source-git / mod_security

Clone
Source Code
GIT

Blame tests/regression/action/10-logging.t

c8 c8s master
  1.   284210d3a0013253e784e9edcda42e36870a884f
  2.   tests
  3.   regression
  4.   action
  5.   10-logging.t
Blob History Raw
Packit 284210 
### Logging tests
Packit 284210
Packit 284210 
# log/nolog (pass)
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "log (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,log,id:500006"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "nolog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,nolog,id:500007"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500007/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# log/nolog (deny)
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "log (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,log,id:500008"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "nolog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,nolog,id:500009"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500009/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# auditlog/noauditlog (pass)
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "auditlog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,auditlog,id:500010"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "noauditlog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,noauditlog,id:500011"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# auditlog/noauditlog (deny)
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "auditlog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,auditlog,id:500012"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "noauditlog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,noauditlog,id:500013"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# All log/nolog auditlog/noauditlog combos (pass)
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "log,auditlog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,log,auditlog,id:500014"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "log,noauditlog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,log,noauditlog,id:500015"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "nolog,auditlog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,nolog,auditlog,id:500016"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "nolog,noauditlog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,nolog,noauditlog,id:500017"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500017/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "auditlog,log (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,auditlog,log,id:500018"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "auditlog,nolog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,auditlog,nolog,id:500019"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500019/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "noauditlog,log (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,noauditlog,log,id:500020"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "noauditlog,nolog (pass)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,pass,noauditlog,nolog,id:500021"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500021/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# All log/nolog auditlog/noauditlog combos (deny)
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "log,auditlog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,log,auditlog,id:500022"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "log,noauditlog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,log,noauditlog,id:500023"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "nolog,auditlog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,nolog,auditlog,id:500024"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		-error => [ qr/ModSecurity: /, 1 ],
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "nolog,noauditlog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500025/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "auditlog,log (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,auditlog,log,id:500026"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "auditlog,nolog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500027/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "noauditlog,log (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,noauditlog,log,id:500028"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "action",
Packit 284210 
	comment => "noauditlog,nolog (deny)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog "$ENV{DEBUG_LOG}"
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
        SecAuditLogRelevantStatus xxx
Packit 284210 
		SecAuditEngine RelevantOnly
Packit 284210 
		SecAuditLog "$ENV{AUDIT_LOG}"
Packit 284210 
		SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/500029/, 1 ],
Packit 284210 
		-audit => [ qr/./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
	),
Packit 284210 
},

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation