source-git / mod_security

Clone
Source Code
GIT

Blame tests/regression/config/10-request-directives.t

c8 c8s master
  1.   284210d3a0013253e784e9edcda42e36870a884f
  2.   tests
  3.   regression
  4.   config
  5.   10-request-directives.t
Blob History Raw
Packit 284210 
### Tests for directives altering how a request is handled
Packit 284210
Packit 284210 
# SecArgumentSeparator
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecArgumentSeparator (get-pos)",
Packit 284210 
	conf => q(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecArgumentSeparator ";"
Packit 284210 
		SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500215"
Packit 284210 
		SecRule ARGS:b "@streq 2" ""
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/Access denied with code 403 \(phase 1\)\. String match "2" at ARGS:b\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?a=1;b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecArgumentSeparator (get-neg)",
Packit 284210 
	conf => q(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500217"
Packit 284210 
		SecRule ARGS:b "@streq 2" ""
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Access denied/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?a=1;b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecArgumentSeparator (post-pos)",
Packit 284210 
	conf => q(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecArgumentSeparator ";"
Packit 284210 
		SecRule ARGS:a "@streq 1" "phase:2,deny,chain,id:500219"
Packit 284210 
		SecRule ARGS:b "@streq 2" ""
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1;b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecArgumentSeparator (post-neg)",
Packit 284210 
	conf => q(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRule ARGS:a "@streq 1" "phase:2,deny,id:500221"
Packit 284210 
		SecRule ARGS:b "@streq 2" "phase:2,deny,id:500222"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Access denied/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1;b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# SecRequestBodyAccess
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyAccess (pos)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRule ARGS:a "\@streq 1" "phase:2,deny,chain,id:500223"
Packit 284210 
		SecRule ARGS:b "\@streq 2" ""
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1&b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyAccess (neg)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess Off
Packit 284210 
		SecRule ARGS:a "\@streq 1" "phase:2,deny,id:500225"
Packit 284210 
		SecRule ARGS:b "\@streq 2" "phase:2,deny,id:500226"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Access denied/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1&b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# SecRequestBodyLimit
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (equal)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 7
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Request body is larger than the configured limit/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1&b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (greater)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 5
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/Request body .*is larger than the configured limit \(5\)\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^413$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1&b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (equal - chunked)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 276
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Request body is larger than the configured limit/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (greater - chunked)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 256
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/Request body .*is larger than the configured limit \(256\)\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^413$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (ctl:ruleEngine=off)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 5
Packit 284210
Packit 284210 
		SecAction "phase:1,pass,nolog,ctl:ruleEngine=off,id:500081"
Packit 284210 
		SecRule REQUEST_BODY "." "phase:2,deny,id:500227"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Request body .*is larger than the configured limit/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1&b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (ctl:requestBodyAccess=off)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 5
Packit 284210
Packit 284210 
		SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off,id:500082"
Packit 284210 
		SecRule REQUEST_BODY "." "phase:2,deny,id:500228"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Request body .*is larger than the configured limit/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		"a=1&b=2",
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (ctl:ruleEngine=off - chunked)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 256
Packit 284210
Packit 284210 
		SecAction "phase:1,pass,nolog,ctl:ruleEngine=off,id:500083"
Packit 284210 
		SecRule REQUEST_BODY "." "phase:2,deny,id:500229"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Request body .*is larger than the configured limit/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimit (ctl:requestBodyAccess=off - chunked)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 256
Packit 284210
Packit 284210 
		SecAction "phase:1,pass,nolog,ctl:requestBodyAccess=off,id:500084"
Packit 284210 
		SecRule REQUEST_BODY "." "phase:2,deny,id:500230"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Request body .*is larger than the configured limit \(256\)\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210 
# SecRequestBodyInMemoryLimit
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyInMemoryLimit (equal)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 1000
Packit 284210 
		SecRequestBodyInMemoryLimit 276
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-debug => [ qr/Input filter: Request too large to store in memory, switching to disk\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyInMemoryLimit (greater)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimit 1000
Packit 284210 
		SecRequestBodyInMemoryLimit 16
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		debug => [ qr/Input filter: Request too large to store in memory, switching to disk\./, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimitAction Reject (multipart/greater - chunked)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimitAction Reject
Packit 284210 
		SecRequestBodyLimit 20
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		debug => [ qr/Request body is larger than the configured limit \(20\).. Deny with code \(413\)/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^413$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		1024
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimitAction Reject (plain/greater)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimitAction Reject
Packit 284210 
		SecRequestBodyLimit 131072
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-debug => [ qr/Request body is larger than the configured limit \(131072\).. Deny with code \(413\)/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^413$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/json",
Packit 284210 
		],
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				{
Packit 284210 
					) . "'abcdefghijlmnopq'='abcdefghijlmnopqrstuvxz',\\n" x 99000 . q(
Packit 284210 
				},
Packit 284210 
			),
Packit 284210 
		),
Packit 284210 
	),
Packit 284210 
},
Packit 284210
Packit 284210
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecRequestBodyLimitAction ProcessPartial (multipart/greater - chunked)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
		SecRequestBodyAccess On
Packit 284210 
		SecRequestBodyLimitAction ProcessPartial
Packit 284210 
		SecRequestBodyLimit 131072
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-debug => [ qr/Request body is larger than the configured limit/, 1],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => normalize_raw_request_data(
Packit 284210 
		qq(
Packit 284210 
			POST /test.txt HTTP/1.1
Packit 284210 
			Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
Packit 284210 
			User-Agent: $ENV{USER_AGENT}
Packit 284210 
			Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
Packit 284210 
			Transfer-Encoding: chunked
Packit 284210
Packit 284210 
		),
Packit 284210 
	)
Packit 284210 
	.encode_chunked(
Packit 284210 
		normalize_raw_request_data(
Packit 284210 
			q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="a"
Packit 284210
Packit 284210 
				1) . "a" x 131072 . q(
Packit 284210 
				-----------------------------69343412719991675451336310646
Packit 284210 
				Content-Disposition: form-data; name="b"
Packit 284210
Packit 284210 
				2) . "b" x 131072 . q(
Packit 284210 
				-----------------------------69343412719991675451336310646--
Packit 284210 
			)
Packit 284210 
		),
Packit 284210 
		131072*3
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
# Known issue on nginx, disable it for now.
Packit 284210 
#{
Packit 284210 
#	type => "config",
Packit 284210 
#	comment => "SecRequestBodyLimitAction ProcessPartial (plain/greater)",
Packit 284210 
#	conf => qq(
Packit 284210 
#		SecRuleEngine On
Packit 284210 
#		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
#		SecDebugLogLevel 9
Packit 284210 
#		SecRequestBodyAccess On
Packit 284210 
#		SecRequestBodyLimitAction ProcessPartial
Packit 284210 
#		SecRequestBodyLimit 131072
Packit 284210 
#	),
Packit 284210 
#	match_log => {
Packit 284210 
#		-debug => [ qr/Request body is larger than the configured limit/, 1],
Packit 284210 
#	},
Packit 284210 
#	match_response => {
Packit 284210 
#		status => qr/^200$/,
Packit 284210 
#	},
Packit 284210 
#	request => new HTTP::Request(
Packit 284210 
#		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
#		[
Packit 284210 
#			"Content-Type" => "application/json",
Packit 284210 
#		],
Packit 284210 
#		normalize_raw_request_data(
Packit 284210 
#			q(
Packit 284210 
#				{
Packit 284210 
#					) . "'abcdefghijlmnopq'='abcdefghijlmnopqrstuvxz',\\n" x 99000 . q(
Packit 284210 
#				},
Packit 284210 
#			),
Packit 284210 
#		),
Packit 284210 
#	),
Packit 284210 
#},
Packit 284210
Packit 284210
Packit 284210
Packit 284210
Packit 284210
Packit 284210 
# SecCookieFormat
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecCookieFormat (pos)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 5
Packit 284210 
		SecCookieFormat 1
Packit 284210 
		SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500231"
Packit 284210 
		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
Packit 284210 
		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ],
Packit 284210 
		debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
Packit 284210 
		],
Packit 284210 
		undef,
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "config",
Packit 284210 
	comment => "SecCookieFormat (neg)",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 5
Packit 284210 
		SecCookieFormat 0
Packit 284210 
		SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500234"
Packit 284210 
		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
Packit 284210 
		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/Access denied/, 1 ],
Packit 284210 
		-debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
Packit 284210 
		[
Packit 284210 
			"Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
Packit 284210 
		],
Packit 284210 
		undef,
Packit 284210 
	),
Packit 284210 
},
Packit 284210

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation