | "Content-Length":"length\n\r" 37 | }, 38 | "body":[ 39 | "\n\r", 40 | "\n\r", 41 | " \n\r", 42 | " \n\r", 43 | " string<\/EnlightenResult>\n\r", 44 | " <\/EnlightenResponse>\n\r", 45 | " <\/soap:Body>\n\r", 46 | "<\/soap:Envelope>\n\r" 47 | ] 48 | }, 49 | "expected":{ 50 | "audit_log":"", 51 | "debug_log":"Target value: \"matched_var:PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120\" \\(Variable: TX:something\\)", 52 | "error_log":"" 53 | }, 54 | "rules":[ 55 | "SecRuleEngine On", 56 | "SecDebugLog \/tmp\/modsec_debug.log", 57 | "SecDebugLogLevel 9", 58 | "SecRule REQUEST_headers \"@contains PHPSESSID\" \"id:1,t:lowercase,t:none,setvar:TX.something=matched_var:%{matched_var}%\"", 59 | "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 60 | ] 61 | } 62 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-SERVER_NAME.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: SERVER_NAME (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET", 22 | "http_version":1.1 23 | }, 24 | "response":{ 25 | "protocol": "HTTP/1.1", 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"localhost\" \\(Variable: SERVER_NAME\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule SERVER_NAME \"^HTTP\" \"id:1,phase:5,pass,t:trim\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: SERVER_NAME (2/2)", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"200.249.12.31", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"www.zimmerle.org:4443", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*" 62 | }, 63 | "uri":"/?key=value&key=other_value", 64 | "method":"GET", 65 | "http_version":1.1 66 | }, 67 | "response":{ 68 | "protocol": "HTTP/1.1", 69 | "headers":{ 70 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 | "Content-Type":"text/html" 73 | }, 74 | "body":[ 75 | "no need." 76 | ] 77 | }, 78 | "expected":{ 79 | "debug_log":"Target value: \"www.zimmerle.org\" \\(Variable: SERVER_NAME\\)" 80 | }, 81 | "rules":[ 82 | "SecRuleEngine On", 83 | "SecDebugLog \/tmp\/modsec_debug.log", 84 | "SecDebugLogLevel 9", 85 | "SecRule SERVER_NAME \"^HTTP\" \"id:1,phase:5,pass,t:trim\"" 86 | ] 87 | } 88 | ] 89 | 90 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-TX.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: TX:0 (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "whee test 123" 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"(.*) Target value: \"123\" \\(Variable\\: TX\\:0(.*)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRequestBodyAccess On", 43 | "SecRule RESPONSE_BODY \"@rx ([0-9]+)\" \"id:1,phase:4,capture,id:105\"", 44 | "SecRule TX \"@rx ([A-z]+)\" \"phase:4,id:106\"" 45 | ] 46 | }, 47 | { 48 | "enabled":1, 49 | "version_min":300000, 50 | "title":"Testing Variables :: TX:0 (2/2)", 51 | "client":{ 52 | "ip":"200.249.12.31", 53 | "port":123 54 | }, 55 | "server":{ 56 | "ip":"200.249.12.31", 57 | "port":80 58 | }, 59 | "request":{ 60 | "headers":{ 61 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 62 | }, 63 | "uri":"/?key=value&key=other_value", 64 | "method":"GET" 65 | }, 66 | "response":{ 67 | "headers":{ 68 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 69 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 70 | "Content-Type":"text/html" 71 | }, 72 | "body":[ 73 | "no need." 74 | ] 75 | }, 76 | "expected":{ 77 | "debug_log":"Target value: \"USER_TOKEN\" \\(Variable: TX:0(.*)" 78 | }, 79 | "rules":[ 80 | "SecRuleEngine On", 81 | "SecDebugLog \/tmp\/modsec_debug.log", 82 | "SecDebugLogLevel 9", 83 | "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"", 84 | "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\"" 85 | ] 86 | } 87 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REMOTE_PORT.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REMOTE_PORT", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"123\" \\(Variable: REMOTE_PORT\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule REMOTE_PORT \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: REMOTE_PORT", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"::1", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*", 62 | "Content-Length":"27", 63 | "Content-Type":"application/x-www-form-urlencoded" 64 | }, 65 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 66 | "method":"GET" 67 | }, 68 | "response":{ 69 | "headers":{ 70 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 | "Content-Type":"text/html" 73 | }, 74 | "body":[ 75 | "no need." 76 | ] 77 | }, 78 | "expected":{ 79 | "debug_log":"Target value: \"123\" \\(Variable: REMOTE_PORT\\)" 80 | }, 81 | "rules":[ 82 | "SecRuleEngine On", 83 | "SecDebugLog \/tmp\/modsec_debug.log", 84 | "SecDebugLogLevel 9", 85 | "SecRule REMOTE_PORT \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 86 | ] 87 | } 88 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-SERVER_PORT.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: SERVER_PORT", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"80\" \\(Variable: SERVER_PORT\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule SERVER_PORT \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: SERVER_PORT", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"::1", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*", 62 | "Content-Length":"27", 63 | "Content-Type":"application/x-www-form-urlencoded" 64 | }, 65 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 66 | "method":"GET" 67 | }, 68 | "response":{ 69 | "headers":{ 70 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 | "Content-Type":"text/html" 73 | }, 74 | "body":[ 75 | "no need." 76 | ] 77 | }, 78 | "expected":{ 79 | "debug_log":"Target value: \"80\" \\(Variable: SERVER_PORT\\)" 80 | }, 81 | "rules":[ 82 | "SecRuleEngine On", 83 | "SecDebugLog \/tmp\/modsec_debug.log", 84 | "SecDebugLogLevel 9", 85 | "SecRule SERVER_PORT \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 86 | ] 87 | } 88 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-HIGHEST_SEVERITY.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: HIGHEST_SEVERITY (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"0\" \\(Variable: HIGHEST_SEVERITY\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule REMOTE_ADDR \"@contains 200.249\" \"id:1,pass,t:trim,severity:0\"", 41 | "SecRule HIGHEST_SEVERITY \"@lt 10\" \"id:2,pass,t:trim\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"Testing Variables :: HIGHEST_SEVERITY (2/2)", 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "server":{ 53 | "ip":"200.249.12.31", 54 | "port":80 55 | }, 56 | "request":{ 57 | "headers":{ 58 | "Host":"localhost", 59 | "User-Agent":"curl/7.38.0", 60 | "Accept":"*/*" 61 | }, 62 | "uri":"/?key=value&key=other_value", 63 | "method":"GET" 64 | }, 65 | "response":{ 66 | "headers":{ 67 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 68 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 69 | "Content-Type":"text/html" 70 | }, 71 | "body":[ 72 | "no need." 73 | ] 74 | }, 75 | "expected":{ 76 | "debug_log":"Target value: \"0\" \\(Variable: HIGHEST_SEVERITY\\)" 77 | }, 78 | "rules":[ 79 | "SecRuleEngine On", 80 | "SecDebugLog \/tmp\/modsec_debug.log", 81 | "SecDebugLogLevel 9", 82 | "SecRule REMOTE_ADDR \"@contains 200.249\" \"id:1,pass,t:trim,severity:EMERGENCY\"", 83 | "SecRule HIGHEST_SEVERITY \"@lt 10\" \"id:2,pass,t:trim\"" 84 | ] 85 | } 86 | ] 87 | 88 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REMOTE_ADDR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REMOTE_ADDR", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"200.249.12.31\" \\(Variable: REMOTE_ADDR\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule REMOTE_ADDR \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: REMOTE_ADDR", 49 | "client":{ 50 | "ip":"::1", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"200.249.12.31", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*", 62 | "Content-Length":"27", 63 | "Content-Type":"application/x-www-form-urlencoded" 64 | }, 65 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 66 | "method":"GET" 67 | }, 68 | "response":{ 69 | "headers":{ 70 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 | "Content-Type":"text/html" 73 | }, 74 | "body":[ 75 | "no need." 76 | ] 77 | }, 78 | "expected":{ 79 | "debug_log":"Target value: \"::1\" \\(Variable: REMOTE_ADDR\\)" 80 | }, 81 | "rules":[ 82 | "SecRuleEngine On", 83 | "SecDebugLog \/tmp\/modsec_debug.log", 84 | "SecDebugLogLevel 9", 85 | "SecRule REMOTE_ADDR \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 86 | ] 87 | } 88 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-SERVER_ADDR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: SERVER_ADDR", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"200.249.12.11\" \\(Variable: SERVER_ADDR\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule SERVER_ADDR \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: SERVER_ADDR", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"::1", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*", 62 | "Content-Length":"27", 63 | "Content-Type":"application/x-www-form-urlencoded" 64 | }, 65 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 66 | "method":"GET" 67 | }, 68 | "response":{ 69 | "headers":{ 70 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 | "Content-Type":"text/html" 73 | }, 74 | "body":[ 75 | "no need." 76 | ] 77 | }, 78 | "expected":{ 79 | "debug_log":"Target value: \"::1\" \\(Variable: SERVER_ADDR\\)" 80 | }, 81 | "rules":[ 82 | "SecRuleEngine On", 83 | "SecDebugLog \/tmp\/modsec_debug.log", 84 | "SecDebugLogLevel 9", 85 | "SecRule SERVER_ADDR \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 86 | ] 87 | } 88 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REMOTE_HOST.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REMOTE_HOST", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.11", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 23 | "method":"GET" 24 | }, 25 | "response":{ 26 | "headers":{ 27 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 | "Content-Type":"text/html" 30 | }, 31 | "body":[ 32 | "no need." 33 | ] 34 | }, 35 | "expected":{ 36 | "debug_log":"Target value: \"200.249.12.31\" \\(Variable: REMOTE_HOST\\)" 37 | }, 38 | "rules":[ 39 | "SecRuleEngine On", 40 | "SecDebugLog \/tmp\/modsec_debug.log", 41 | "SecDebugLogLevel 9", 42 | "SecRule REMOTE_HOST \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: REMOTE_HOST", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"::1", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*", 62 | "Content-Length":"27", 63 | "Content-Type":"application/x-www-form-urlencoded" 64 | }, 65 | "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 66 | "method":"GET" 67 | }, 68 | "response":{ 69 | "headers":{ 70 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 | "Content-Type":"text/html" 73 | }, 74 | "body":[ 75 | "no need." 76 | ] 77 | }, 78 | "expected":{ 79 | "debug_log":"Target value: \"200.249.12.31\" \\(Variable: REMOTE_HOST\\)" 80 | }, 81 | "rules":[ 82 | "SecRuleEngine On", 83 | "SecDebugLog \/tmp\/modsec_debug.log", 84 | "SecDebugLogLevel 9", 85 | "SecRule REMOTE_HOST \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 86 | ] 87 | } 88 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/secruleengine.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Disruptive actions (1/n)", 6 | "expected":{ 7 | "debug_log": " Running action: deny", 8 | "http_code":404 9 | }, 10 | "rules":[ 11 | "SecRuleEngine On", 12 | "SecDebugLog \/tmp\/modsec_debug.log", 13 | "SecRuleEngine On", 14 | "SecDefaultAction \"phase:2,deny,status:404\"", 15 | "SecAction \"id:'900001',phase:request,nolog,status:403,t:none\"" 16 | ] 17 | }, 18 | { 19 | "enabled":1, 20 | "version_min":300000, 21 | "title":"Testing Disruptive actions (2/n)", 22 | "expected":{ 23 | "debug_log": "Rule engine disabled, returning...", 24 | "http_code":200 25 | }, 26 | "rules":[ 27 | "SecRuleEngine On", 28 | "SecDebugLog \/tmp\/modsec_debug.log", 29 | "SecRuleEngine Off", 30 | "SecDefaultAction \"phase:2,deny,status:404\"", 31 | "SecAction \"id:'1',phase:request,nolog,t:none\"" 32 | ] 33 | }, 34 | { 35 | "enabled":1, 36 | "version_min":300000, 37 | "title":"Testing Disruptive actions (3/n)", 38 | "expected":{ 39 | "debug_log": "Not running disruptive action: block. SecRuleEngine is not On", 40 | "http_code":200 41 | }, 42 | "rules":[ 43 | "SecRuleEngine On", 44 | "SecDebugLog \/tmp\/modsec_debug.log", 45 | "SecRuleEngine DetectionOnly", 46 | "SecDefaultAction \"phase:2,deny,status:404\"", 47 | "SecAction \"id:'1',phase:request,nolog,block,t:none\"" 48 | ] 49 | }, 50 | { 51 | "enabled":1, 52 | "version_min":300000, 53 | "title":"Testing Disruptive actions (4/n)", 54 | "expected":{ 55 | "debug_log": "Rule engine disabled, returning...", 56 | "http_code":200 57 | }, 58 | "rules":[ 59 | "SecRuleEngine On", 60 | "SecDebugLog \/tmp\/modsec_debug.log", 61 | "SecRuleEngine Off", 62 | "SecDefaultAction \"phase:2,deny,status:404\"", 63 | "SecAction \"id:'1',phase:request,nolog,t:none\"" 64 | ] 65 | }, 66 | { 67 | "enabled":1, 68 | "version_min":300000, 69 | "title":"Testing Disruptive actions (5/n)", 70 | "expected":{ 71 | "debug_log": "Rule engine disabled, returning...", 72 | "http_code":200 73 | }, 74 | "rules":[ 75 | "SecRuleEngine On", 76 | "SecDebugLog \/tmp\/modsec_debug.log", 77 | "SecRuleEngine Off", 78 | "SecDefaultAction \"phase:2,deny,status:404\"", 79 | "SecAction \"id:'1',phase:request,nolog,block,t:none\"" 80 | ] 81 | } 82 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-ARGS_POST.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: ARGS_POST (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Target value: \"value1\"" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule ARGS_POST \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 46 | ] 47 | }, 48 | { 49 | "enabled":1, 50 | "version_min":300000, 51 | "title":"Testing Variables :: ARGS_POST (1/2)", 52 | "client":{ 53 | "ip":"200.249.12.31", 54 | "port":123 55 | }, 56 | "server":{ 57 | "ip":"200.249.12.31", 58 | "port":80 59 | }, 60 | "request":{ 61 | "headers":{ 62 | "Host":"localhost", 63 | "User-Agent":"curl/7.38.0", 64 | "Accept":"*/*", 65 | "Content-Length": "27", 66 | "Content-Type": "application/x-www-form-urlencoded" 67 | }, 68 | "uri":"/", 69 | "method":"POST", 70 | "body": [ 71 | "param1=value1¶m2=value2" 72 | ] 73 | }, 74 | "response":{ 75 | "headers":{ 76 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 77 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 78 | "Content-Type":"text/html" 79 | }, 80 | "body":[ 81 | "no need." 82 | ] 83 | }, 84 | "expected":{ 85 | "debug_log":"Target value: \"value2\"" 86 | }, 87 | "rules":[ 88 | "SecRuleEngine On", 89 | "SecDebugLog \/tmp\/modsec_debug.log", 90 | "SecDebugLogLevel 9", 91 | "SecRule ARGS_POST \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 92 | ] 93 | } 94 | ] 95 | 96 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MATCHED_VAR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MATCHED_VAR (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"other_value\" \\(Variable: MATCHED_VAR\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS:key \"@contains other_value\" \"chain,id:28\"", 41 | "SecRule MATCHED_VAR \"@contains asdf\" \"pass\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"Testing Variables :: MATCHED_VAR (2/2)", 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "server":{ 53 | "ip":"200.249.12.31", 54 | "port":80 55 | }, 56 | "request":{ 57 | "headers":{ 58 | "Host":"localhost", 59 | "User-Agent":"curl/7.38.0", 60 | "Accept":"*/*" 61 | }, 62 | "uri":"/?key=value&key=other_value", 63 | "method":"GET" 64 | }, 65 | "response":{ 66 | "headers":{ 67 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 68 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 69 | "Content-Type":"text/html" 70 | }, 71 | "body":[ 72 | "no need." 73 | ] 74 | }, 75 | "expected":{ 76 | "debug_log":"Target value: \"\" \\(Variable: MATCHED_VAR\\)" 77 | }, 78 | "rules":[ 79 | "SecRuleEngine On", 80 | "SecDebugLog \/tmp\/modsec_debug.log", 81 | "SecDebugLogLevel 9", 82 | "SecRule ARGS:key \"@contains other_value\" \"chain,id:28\"", 83 | "SecRule MATCHED_VAR \"@contains Aasdf\" \"pass\"", 84 | "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,pass\"", 85 | "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,pass\"" 86 | ] 87 | } 88 | ] 89 | 90 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-SESSIONID.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing SESSIONID variable (1/2)", 6 | "expected":{ 7 | "debug_log": "Target value: \"rAAAAAAA2t5uvjq435r4q7ib3vtdjq1202\"" 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "User-Agent":"My sweet little browser", 19 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "server":{ 25 | "ip":"200.249.12.31", 26 | "port":80 27 | }, 28 | "rules":[ 29 | "SecRuleEngine On", 30 | "SecDebugLog \/tmp\/modsec_debug.log", 31 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}%,nolog,pass\"", 32 | "SecRule REQUEST_HEADERS \".*\" \"id:'900021',phase:1,setvar:SESSION.score=+10\"", 33 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900068',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}2,nolog,pass\"", 34 | "SecRule REQUEST_HEADERS \".*\" \"id:'900022',phase:1,setvar:SESSION.score=+5\"", 35 | "SecRule SESSIONID \".*\" \"id:1239,phase:1,log,pass\"" 36 | ] 37 | }, 38 | { 39 | "enabled":1, 40 | "version_min":300000, 41 | "title":"Testing SESSIONID variable (2/2)", 42 | "expected":{ 43 | "debug_log": "Target value: \"whee\"" 44 | }, 45 | "client":{ 46 | "ip":"200.249.12.31", 47 | "port":123 48 | }, 49 | "request":{ 50 | "headers":{ 51 | "Host":"localhost", 52 | "User-Agent":"curl/7.38.0", 53 | "Accept":"*/*", 54 | "User-Agent":"My sweet little browser", 55 | "Cookie": "PHPSESSID=whee" 56 | }, 57 | "uri":"/?key=value&key=other_value", 58 | "method":"GET" 59 | }, 60 | "server":{ 61 | "ip":"200.249.12.31", 62 | "port":80 63 | }, 64 | "rules":[ 65 | "SecRuleEngine On", 66 | "SecDebugLog \/tmp\/modsec_debug.log", 67 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setsid:%{REQUEST_COOKIES:PHPSESSID}%,nolog,pass\"", 68 | "SecRule REQUEST_HEADERS \".*\" \"id:'900021',phase:1,setvar:SESSION.score=+10\"", 69 | "SecRule SESSIONID \".*\" \"id:1239,phase:1,log,pass\"" 70 | ] 71 | } 72 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/request-body-parser-json.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing JSON request body parser 1/1", 6 | "expected":{ 7 | "debug_log": "Target value: \"bar\" \\(Variable: ARGS:foo\\)" 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 19 | "Content-Type": "application/json" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"POST", 23 | "body": [ 24 | "{", 25 | " \"foo\":\"bar\",", 26 | " \"mod\":\"sec\"", 27 | "}" 28 | ] 29 | }, 30 | "server":{ 31 | "ip":"200.249.12.31", 32 | "port":80 33 | }, 34 | "rules":[ 35 | "SecRuleEngine On", 36 | "SecRequestBodyAccess On", 37 | "SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON\"", 38 | "SecRule ARGS:foo \"bar\" \"id:'200441',phase:3,log\"" 39 | ] 40 | }, 41 | { 42 | "enabled":1, 43 | "version_min":300000, 44 | "title":"Testing JSON request body parser 1/1", 45 | "expected":{ 46 | "debug_log": "Target value: \"bar\" \\(Variable: ARGS:first_level.first_key\\)" 47 | }, 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "request":{ 53 | "headers":{ 54 | "Host":"localhost", 55 | "User-Agent":"curl/7.38.0", 56 | "Accept":"*/*", 57 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 58 | "Content-Type": "application/json" 59 | }, 60 | "uri":"/?key=value&key=other_value", 61 | "method":"POST", 62 | "body": [ 63 | "{", 64 | "\"first_level\":", 65 | "{", 66 | " \"first_key\":\"bar\",", 67 | " \"second_key\":\"sec\"", 68 | "}", 69 | "}" 70 | ] 71 | }, 72 | "server":{ 73 | "ip":"200.249.12.31", 74 | "port":80 75 | }, 76 | "rules":[ 77 | "SecRuleEngine On", 78 | "SecRequestBodyAccess On", 79 | "SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON\"", 80 | "SecRule ARGS \"bar\" \"id:'200441',phase:3,log\"" 81 | ] 82 | } 83 | ] 84 | 85 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-ARGS_POST_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: ARGS_POST_NAMES (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Target value: \"param1 param2\"" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule ARGS_POST_NAMES \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 46 | ] 47 | }, 48 | { 49 | "enabled":1, 50 | "version_min":300000, 51 | "title":"Testing Variables :: ARGS_POST_NAMES (2/2)", 52 | "client":{ 53 | "ip":"200.249.12.31", 54 | "port":123 55 | }, 56 | "server":{ 57 | "ip":"200.249.12.31", 58 | "port":80 59 | }, 60 | "request":{ 61 | "headers":{ 62 | "Host":"localhost", 63 | "User-Agent":"curl/7.38.0", 64 | "Accept":"*/*", 65 | "Content-Length": "27", 66 | "Content-Type": "application/x-www-form-urlencoded" 67 | }, 68 | "uri":"/", 69 | "method":"POST", 70 | "body": [ 71 | "param1=value1¶m2=value2" 72 | ] 73 | }, 74 | "response":{ 75 | "headers":{ 76 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 77 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 78 | "Content-Type":"text/html" 79 | }, 80 | "body":[ 81 | "no need." 82 | ] 83 | }, 84 | "expected":{ 85 | "debug_log":"Target value: \"param1 param2\"" 86 | }, 87 | "rules":[ 88 | "SecRuleEngine On", 89 | "SecDebugLog \/tmp\/modsec_debug.log", 90 | "SecDebugLogLevel 9", 91 | "SecRule ARGS_POST_NAMES \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 92 | ] 93 | } 94 | ] 95 | 96 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MATCHED_VARS.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MATCHED_VARS (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?keyI=value&keyII=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"value\" \\(Variable: MATCHED_VARS:ARGS:keyI\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"", 41 | "SecRule ARGS:keyII \"@contains other_value\" \"chain\"", 42 | "SecRule MATCHED_VARS \"@contains asdf\" \"pass\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: MATCHED_VARS (2/2)", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"200.249.12.31", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*" 62 | }, 63 | "uri":"/?keyI=value&keyII=other_value", 64 | "method":"GET" 65 | }, 66 | "response":{ 67 | "headers":{ 68 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 69 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 70 | "Content-Type":"text/html" 71 | }, 72 | "body":[ 73 | "no need." 74 | ] 75 | }, 76 | "expected":{ 77 | "debug_log":"Target value: \"value\" \\(Variable: MATCHED_VARS:ARGS:keyI\\)" 78 | }, 79 | "rules":[ 80 | "SecRuleEngine On", 81 | "SecDebugLog \/tmp\/modsec_debug.log", 82 | "SecDebugLogLevel 9", 83 | "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"", 84 | "SecRule ARGS:keyII \"@contains other_value\" \"chain\"", 85 | "SecRule MATCHED_VARS \"@contains asdf\" \"pass\"", 86 | "SecRule MATCHED_VARS \"@contains value\" \"id:29\"" 87 | ] 88 | } 89 | ] 90 | 91 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/config-calling_phases_by_name.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MATCHED_VAR (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"other_value\" \\(Variable: MATCHED_VAR\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS:key \"@contains other_value\" \"id:1,phase:request,chain\"", 41 | "SecRule MATCHED_VAR \"@contains asdf\" \"phase:request,pass\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"Testing Variables :: MATCHED_VAR (2/2)", 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "server":{ 53 | "ip":"200.249.12.31", 54 | "port":80 55 | }, 56 | "request":{ 57 | "headers":{ 58 | "Host":"localhost", 59 | "User-Agent":"curl/7.38.0", 60 | "Accept":"*/*" 61 | }, 62 | "uri":"/?key=value&key=other_value", 63 | "method":"GET" 64 | }, 65 | "response":{ 66 | "headers":{ 67 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 68 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 69 | "Content-Type":"text/html" 70 | }, 71 | "body":[ 72 | "no need." 73 | ] 74 | }, 75 | "expected":{ 76 | "debug_log":"Target value: \"\" \\(Variable: MATCHED_VAR\\)" 77 | }, 78 | "rules":[ 79 | "SecRuleEngine On", 80 | "SecDebugLog \/tmp\/modsec_debug.log", 81 | "SecDebugLogLevel 9", 82 | "SecRule ARGS:key \"@contains other_value\" \"chain,phase:response,id:28\"", 83 | "SecRule MATCHED_VAR \"@contains Aasdf\" \"pass\"", 84 | "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,phase:response,pass\"", 85 | "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,phase:response,pass\"" 86 | ] 87 | } 88 | ] 89 | 90 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MATCHED_VAR_NAME.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MATCHED_VAR_NAME (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?keyI=value&keyII=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"ARGS:keyII\" \\(Variable: MATCHED_VAR_NAME\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"", 41 | "SecRule ARGS:keyII \"@contains other_value\" \"chain\"", 42 | "SecRule MATCHED_VAR_NAME \"@contains asdf\" \"pass\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: MATCHED_VAR_NAME (2/2)", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"200.249.12.31", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*" 62 | }, 63 | "uri":"/?keyI=value&keyII=other_value", 64 | "method":"GET" 65 | }, 66 | "response":{ 67 | "headers":{ 68 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 69 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 70 | "Content-Type":"text/html" 71 | }, 72 | "body":[ 73 | "no need." 74 | ] 75 | }, 76 | "expected":{ 77 | "debug_log":" Target value: \"ARGS:keyII\" \\(Variable: MATCHED_VAR_NAME\\)" 78 | }, 79 | "rules":[ 80 | "SecRuleEngine On", 81 | "SecDebugLog \/tmp\/modsec_debug.log", 82 | "SecDebugLogLevel 9", 83 | "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"", 84 | "SecRule ARGS:keyII \"@contains other_value\" \"chain\"", 85 | "SecRule MATCHED_VAR_NAME \"@contains asdf\" \"pass\"", 86 | "SecRule MATCHED_VAR_NAME \"@contains value\" \"id:29\"" 87 | ] 88 | } 89 | ] 90 | 91 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-AUTH_TYPE.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: AUTH_TYPE", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded", 21 | "Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body": [ 26 | "param1=value1¶m2=value2" 27 | ] 28 | }, 29 | "response":{ 30 | "headers":{ 31 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 32 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 33 | "Content-Type":"text/html" 34 | }, 35 | "body":[ 36 | "no need." 37 | ] 38 | }, 39 | "expected":{ 40 | "debug_log":"Target value: \"Basic\"" 41 | }, 42 | "rules":[ 43 | "SecRuleEngine On", 44 | "SecDebugLog \/tmp\/modsec_debug.log", 45 | "SecDebugLogLevel 9", 46 | "SecRule AUTH_TYPE \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 47 | ] 48 | }, 49 | { 50 | "enabled":1, 51 | "version_min":300000, 52 | "title":"Testing Variables :: AUTH_TYPE", 53 | "client":{ 54 | "ip":"200.249.12.31", 55 | "port":123 56 | }, 57 | "server":{ 58 | "ip":"200.249.12.31", 59 | "port":80 60 | }, 61 | "request":{ 62 | "headers":{ 63 | "Host":"localhost", 64 | "User-Agent":"curl/7.38.0", 65 | "Accept":"*/*", 66 | "Content-Length": "27", 67 | "Content-Type": "application/x-www-form-urlencoded", 68 | "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 69 | }, 70 | "uri":"/", 71 | "method":"POST", 72 | "body": [ 73 | "param1=value1¶m2=value2" 74 | ] 75 | }, 76 | "response":{ 77 | "headers":{ 78 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 79 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 80 | "Content-Type":"text/html" 81 | }, 82 | "body":[ 83 | "no need." 84 | ] 85 | }, 86 | "expected":{ 87 | "debug_log":"Target value: \"Basic\"" 88 | }, 89 | "rules":[ 90 | "SecRuleEngine On", 91 | "SecDebugLog \/tmp\/modsec_debug.log", 92 | "SecDebugLogLevel 9", 93 | "SecRule AUTH_TYPE \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 94 | ] 95 | } 96 | ] 97 | 98 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MATCHED_VARS_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MATCHED_VARS_NAMES (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?keyI=value&keyII=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"ARGS:keyII\" \\(Variable: MATCHED_VARS_NAMES:ARGS:keyII\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"", 41 | "SecRule ARGS:keyII \"@contains other_value\" \"chain\"", 42 | "SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"pass\"" 43 | ] 44 | }, 45 | { 46 | "enabled":1, 47 | "version_min":300000, 48 | "title":"Testing Variables :: MATCHED_VARS_NAMES (2/2)", 49 | "client":{ 50 | "ip":"200.249.12.31", 51 | "port":123 52 | }, 53 | "server":{ 54 | "ip":"200.249.12.31", 55 | "port":80 56 | }, 57 | "request":{ 58 | "headers":{ 59 | "Host":"localhost", 60 | "User-Agent":"curl/7.38.0", 61 | "Accept":"*/*" 62 | }, 63 | "uri":"/?keyI=value&keyII=other_value", 64 | "method":"GET" 65 | }, 66 | "response":{ 67 | "headers":{ 68 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 69 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 70 | "Content-Type":"text/html" 71 | }, 72 | "body":[ 73 | "no need." 74 | ] 75 | }, 76 | "expected":{ 77 | "debug_log":"Target value: \"ARGS:keyI\" \\(Variable: MATCHED_VARS_NAMES:ARGS:keyI\\)" 78 | }, 79 | "rules":[ 80 | "SecRuleEngine On", 81 | "SecDebugLog \/tmp\/modsec_debug.log", 82 | "SecDebugLogLevel 9", 83 | "SecRule ARGS:keyI \"@contains value\" \"chain,id:28\"", 84 | "SecRule ARGS:keyII \"@contains other_value\" \"chain\"", 85 | "SecRule MATCHED_VARS_NAMES \"@contains asdf\" \"pass\"", 86 | "SecRule MATCHED_VARS_NAMES \"@contains value\" \"id:29\"" 87 | ] 88 | } 89 | ] 90 | 91 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-STATUS.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: STATUS (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"GET", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Target value: \"200\" \\(Variable: STATUS\\)" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule STATUS \"@contains test\" \"id:1,phase:5,rev:1.3,pass,t:trim\"" 46 | ] 47 | }, 48 | { 49 | "enabled":1, 50 | "version_min":300000, 51 | "title":"Testing Variables :: STATUS (2/2)", 52 | "client":{ 53 | "ip":"200.249.12.31", 54 | "port":123 55 | }, 56 | "server":{ 57 | "ip":"200.249.12.31", 58 | "port":80 59 | }, 60 | "request":{ 61 | "headers":{ 62 | "Host":"localhost", 63 | "User-Agent":"curl/7.38.0", 64 | "Accept":"*/*", 65 | "Content-Length": "27", 66 | "Content-Type": "application/x-www-form-urlencoded" 67 | }, 68 | "uri":"/", 69 | "method":"GET", 70 | "body": [ 71 | "param1=value1¶m2=value2" 72 | ] 73 | }, 74 | "response":{ 75 | "headers":{ 76 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 77 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 78 | "Content-Type":"text/html" 79 | }, 80 | "body":[ 81 | "no need." 82 | ] 83 | }, 84 | "expected":{ 85 | "debug_log":"Target value: \"500\" \\(Variable: STATUS\\)", 86 | "http_code": 500 87 | }, 88 | "rules":[ 89 | "SecRuleEngine On", 90 | "SecDebugLog \/tmp\/modsec_debug.log", 91 | "SecDebugLogLevel 9", 92 | "SecRule ARGS \"@pm value\" \"id:1,phase:2,t:trim,status:500,deny\"", 93 | "SecRule STATUS \"@contains test\" \"id:2,phase:5,rev:1.3,pass,t:trim\"" 94 | ] 95 | } 96 | ] 97 | 98 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-allow.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing allow action 1/3", 6 | "expected":{ 7 | "debug_log": "Skipped rule id '500066' as request trough the utilization of an `allow' action", 8 | "http_code": 200 9 | }, 10 | "client":{ 11 | "ip":"200.249.12.31", 12 | "port":123 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "User-Agent":"My sweet little browser", 20 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 21 | }, 22 | "uri":"/?key=value&key=other_value", 23 | "method":"GET" 24 | }, 25 | "server":{ 26 | "ip":"200.249.12.31", 27 | "port":80 28 | }, 29 | "rules":[ 30 | "SecRuleEngine On", 31 | "SecAction \"phase:1,allow,msg:'ALLOWED',id:500065\"", 32 | "SecAction \"phase:1,deny,msg:'DENIED',id:500066\"" 33 | ] 34 | }, 35 | { 36 | "enabled":1, 37 | "version_min":300000, 38 | "title":"Testing allow action 1/3", 39 | "expected":{ 40 | "debug_log": "", 41 | "http_code": 500 42 | }, 43 | "client":{ 44 | "ip":"200.249.12.31", 45 | "port":123 46 | }, 47 | "request":{ 48 | "headers":{ 49 | "Host":"localhost", 50 | "User-Agent":"curl/7.38.0", 51 | "Accept":"*/*", 52 | "User-Agent":"My sweet little browser", 53 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 54 | }, 55 | "uri":"/?key=value&key=other_value", 56 | "method":"GET" 57 | }, 58 | "server":{ 59 | "ip":"200.249.12.31", 60 | "port":80 61 | }, 62 | "rules":[ 63 | "SecRuleEngine On", 64 | "SecAction \"phase:1,allow:request,msg:'ALLOWED',id:500065\"", 65 | "SecRule ARGS \"@contains value\" \"id:1,t:trim,status:500,deny,phase:3\"" 66 | ] 67 | }, 68 | { 69 | "enabled":1, 70 | "version_min":300000, 71 | "title":"Testing allow action 1/3", 72 | "expected":{ 73 | "debug_log": "", 74 | "http_code": 500 75 | }, 76 | "client":{ 77 | "ip":"200.249.12.31", 78 | "port":123 79 | }, 80 | "request":{ 81 | "headers":{ 82 | "Host":"localhost", 83 | "User-Agent":"curl/7.38.0", 84 | "Accept":"*/*", 85 | "User-Agent":"My sweet little browser", 86 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 87 | }, 88 | "uri":"/?key=value&key=other_value", 89 | "method":"GET" 90 | }, 91 | "server":{ 92 | "ip":"200.249.12.31", 93 | "port":80 94 | }, 95 | "rules":[ 96 | "SecRuleEngine On", 97 | "SecAction \"phase:1,allow:phase,msg:'ALLOWED',id:500065\"", 98 | "SecRule ARGS \"@contains value\" \"id:1,t:trim,status:500,deny,phase:3\"" 99 | ] 100 | } 101 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/config-secremoterules.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Include remote rules", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Executing operator \"@pmfromfile\" with param \"https://www.modsecurity.org/modsecurity-regression-test.txt\" against REQUEST_FILENAME" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRemoteRules key https://www.modsecurity.org/modsecurity-regression-test-secremoterules.txt", 41 | "SecRule ARGS \"@contains somethingelse\" \"id:9,pass,t:trim\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"Include remote rules - failed download (Abort)", 48 | "expected":{ 49 | "parser_error": "Failed to download: HTTP response code said error" 50 | }, 51 | "rules":[ 52 | "SecRuleEngine On", 53 | "SecDebugLog \/tmp\/modsec_debug.log", 54 | "SecDebugLogLevel 9", 55 | "SecRemoteRulesFailAction Abort", 56 | "SecRemoteRules key https://www.modsecurity.org/modsecurity-regression-test-secremoterules-bonga.txt" 57 | ] 58 | }, 59 | { 60 | "enabled":1, 61 | "version_min":300000, 62 | "title":"Include remote rules - failed download (Warn)", 63 | "client":{ 64 | "ip":"200.249.12.31", 65 | "port":123 66 | }, 67 | "server":{ 68 | "ip":"200.249.12.31", 69 | "port":80 70 | }, 71 | "request":{ 72 | "headers":{ 73 | "Host":"localhost", 74 | "User-Agent":"curl/7.38.0", 75 | "Accept":"*/*" 76 | }, 77 | "uri":"/?key=value&key=other_value", 78 | "method":"GET" 79 | }, 80 | "response":{ 81 | "headers":{ 82 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 83 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 84 | "Content-Type":"text/html" 85 | }, 86 | "body":[ 87 | "no need." 88 | ] 89 | }, 90 | "expected":{ 91 | "debug_log":"Executing operator \"@contains\" with param \"somethingelse\" against ARGS." 92 | }, 93 | "rules":[ 94 | "SecRuleEngine On", 95 | "SecDebugLog \/tmp\/modsec_debug.log", 96 | "SecDebugLogLevel 9", 97 | "SecRemoteRulesFailAction Warn", 98 | "SecRemoteRules key https://www.modsecurity.org/modsecurity-regression-test-secremoterules-bonga.txt", 99 | "SecRule ARGS \"@contains somethingelse\" \"id:9,pass,t:trim\"" 100 | ] 101 | } 102 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-INBOUND_DATA_ERROR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: INBOUND_DATA_ERROR (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"0\" \\(Variable: INBOUND_DATA_ERROR\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule INBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:3,pass,t:trim\"" 41 | ] 42 | }, 43 | { 44 | "enabled":1, 45 | "version_min":300000, 46 | "title":"Testing Variables :: INBOUND_DATA_ERROR (1/1)", 47 | "client":{ 48 | "ip":"200.249.12.31", 49 | "port":123 50 | }, 51 | "server":{ 52 | "ip":"200.249.12.31", 53 | "port":80 54 | }, 55 | "request":{ 56 | "headers":{ 57 | "Host":"localhost", 58 | "User-Agent":"curl/7.38.0", 59 | "Accept":"*/*", 60 | "Content-Length":"330", 61 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 62 | "Expect":"100-continue" 63 | }, 64 | "uri":"/", 65 | "method":"POST", 66 | "body":[ 67 | "--------------------------756b6d74fa1a8ee2", 68 | "Content-Disposition: form-data; name=\"name\"", 69 | "", 70 | "test", 71 | "--------------------------756b6d74fa1a8ee2", 72 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 73 | "Content-Type: text/plain", 74 | "", 75 | "This is a very small test file..", 76 | "--------------------------756b6d74fa1a8ee2", 77 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 78 | "Content-Type: text/plain", 79 | "", 80 | "This is another very small test file..", 81 | "--------------------------756b6d74fa1a8ee2--" 82 | ] 83 | }, 84 | "response":{ 85 | "headers":{ 86 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 87 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 88 | "Content-Type":"text/html" 89 | }, 90 | "body":[ 91 | "no need." 92 | ] 93 | }, 94 | "expected":{ 95 | "debug_log":"Target value: \"1\" \\(Variable: INBOUND_DATA_ERROR\\)" 96 | }, 97 | "rules":[ 98 | "SecRuleEngine On", 99 | "SecDebugLog \/tmp\/modsec_debug.log", 100 | "SecRequestBodyLimit 2", 101 | "SecDebugLogLevel 9", 102 | "SecRule INBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:3,pass,t:trim\"" 103 | ] 104 | } 105 | ] 106 | 107 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-ARGS_GET.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: ARGS_GET (1/3)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"other_value\"" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule ARGS_GET \"@contains test \" \"id:1,pass,t:trim\"" 41 | ] 42 | }, 43 | { 44 | "enabled":1, 45 | "version_min":300000, 46 | "title":"Testing Variables :: ARGS_GET (2/3)", 47 | "client":{ 48 | "ip":"200.249.12.31", 49 | "port":123 50 | }, 51 | "server":{ 52 | "ip":"200.249.12.31", 53 | "port":80 54 | }, 55 | "request":{ 56 | "headers":{ 57 | "Host":"localhost", 58 | "User-Agent":"curl/7.38.0", 59 | "Accept":"*/*" 60 | }, 61 | "uri":"/?key=value&key=other_value", 62 | "method":"GET" 63 | }, 64 | "response":{ 65 | "headers":{ 66 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 67 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 68 | "Content-Type":"text/html" 69 | }, 70 | "body":[ 71 | "no need." 72 | ] 73 | }, 74 | "expected":{ 75 | "debug_log":"Target value: \"value\"" 76 | }, 77 | "rules":[ 78 | "SecRuleEngine On", 79 | "SecDebugLog \/tmp\/modsec_debug.log", 80 | "SecDebugLogLevel 9", 81 | "SecRule ARGS_GET \"@contains test \" \"id:1,pass,t:trim\"" 82 | ] 83 | }, 84 | { 85 | "enabled":1, 86 | "version_min":300000, 87 | "title":"Testing Variables :: ARGS_GET (3/3)", 88 | "client":{ 89 | "ip":"200.249.12.31", 90 | "port":123 91 | }, 92 | "server":{ 93 | "ip":"200.249.12.31", 94 | "port":80 95 | }, 96 | "request":{ 97 | "headers":{ 98 | "Host":"localhost", 99 | "User-Agent":"curl/7.38.0", 100 | "Accept":"*/*" 101 | }, 102 | "uri":"/?key=value&key=other_value%26withsomestuff=tootherstuff", 103 | "method":"GET" 104 | }, 105 | "response":{ 106 | "headers":{ 107 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 108 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 109 | "Content-Type":"text/html" 110 | }, 111 | "body":[ 112 | "no need." 113 | ] 114 | }, 115 | "expected":{ 116 | "debug_log":"Target value: \"other_value&withsomestuff=tootherstuff\"" 117 | }, 118 | "rules":[ 119 | "SecRuleEngine On", 120 | "SecDebugLog \/tmp\/modsec_debug.log", 121 | "SecDebugLogLevel 9", 122 | "SecRule ARGS_GET \"@contains test \" \"id:1,pass,t:trim\"" 123 | ] 124 | } 125 | ] 126 | 127 | -------------------------------------------------------------------------------- /modsecurity/modsecurity.i: -------------------------------------------------------------------------------- 1 | /* 2 | * ModSecurity, http://www.modsecurity.org/ 3 | * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) 4 | * 5 | * You may not use this file except in compliance with 6 | * the License. You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * If any of the files related to licensing are missing or if you have any 11 | * other questions related to licensing please contact Trustwave Holdings, Inc. 12 | * directly using the email address security@modsecurity.org. 13 | * 14 | * Author: Felipe "Zimmerle" Costa 15 | * 16 | */ 17 | 18 | %module modsecurity 19 | 20 | %include 21 | %include "std/std_sstream.i" 22 | %include 23 | %include 24 | /* 25 | Multimap not supported as of now. 26 | TODO: Make it compatible 27 | %include "std/std_multimap.i" 28 | */ 29 | 30 | %include "attribute.i" 31 | %include "carrays.i" 32 | %include "typemaps.i" 33 | %include "customTypemaps.i" 34 | 35 | #%ignore RulesProperties::parserError; 36 | 37 | %{ 38 | #include "modsecurity/intervention.h" 39 | #include "modsecurity/collection/variable.h" 40 | #include "modsecurity/collection/collection.h" 41 | #include "modsecurity/collection/collections.h" 42 | #include "modsecurity/transaction.h" 43 | #include "modsecurity/debug_log.h" 44 | #include "modsecurity/modsecurity.h" 45 | #include "modsecurity/rules_properties.h" 46 | #include "modsecurity/rules.h" 47 | #include "modsecurity/rule.h" 48 | #include "modsecurity/anchored_set_variable.h" 49 | #include "modsecurity/anchored_variable.h" 50 | #include "modsecurity/audit_log.h" 51 | #include "modsecurity/rule_message.h" 52 | #include "modsecurity/rules_exceptions.h" 53 | #include "modsecurity/rules_properties.h" 54 | #include "modsecurity/variable_origin.h" 55 | #include "modsecurity/actions/action.h" 56 | 57 | using std::basic_string; 58 | %} 59 | 60 | 61 | %rename(_del) modsecurity::collection::Variables::del(const std::string& key); 62 | %rename(_del) modsecurity::collection::Collections::del(const std::string& key); 63 | 64 | %immutable modsecurity::ModSecurityIntervention_t::url; 65 | %immutable modsecurity::ModSecurityIntervention_t::log; 66 | 67 | %immutable modsecurity::Transaction::m_clientIpAddress; 68 | %immutable modsecurity::Transaction::m_httpVersion; 69 | %immutable modsecurity::Transaction::m_method; 70 | %immutable modsecurity::Transaction::m_serverIpAddress; 71 | %immutable modsecurity::Transaction::m_uri; 72 | 73 | %ignore modsecurity::RulesProperties::parserError const; 74 | %ignore modsecurity::Transaction::m_requestBody; 75 | %ignore modsecurity::Transaction::m_responseBody; 76 | 77 | %include "modsecurity/intervention.h" 78 | %include "modsecurity/collection/variable.h" 79 | %include "modsecurity/collection/collection.h" 80 | %include "modsecurity/collection/collections.h" 81 | %include "modsecurity/transaction.h" 82 | %include "modsecurity/debug_log.h" 83 | %include "modsecurity/modsecurity.h" 84 | %include "modsecurity/rules_properties.h" 85 | %include "modsecurity/rules.h" 86 | %include "modsecurity/rule.h" 87 | %include "modsecurity/anchored_set_variable.h" 88 | %include "modsecurity/anchored_variable.h" 89 | %include "modsecurity/audit_log.h" 90 | %include "modsecurity/rule_message.h" 91 | %include "modsecurity/rules_exceptions.h" 92 | %include "modsecurity/rules_properties.h" 93 | %include "modsecurity/actions/action.h" 94 | 95 | %template(RuleVector) std::vector; 96 | %template(VectorOfRuleVector) std::vector >; 97 | %template(StringVector) std::vector; 98 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/config-remove_by_id.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"SecRuleRemoveById (1/3)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Skipped rule id '2'. Removed by an SecRuleRemove directive." 35 | }, 36 | "rules":[ 37 | "SecRuleRemoveById 2", 38 | "SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"", 39 | "SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"", 40 | "SecRule ARGS \"@contains test\" \"id:3,pass,t:trim\"" 41 | ] 42 | }, 43 | { 44 | "enabled":1, 45 | "version_min":300000, 46 | "title":"SecRuleRemoveById (2/3)", 47 | "client":{ 48 | "ip":"200.249.12.31", 49 | "port":123 50 | }, 51 | "server":{ 52 | "ip":"200.249.12.31", 53 | "port":80 54 | }, 55 | "request":{ 56 | "headers":{ 57 | "Host":"localhost", 58 | "User-Agent":"curl/7.38.0", 59 | "Accept":"*/*" 60 | }, 61 | "uri":"/?key=value&key=other_value", 62 | "method":"GET" 63 | }, 64 | "response":{ 65 | "headers":{ 66 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 67 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 68 | "Content-Type":"text/html" 69 | }, 70 | "body":[ 71 | "no need." 72 | ] 73 | }, 74 | "expected":{ 75 | "debug_log":"Skipped rule id '2'. Removed by an SecRuleRemove directive." 76 | }, 77 | "rules":[ 78 | "SecRuleRemoveById 1-3", 79 | "SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"", 80 | "SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"", 81 | "SecRule ARGS \"@contains test\" \"id:3,pass,t:trim\"" 82 | ] 83 | }, 84 | { 85 | "enabled":1, 86 | "version_min":300000, 87 | "title":"SecRuleRemoveById (3/3)", 88 | "client":{ 89 | "ip":"200.249.12.31", 90 | "port":123 91 | }, 92 | "server":{ 93 | "ip":"200.249.12.31", 94 | "port":80 95 | }, 96 | "request":{ 97 | "headers":{ 98 | "Host":"localhost", 99 | "User-Agent":"curl/7.38.0", 100 | "Accept":"*/*" 101 | }, 102 | "uri":"/?key=value&key=other_value", 103 | "method":"GET" 104 | }, 105 | "response":{ 106 | "headers":{ 107 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 108 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 109 | "Content-Type":"text/html" 110 | }, 111 | "body":[ 112 | "no need." 113 | ] 114 | }, 115 | "expected":{ 116 | "debug_log":"Skipped rule id '2'. Removed by an SecRuleRemove directive." 117 | }, 118 | "rules":[ 119 | "SecRuleRemoveById 1 2-3", 120 | "SecRule ARGS \"@contains test\" \"id:1,pass,t:trim\"", 121 | "SecRule ARGS \"@contains test\" \"id:2,pass,t:trim\"", 122 | "SecRule ARGS \"@contains test\" \"id:3,pass,t:trim\"" 123 | ] 124 | } 125 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_COOKIES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_COOKIES (1/3)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"Yes\" \\(Variable: REQUEST_COOKIES:USER_TOKEN\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_COOKIES \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"Testing Variables :: REQUEST_COOKIES (2/3)", 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "server":{ 53 | "ip":"200.249.12.31", 54 | "port":80 55 | }, 56 | "request":{ 57 | "headers":{ 58 | "Host":"localhost", 59 | "User-Agent":"curl/7.38.0", 60 | "Accept":"*/*", 61 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 62 | }, 63 | "uri":"/?key=value&key=other_value", 64 | "method":"GET" 65 | }, 66 | "response":{ 67 | "headers":{ 68 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 69 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 70 | "Content-Type":"text/html" 71 | }, 72 | "body":[ 73 | "no need." 74 | ] 75 | }, 76 | "expected":{ 77 | "debug_log":"Target value: \"z\" \\(Variable: REQUEST_COOKIES:a\\)" 78 | }, 79 | "rules":[ 80 | "SecRuleEngine On", 81 | "SecDebugLog \/tmp\/modsec_debug.log", 82 | "SecDebugLogLevel 9", 83 | "SecRule REQUEST_COOKIES \"@contains test \" \"id:1,pass,t:trim\"" 84 | ] 85 | }, 86 | { 87 | "enabled":1, 88 | "version_min":300000, 89 | "title":"Testing Variables :: REQUEST_COOKIES (3/3)", 90 | "client":{ 91 | "ip":"200.249.12.31", 92 | "port":123 93 | }, 94 | "server":{ 95 | "ip":"200.249.12.31", 96 | "port":80 97 | }, 98 | "request":{ 99 | "headers":{ 100 | "Host":"localhost", 101 | "User-Agent":"curl/7.38.0", 102 | "Accept":"*/*", 103 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 104 | }, 105 | "uri":"/?key=value&key=other_value", 106 | "method":"GET" 107 | }, 108 | "response":{ 109 | "headers":{ 110 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 111 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 112 | "Content-Type":"text/html" 113 | }, 114 | "body":[ 115 | "no need." 116 | ] 117 | }, 118 | "expected":{ 119 | "debug_log":"Target value: \"b\" \\(Variable: REQUEST_COOKIES:t\\)" 120 | }, 121 | "rules":[ 122 | "SecRuleEngine On", 123 | "SecDebugLog \/tmp\/modsec_debug.log", 124 | "SecDebugLogLevel 9", 125 | "SecRule REQUEST_COOKIES \"@contains test \" \"id:1,pass,t:trim\"" 126 | ] 127 | } 128 | ] 129 | 130 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-REQUEST_COOKIES_NAMES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: REQUEST_COOKIES_NAMES (1/3)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "response":{ 25 | "headers":{ 26 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 27 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 28 | "Content-Type":"text/html" 29 | }, 30 | "body":[ 31 | "no need." 32 | ] 33 | }, 34 | "expected":{ 35 | "debug_log":"Target value: \"USER_TOKEN\" \\(Variable: REQUEST_COOKIES_NAMES:USER_TOKEN\\)" 36 | }, 37 | "rules":[ 38 | "SecRuleEngine On", 39 | "SecDebugLog \/tmp\/modsec_debug.log", 40 | "SecDebugLogLevel 9", 41 | "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"id:1,pass,t:trim\"" 42 | ] 43 | }, 44 | { 45 | "enabled":1, 46 | "version_min":300000, 47 | "title":"Testing Variables :: REQUEST_COOKIES_NAMES (2/3)", 48 | "client":{ 49 | "ip":"200.249.12.31", 50 | "port":123 51 | }, 52 | "server":{ 53 | "ip":"200.249.12.31", 54 | "port":80 55 | }, 56 | "request":{ 57 | "headers":{ 58 | "Host":"localhost", 59 | "User-Agent":"curl/7.38.0", 60 | "Accept":"*/*", 61 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 62 | }, 63 | "uri":"/?key=value&key=other_value", 64 | "method":"GET" 65 | }, 66 | "response":{ 67 | "headers":{ 68 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 69 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 70 | "Content-Type":"text/html" 71 | }, 72 | "body":[ 73 | "no need." 74 | ] 75 | }, 76 | "expected":{ 77 | "debug_log":"Target value: \"a\" \\(Variable: REQUEST_COOKIES_NAMES:a\\)" 78 | }, 79 | "rules":[ 80 | "SecRuleEngine On", 81 | "SecDebugLog \/tmp\/modsec_debug.log", 82 | "SecDebugLogLevel 9", 83 | "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"id:1,pass,t:trim\"" 84 | ] 85 | }, 86 | { 87 | "enabled":1, 88 | "version_min":300000, 89 | "title":"Testing Variables :: REQUEST_COOKIES_NAMES (3/3)", 90 | "client":{ 91 | "ip":"200.249.12.31", 92 | "port":123 93 | }, 94 | "server":{ 95 | "ip":"200.249.12.31", 96 | "port":80 97 | }, 98 | "request":{ 99 | "headers":{ 100 | "Host":"localhost", 101 | "User-Agent":"curl/7.38.0", 102 | "Accept":"*/*", 103 | "Cookie":"USER_TOKEN=Yes; a=z; t=b" 104 | }, 105 | "uri":"/?key=value&key=other_value", 106 | "method":"GET" 107 | }, 108 | "response":{ 109 | "headers":{ 110 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 111 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 112 | "Content-Type":"text/html" 113 | }, 114 | "body":[ 115 | "no need." 116 | ] 117 | }, 118 | "expected":{ 119 | "debug_log":"Target value: \"t\" \\(Variable: REQUEST_COOKIES_NAMES:t\\)" 120 | }, 121 | "rules":[ 122 | "SecRuleEngine On", 123 | "SecDebugLog \/tmp\/modsec_debug.log", 124 | "SecDebugLogLevel 9", 125 | "SecRule REQUEST_COOKIES_NAMES \"@contains test \" \"id:1,pass,t:trim\"" 126 | ] 127 | } 128 | ] 129 | 130 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-skip.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing skip action 1/3", 6 | "expected":{ 7 | "debug_log": "\\[9\\] Skipped rule id \\'2\\' due to a \\`skip\\' action." 8 | }, 9 | "client":{ 10 | "ip":"200.249.12.31", 11 | "port":123 12 | }, 13 | "request":{ 14 | "headers":{ 15 | "Host":"localhost", 16 | "User-Agent":"curl/7.38.0", 17 | "Accept":"*/*", 18 | "User-Agent":"My sweet little browser", 19 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 20 | }, 21 | "uri":"/?key=value&key=other_value", 22 | "method":"GET" 23 | }, 24 | "server":{ 25 | "ip":"200.249.12.31", 26 | "port":80 27 | }, 28 | "rules":[ 29 | "SecRuleEngine On", 30 | "SecDebugLog \/tmp\/modsec_debug.log", 31 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'1',phase:1,skip:1\"", 32 | "SecRule REQUEST_HEADERS \"should be skipped\" \"id:'2',phase:1,setvar:SESSION.score=+10\"", 33 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'3',phase:1,t:none,nolog,pass\"", 34 | "SecRule REQUEST_HEADERS \".*\" \"id:'4',phase:1,setvar:SESSION.score=+5\"" 35 | ] 36 | }, 37 | { 38 | "enabled":1, 39 | "version_min":300000, 40 | "title":"Testing skip action 2/3", 41 | "expected":{ 42 | "parser_error": "Rules error. File: action-skip.json. Line: 3. Column: 61. invalid character s" 43 | }, 44 | "client":{ 45 | "ip":"200.249.12.31", 46 | "port":123 47 | }, 48 | "request":{ 49 | "headers":{ 50 | "Host":"localhost", 51 | "User-Agent":"curl/7.38.0", 52 | "Accept":"*/*", 53 | "User-Agent":"My sweet little browser", 54 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 55 | }, 56 | "uri":"/?key=value&key=other_value", 57 | "method":"GET" 58 | }, 59 | "server":{ 60 | "ip":"200.249.12.31", 61 | "port":80 62 | }, 63 | "rules":[ 64 | "SecRuleEngine On", 65 | "SecDebugLog \/tmp\/modsec_debug.log", 66 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'1',phase:1,skip:abc\"", 67 | "SecRule REQUEST_HEADERS \"should be skipped\" \"id:'2',phase:1,setvar:SESSION.score=+10\"", 68 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'3',phase:1,t:none,nolog,pass\"", 69 | "SecRule REQUEST_HEADERS \".*\" \"id:'4',phase:1,setvar:SESSION.score=+5\"" 70 | ] 71 | }, 72 | { 73 | "enabled":1, 74 | "version_min":300000, 75 | "title":"Testing skip action 3/3", 76 | "expected":{ 77 | "debug_log": "\\[9\\] Skipped rule id \\'3\\' due to a \\`skip\\' action." 78 | }, 79 | "client":{ 80 | "ip":"200.249.12.31", 81 | "port":123 82 | }, 83 | "request":{ 84 | "headers":{ 85 | "Host":"localhost", 86 | "User-Agent":"curl/7.38.0", 87 | "Accept":"*/*", 88 | "User-Agent":"My sweet little browser", 89 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" 90 | }, 91 | "uri":"/?key=value&key=other_value", 92 | "method":"GET" 93 | }, 94 | "server":{ 95 | "ip":"200.249.12.31", 96 | "port":80 97 | }, 98 | "rules":[ 99 | "SecRuleEngine On", 100 | "SecDebugLog \/tmp\/modsec_debug.log", 101 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'1',phase:1,skip:2\"", 102 | "SecRule REQUEST_HEADERS \"should be skipped\" \"id:'2',phase:1,setvar:SESSION.score=+10\"", 103 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:'3',phase:1,t:none,nolog,pass\"", 104 | "SecRule REQUEST_HEADERS \".*\" \"id:'4',phase:1,setvar:SESSION.score=+5\"" 105 | ] 106 | } 107 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-ENV.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: ENV (1/3)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Variable: ENV:PATH" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule ENV:PATH \"@contains test\" \"id:1,phase:3,pass,t:trim\"" 46 | ] 47 | }, 48 | { 49 | "enabled":1, 50 | "version_min":300000, 51 | "title":"Testing Variables :: ENV (2/3)", 52 | "client":{ 53 | "ip":"200.249.12.31", 54 | "port":123 55 | }, 56 | "server":{ 57 | "ip":"200.249.12.31", 58 | "port":80 59 | }, 60 | "request":{ 61 | "headers":{ 62 | "Host":"localhost", 63 | "User-Agent":"curl/7.38.0", 64 | "Accept":"*/*", 65 | "Content-Length": "27", 66 | "Content-Type": "application/x-www-form-urlencoded" 67 | }, 68 | "uri":"/", 69 | "method":"POST", 70 | "body": [ 71 | "param1=value1¶m2=value2" 72 | ] 73 | }, 74 | "response":{ 75 | "headers":{ 76 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 77 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 78 | "Content-Type":"text/html" 79 | }, 80 | "body":[ 81 | "no need." 82 | ] 83 | }, 84 | "expected":{ 85 | "debug_log":"Variable: ENV:TERM" 86 | }, 87 | "rules":[ 88 | "SecRuleEngine On", 89 | "SecDebugLog \/tmp\/modsec_debug.log", 90 | "SecDebugLogLevel 9", 91 | "SecRule ENV:TERM \"@contains test\" \"id:1,phase:3,pass,t:trim\"" 92 | ] 93 | }, 94 | { 95 | "enabled":1, 96 | "version_min":300000, 97 | "title":"Testing Variables :: ENV (3/3)", 98 | "client":{ 99 | "ip":"200.249.12.31", 100 | "port":123 101 | }, 102 | "server":{ 103 | "ip":"200.249.12.31", 104 | "port":80 105 | }, 106 | "request":{ 107 | "headers":{ 108 | "Host":"localhost", 109 | "User-Agent":"curl/7.38.0", 110 | "Accept":"*/*", 111 | "Content-Length": "27", 112 | "Content-Type": "application/x-www-form-urlencoded" 113 | }, 114 | "uri":"/", 115 | "method":"POST", 116 | "body": [ 117 | "param1=value1¶m2=value2" 118 | ] 119 | }, 120 | "response":{ 121 | "headers":{ 122 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 123 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 124 | "Content-Type":"text/html" 125 | }, 126 | "body":[ 127 | "no need." 128 | ] 129 | }, 130 | "expected":{ 131 | "debug_log":"Variable: ENV:PATH" 132 | }, 133 | "rules":[ 134 | "SecRuleEngine On", 135 | "SecDebugLog \/tmp\/modsec_debug.log", 136 | "SecDebugLogLevel 9", 137 | "SecRule ENV \"@contains test\" \"id:1,phase:3,pass,t:trim\"" 138 | ] 139 | } 140 | ] 141 | 142 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-PATH_INFO.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: PATH_INFO (1/3)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"27", 20 | "Content-Type":"application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/one/two/three", 23 | "method":"POST", 24 | "body":[ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Target value: \"/one/two/three\" \\(Variable: PATH_INFO\\)" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule PATH_INFO \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 46 | ] 47 | }, 48 | { 49 | "enabled":1, 50 | "version_min":300000, 51 | "title":"Testing Variables :: PATH_INFO (2/3)", 52 | "client":{ 53 | "ip":"200.249.12.31", 54 | "port":123 55 | }, 56 | "server":{ 57 | "ip":"200.249.12.31", 58 | "port":80 59 | }, 60 | "request":{ 61 | "headers":{ 62 | "Host":"localhost", 63 | "User-Agent":"curl/7.38.0", 64 | "Accept":"*/*", 65 | "Content-Length":"27", 66 | "Content-Type":"application/x-www-form-urlencoded" 67 | }, 68 | "uri":"/one/two/three?key=value", 69 | "method":"POST", 70 | "body":[ 71 | "param1=value1¶m2=value2" 72 | ] 73 | }, 74 | "response":{ 75 | "headers":{ 76 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 77 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 78 | "Content-Type":"text/html" 79 | }, 80 | "body":[ 81 | "no need." 82 | ] 83 | }, 84 | "expected":{ 85 | "debug_log":"Target value: \"/one/two/three\" \\(Variable: PATH_INFO\\)" 86 | }, 87 | "rules":[ 88 | "SecRuleEngine On", 89 | "SecDebugLog \/tmp\/modsec_debug.log", 90 | "SecDebugLogLevel 9", 91 | "SecRule PATH_INFO \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 92 | ] 93 | }, 94 | { 95 | "enabled":1, 96 | "version_min":300000, 97 | "title":"Testing Variables :: PATH_INFO (3/3)", 98 | "client":{ 99 | "ip":"200.249.12.31", 100 | "port":123 101 | }, 102 | "server":{ 103 | "ip":"200.249.12.31", 104 | "port":80 105 | }, 106 | "request":{ 107 | "headers":{ 108 | "Host":"localhost", 109 | "User-Agent":"curl/7.38.0", 110 | "Accept":"*/*", 111 | "Content-Length":"27", 112 | "Content-Type":"application/x-www-form-urlencoded" 113 | }, 114 | "uri":"/one/two/%20/three?key=value", 115 | "method":"POST", 116 | "body":[ 117 | "param1=value1¶m2=value2" 118 | ] 119 | }, 120 | "response":{ 121 | "headers":{ 122 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 123 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 124 | "Content-Type":"text/html" 125 | }, 126 | "body":[ 127 | "no need." 128 | ] 129 | }, 130 | "expected":{ 131 | "debug_log":"Target value: \"/one/two/ /three\" \\(Variable: PATH_INFO\\)" 132 | }, 133 | "rules":[ 134 | "SecRuleEngine On", 135 | "SecDebugLog \/tmp\/modsec_debug.log", 136 | "SecDebugLogLevel 9", 137 | "SecRule PATH_INFO \"@contains test \" \"id:1,phase:3,pass,t:trim\"" 138 | ] 139 | } 140 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/operator-ipMatchFromFile.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Operator :: @ipMatchFromFile", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length": "27", 20 | "Content-Type": "application/x-www-form-urlencoded" 21 | }, 22 | "uri":"/", 23 | "method":"POST", 24 | "body": [ 25 | "param1=value1¶m2=value2" 26 | ] 27 | }, 28 | "response":{ 29 | "headers":{ 30 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 31 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 32 | "Content-Type":"text/html" 33 | }, 34 | "body":[ 35 | "no need." 36 | ] 37 | }, 38 | "expected":{ 39 | "debug_log":"Rule returned 1" 40 | }, 41 | "rules":[ 42 | "SecRuleEngine On", 43 | "SecDebugLog \/tmp\/modsec_debug.log", 44 | "SecDebugLogLevel 9", 45 | "SecRule REMOTE_ADDR \"@ipMatchFromFile test-cases\/data\/ipMatchFromFile.txt\" \"id:1,phase:3,pass,t:trim\"" 46 | ] 47 | }, 48 | { 49 | "enabled":1, 50 | "version_min":300000, 51 | "title":"Testing Operator :: @ipMatchFromFile - file not found", 52 | "client":{ 53 | "ip":"200.249.12.31", 54 | "port":123 55 | }, 56 | "server":{ 57 | "ip":"200.249.12.31", 58 | "port":80 59 | }, 60 | "request":{ 61 | "headers":{ 62 | "Host":"localhost", 63 | "User-Agent":"curl/7.38.0", 64 | "Accept":"*/*", 65 | "Content-Length": "27", 66 | "Content-Type": "application/x-www-form-urlencoded" 67 | }, 68 | "uri":"/", 69 | "method":"POST", 70 | "body": [ 71 | "param1=value1¶m2=value2" 72 | ] 73 | }, 74 | "response":{ 75 | "headers":{ 76 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 77 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 78 | "Content-Type":"text/html" 79 | }, 80 | "body":[ 81 | "no need." 82 | ] 83 | }, 84 | "expected":{ 85 | "parser_error":"Rules error. File: operator-ipMatchFromFile.json. Line: 4. Column: 19. .*" 86 | }, 87 | "rules":[ 88 | "SecRuleEngine On", 89 | "SecDebugLog \/tmp\/modsec_debug.log", 90 | "SecDebugLogLevel 9", 91 | "SecRule REMOTE_ADDR \"@ipMatchFromFile file-not-found.txt\" \"id:1,phase:3,pass,t:trim\"" 92 | ] 93 | }, 94 | { 95 | "enabled":1, 96 | "version_min":300000, 97 | "title":"Testing Operator :: @ipMatchFromFile - https", 98 | "client":{ 99 | "ip":"8.8.4.4", 100 | "port":123 101 | }, 102 | "server":{ 103 | "ip":"200.249.12.31", 104 | "port":80 105 | }, 106 | "request":{ 107 | "headers":{ 108 | "Host":"localhost", 109 | "User-Agent":"curl/7.38.0", 110 | "Accept":"*/*", 111 | "Content-Length": "27", 112 | "Content-Type": "application/x-www-form-urlencoded" 113 | }, 114 | "uri":"/", 115 | "method":"POST", 116 | "body": [ 117 | "param1=value1¶m2=value2" 118 | ] 119 | }, 120 | "response":{ 121 | "headers":{ 122 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 123 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 124 | "Content-Type":"text/html" 125 | }, 126 | "body":[ 127 | "no need." 128 | ] 129 | }, 130 | "expected":{ 131 | "debug_log":"Rule returned 1." 132 | }, 133 | "rules":[ 134 | "SecRuleEngine On", 135 | "SecDebugLog \/tmp\/modsec_debug.log", 136 | "SecDebugLogLevel 9", 137 | "SecRule REMOTE_ADDR \"@ipMatchFromFile https://www.modsecurity.org/modsecurity-regression-test.txt\" \"id:1,phase:3,pass,t:trim\"" 138 | ] 139 | } 140 | ] -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-OUTBOUND_DATA_ERROR.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: OUTBOUND_DATA_ERROR (1/2)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*" 19 | }, 20 | "uri":"/?key=value&key=other_value", 21 | "method":"GET" 22 | }, 23 | "response":{ 24 | "headers":{ 25 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 26 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 27 | "Content-Type":"text/html" 28 | }, 29 | "body":[ 30 | "no need." 31 | ] 32 | }, 33 | "expected":{ 34 | "debug_log":"Target value: \"0\" \\(Variable: OUTBOUND_DATA_ERROR\\)" 35 | }, 36 | "rules":[ 37 | "SecRuleEngine On", 38 | "SecDebugLog \/tmp\/modsec_debug.log", 39 | "SecDebugLogLevel 9", 40 | "SecRule OUTBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:4,pass,t:trim\"" 41 | ] 42 | }, 43 | { 44 | "enabled":1, 45 | "version_min":300000, 46 | "title":"Testing Variables :: OUTBOUND_DATA_ERROR (2/2)", 47 | "client":{ 48 | "ip":"200.249.12.31", 49 | "port":123 50 | }, 51 | "server":{ 52 | "ip":"200.249.12.31", 53 | "port":80 54 | }, 55 | "request":{ 56 | "headers":{ 57 | "Host":"localhost", 58 | "User-Agent":"curl/7.38.0", 59 | "Accept":"*/*", 60 | "Content-Length":"330", 61 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 62 | "Expect":"100-continue" 63 | }, 64 | "uri":"/", 65 | "method":"POST", 66 | "body":[ 67 | "--------------------------756b6d74fa1a8ee2", 68 | "Content-Disposition: form-data; name=\"name\"", 69 | "", 70 | "test", 71 | "--------------------------756b6d74fa1a8ee2", 72 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 73 | "Content-Type: text/plain", 74 | "", 75 | "This is a very small test file..", 76 | "--------------------------756b6d74fa1a8ee2", 77 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 78 | "Content-Type: text/plain", 79 | "", 80 | "This is another very small test file..", 81 | "--------------------------756b6d74fa1a8ee2--" 82 | ] 83 | }, 84 | "response":{ 85 | "headers":{ 86 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 87 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 88 | "Content-Type":"text/html" 89 | }, 90 | "body":[ 91 | "--------------------------756b6d74fa1a8ee2", 92 | "Content-Disposition: form-data; name=\"name\"", 93 | "", 94 | "test", 95 | "--------------------------756b6d74fa1a8ee2", 96 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 97 | "Content-Type: text/plain", 98 | "", 99 | "This is a very small test file..", 100 | "--------------------------756b6d74fa1a8ee2", 101 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 102 | "Content-Type: text/plain", 103 | "", 104 | "This is another very small test file..", 105 | "--------------------------756b6d74fa1a8ee2--" 106 | ] 107 | }, 108 | "expected":{ 109 | "debug_log":"Target value: \"1\" \\(Variable: OUTBOUND_DATA_ERROR\\)" 110 | }, 111 | "rules":[ 112 | "SecRuleEngine On", 113 | "SecDebugLog \/tmp\/modsec_debug.log", 114 | "SecResponseBodyLimit 2", 115 | "SecDebugLogLevel 9", 116 | "SecRule OUTBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:4,pass,t:trim\"" 117 | ] 118 | } 119 | ] 120 | 121 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/action-xmlns.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing action :: XMLNS (parser error 1)", 6 | "expected":{ 7 | "parser_error": "XMLS: Bad format, missing equals sign" 8 | }, 9 | "rules":[ 10 | "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 11 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:123,xmlns:soap'http://schemas.xmlsoap.org/soap/envelope/'\"" 12 | ] 13 | }, 14 | { 15 | "enabled":1, 16 | "version_min":300000, 17 | "title":"Testing action :: XMLNS (parser error 2)", 18 | "expected":{ 19 | "parser_error": "XMLS: XMLNS is invalid. Expecting a name=value format." 20 | }, 21 | "rules":[ 22 | "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 23 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:123,xmlns:=\"" 24 | ] 25 | }, 26 | { 27 | "enabled":1, 28 | "version_min":300000, 29 | "title":"Testing action :: XMLNS (parser error 3)", 30 | "expected":{ 31 | "parser_error": "XMLS: Missing xmlns href for prefix: `schemas.xmlsoap.org/soap/envelope/'." 32 | }, 33 | "rules":[ 34 | "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 35 | "SecRule REQUEST_HEADERS:User-Agent \"^(.*)$\" \"id:123,xmlns:soap='schemas.xmlsoap.org/soap/envelope/'\"" 36 | ] 37 | }, 38 | { 39 | "enabled":1, 40 | "version_min":300000, 41 | "title":"Testing XML request body parser (validate ok)", 42 | "expected":{ 43 | "debug_log": "Target value: \"39.95\" \\(Variable: XML:\/bookstore\/book\/price\\[text\\(\\)\\]\\)" 44 | }, 45 | "client":{ 46 | "ip":"200.249.12.31", 47 | "port":123 48 | }, 49 | "request":{ 50 | "headers":{ 51 | "Host":"localhost", 52 | "User-Agent":"curl/7.38.0", 53 | "Accept":"*/*", 54 | "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 55 | "Content-Type": "text/xml" 56 | }, 57 | "uri":"/?key=value&key=other_value", 58 | "method":"POST", 59 | "body": [ 60 | "", 61 | "", 62 | "", 63 | "Everyday Italian", 64 | "Giada De Laurentiis", 65 | "2005", 66 | "30.00", 67 | "", 68 | 69 | "", 70 | "Harry Potter", 71 | "J K. Rowling", 72 | "2005", 73 | "29.99", 74 | "", 75 | 76 | "", 77 | "XQuery Kick Start", 78 | "James McGovern", 79 | "Per Bothner", 80 | "Kurt Cagle", 81 | "James Linn", 82 | "Vaidyanathan Nagarajan", 83 | "2003", 84 | "49.99", 85 | "", 86 | 87 | "", 88 | "Learning XML", 89 | "Erik T. Ray", 90 | "2003", 91 | "39.95", 92 | "", 93 | "" 94 | ] 95 | }, 96 | "server":{ 97 | "ip":"200.249.12.31", 98 | "port":80 99 | }, 100 | "rules":[ 101 | "SecRuleEngine On", 102 | "SecRequestBodyAccess On", 103 | "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 104 | "SecRule XML:/bookstore/book/price[text()] \"Fred\" \"phase:3,id:123,xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'\"" 105 | ] 106 | } 107 | ] 108 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MULTIPART_NAME.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: MULTIPART_FILENAME", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "----------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "----------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "----------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "----------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"filedata\" \\(Variable: MULTIPART_NAME\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule MULTIPART_NAME \"@contains 0\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | }, 63 | { 64 | "enabled":1, 65 | "version_min":300000, 66 | "title":"Testing Variables :: MULTIPART_FILENAME", 67 | "client":{ 68 | "ip":"200.249.12.31", 69 | "port":123 70 | }, 71 | "server":{ 72 | "ip":"200.249.12.31", 73 | "port":80 74 | }, 75 | "request":{ 76 | "headers":{ 77 | "Host":"localhost", 78 | "User-Agent":"curl/7.38.0", 79 | "Accept":"*/*", 80 | "Content-Length":"330", 81 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 82 | "Expect":"100-continue" 83 | }, 84 | "uri":"/", 85 | "method":"POST", 86 | "body":[ 87 | "----------------------------756b6d74fa1a8ee2", 88 | "Content-Disposition: form-data; name=\"name\"", 89 | "", 90 | "test", 91 | "----------------------------756b6d74fa1a8ee2", 92 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 93 | "Content-Type: text/plain", 94 | "", 95 | "This is a very small test file..", 96 | "----------------------------756b6d74fa1a8ee2", 97 | "Content-Disposition: form-data; name=\"filedata2\"; filename=\"small_text_file2.txt\"\r", 98 | "Content-Type: text/plain\r", 99 | "\r", 100 | "This is another very small test file..\r", 101 | "----------------------------756b6d74fa1a8ee2--\r" 102 | ] 103 | }, 104 | "response":{ 105 | "headers":{ 106 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 107 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 108 | "Content-Type":"text/html" 109 | }, 110 | "body":[ 111 | "no need." 112 | ] 113 | }, 114 | "expected":{ 115 | "debug_log":"Target value: \"filedata2\" \\(Variable: MULTIPART_NAME\\)" 116 | }, 117 | "rules":[ 118 | "SecRuleEngine On", 119 | "SecDebugLog \/tmp\/modsec_debug.log", 120 | "SecDebugLogLevel 9", 121 | "SecRule MULTIPART_NAME \"@contains 0\" \"id:1,phase:3,pass,t:trim\"" 122 | ] 123 | } 124 | ] 125 | 126 | -------------------------------------------------------------------------------- /tests/test-cases/Working Tests/variable-MULTIPART_CRLF_LF_LINES.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "enabled":1, 4 | "version_min":300000, 5 | "title":"Testing Variables :: FILES (1/1)", 6 | "client":{ 7 | "ip":"200.249.12.31", 8 | "port":123 9 | }, 10 | "server":{ 11 | "ip":"200.249.12.31", 12 | "port":80 13 | }, 14 | "request":{ 15 | "headers":{ 16 | "Host":"localhost", 17 | "User-Agent":"curl/7.38.0", 18 | "Accept":"*/*", 19 | "Content-Length":"330", 20 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 21 | "Expect":"100-continue" 22 | }, 23 | "uri":"/", 24 | "method":"POST", 25 | "body":[ 26 | "----------------------------756b6d74fa1a8ee2", 27 | "Content-Disposition: form-data; name=\"name\"", 28 | "", 29 | "test", 30 | "----------------------------756b6d74fa1a8ee2", 31 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 32 | "Content-Type: text/plain", 33 | "", 34 | "This is a very small test file..", 35 | "----------------------------756b6d74fa1a8ee2", 36 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 37 | "Content-Type: text/plain", 38 | "", 39 | "This is another very small test file..", 40 | "----------------------------756b6d74fa1a8ee2--" 41 | ] 42 | }, 43 | "response":{ 44 | "headers":{ 45 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 46 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 47 | "Content-Type":"text/html" 48 | }, 49 | "body":[ 50 | "no need." 51 | ] 52 | }, 53 | "expected":{ 54 | "debug_log":"Target value: \"0\" \\(Variable: MULTIPART_CRLF_LF_LINES\\)" 55 | }, 56 | "rules":[ 57 | "SecRuleEngine On", 58 | "SecDebugLog \/tmp\/modsec_debug.log", 59 | "SecDebugLogLevel 9", 60 | "SecRule MULTIPART_CRLF_LF_LINES \"@contains 0\" \"id:1,phase:3,pass,t:trim\"" 61 | ] 62 | }, 63 | { 64 | "enabled":1, 65 | "version_min":300000, 66 | "title":"Testing Variables :: FILES (1/1)", 67 | "client":{ 68 | "ip":"200.249.12.31", 69 | "port":123 70 | }, 71 | "server":{ 72 | "ip":"200.249.12.31", 73 | "port":80 74 | }, 75 | "request":{ 76 | "headers":{ 77 | "Host":"localhost", 78 | "User-Agent":"curl/7.38.0", 79 | "Accept":"*/*", 80 | "Content-Length":"330", 81 | "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 82 | "Expect":"100-continue" 83 | }, 84 | "uri":"/", 85 | "method":"POST", 86 | "body":[ 87 | "----------------------------756b6d74fa1a8ee2", 88 | "Content-Disposition: form-data; name=\"name\"", 89 | "", 90 | "test", 91 | "----------------------------756b6d74fa1a8ee2", 92 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 93 | "Content-Type: text/plain", 94 | "", 95 | "This is a very small test file..", 96 | "----------------------------756b6d74fa1a8ee2", 97 | "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"\r", 98 | "Content-Type: text/plain\r", 99 | "\r", 100 | "This is another very small test file..\r", 101 | "----------------------------756b6d74fa1a8ee2--\r" 102 | ] 103 | }, 104 | "response":{ 105 | "headers":{ 106 | "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 107 | "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 108 | "Content-Type":"text/html" 109 | }, 110 | "body":[ 111 | "no need." 112 | ] 113 | }, 114 | "expected":{ 115 | "debug_log":"Target value: \"1\" \\(Variable: MULTIPART_CRLF_LF_LINES\\)" 116 | }, 117 | "rules":[ 118 | "SecRuleEngine On", 119 | "SecDebugLog \/tmp\/modsec_debug.log", 120 | "SecDebugLogLevel 9", 121 | "SecRule MULTIPART_CRLF_LF_LINES \"@contains 0\" \"id:1,phase:3,pass,t:trim\"" 122 | ] 123 | } 124 | ] 125 | 126 | --------------------------------------------------------------------------------