|
Packit |
284210 |
### Logging tests
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# log/nolog (pass)
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "log (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,log,id:500006"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "nolog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,nolog,id:500007"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500007/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# log/nolog (deny)
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "log (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,log,id:500008"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "nolog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,nolog,id:500009"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500009/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# auditlog/noauditlog (pass)
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "auditlog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,auditlog,id:500010"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "noauditlog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,noauditlog,id:500011"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# auditlog/noauditlog (deny)
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "auditlog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,auditlog,id:500012"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "noauditlog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,noauditlog,id:500013"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# All log/nolog auditlog/noauditlog combos (pass)
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "log,auditlog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,log,auditlog,id:500014"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "log,noauditlog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,log,noauditlog,id:500015"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "nolog,auditlog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,nolog,auditlog,id:500016"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "nolog,noauditlog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,nolog,noauditlog,id:500017"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500017/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "auditlog,log (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,auditlog,log,id:500018"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "auditlog,nolog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,auditlog,nolog,id:500019"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500019/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "noauditlog,log (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,noauditlog,log,id:500020"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "noauditlog,nolog (pass)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,pass,noauditlog,nolog,id:500021"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500021/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# All log/nolog auditlog/noauditlog combos (deny)
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "log,auditlog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,log,auditlog,id:500022"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "log,noauditlog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,log,noauditlog,id:500023"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "nolog,auditlog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,nolog,auditlog,id:500024"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
-error => [ qr/ModSecurity: /, 1 ],
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "nolog,noauditlog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500025/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "auditlog,log (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,auditlog,log,id:500026"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "auditlog,nolog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500027/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "noauditlog,log (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,noauditlog,log,id:500028"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "action",
|
|
Packit |
284210 |
comment => "noauditlog,nolog (deny)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog "$ENV{DEBUG_LOG}"
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecAuditLogRelevantStatus xxx
|
|
Packit |
284210 |
SecAuditEngine RelevantOnly
|
|
Packit |
284210 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit |
284210 |
SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/500029/, 1 ],
|
|
Packit |
284210 |
-audit => [ qr/./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|