|
Packit |
284210 |
### Tests for directives altering how a response is handled
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# SecResponseBodyMimeTypesClear
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyMimeTypesClear",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeTypesClear
|
|
Packit |
284210 |
SecDebugLog $ENV{DEBUG_LOG}
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500237"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/Access denied/, 1 ],
|
|
Packit |
284210 |
debug => [ qr/Not buffering response body for unconfigured MIME type/, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# SecResponseBodyAccess & SecResponseBodyMimeType
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyAccess On",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog $ENV{DEBUG_LOG}
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500238"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/Access denied with code 403 \(phase 4\)\. Pattern match "TEST" at RESPONSE_BODY\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^403$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyAccess Off",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecDebugLog $ENV{DEBUG_LOG}
|
|
Packit |
284210 |
SecDebugLogLevel 9
|
|
Packit |
284210 |
SecResponseBodyAccess Off
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecRule RESPONSE_BODY "TEST" "phase:4,deny,id:500239"
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/Access denied/, 1 ],
|
|
Packit |
284210 |
debug => [ qr/Response body buffering is not enabled\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# SecResponseBodyLimit
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyLimit (equal)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecResponseBodyLimit 8192
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyLimit (less)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecResponseBodyLimit 9000
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyLimit (greater)",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecResponseBodyLimit 8000
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/Content-Length \(\d+\) over the limit \(8000\)\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^500$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# ResponseBodyLimitAction
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyLimitAction Reject",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecResponseBodyLimit 5
|
|
Packit |
284210 |
SecResponseBodyLimitAction Reject
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
error => [ qr/Content-Length \(\d+\) over the limit \(5\)\./, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^500$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
{
|
|
Packit |
284210 |
type => "config",
|
|
Packit |
284210 |
comment => "SecResponseBodyLimitAction ProcessPartial",
|
|
Packit |
284210 |
conf => qq(
|
|
Packit |
284210 |
SecRuleEngine On
|
|
Packit |
284210 |
SecResponseBodyAccess On
|
|
Packit |
284210 |
SecResponseBodyMimeType text/plain null
|
|
Packit |
284210 |
SecResponseBodyLimit 5
|
|
Packit |
284210 |
SecDebugLog $ENV{DEBUG_LOG}
|
|
Packit |
284210 |
SecDebugLogLevel 4
|
|
Packit |
284210 |
SecResponseBodyLimitAction ProcessPartial
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
match_log => {
|
|
Packit |
284210 |
-error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
|
|
Packit |
284210 |
debug => [ qr/Processing partial response body \(limit 5\)/, 1 ],
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
match_response => {
|
|
Packit |
284210 |
status => qr/^200$/,
|
|
Packit |
284210 |
},
|
|
Packit |
284210 |
request => new HTTP::Request(
|
|
Packit |
284210 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
|
Packit |
284210 |
),
|
|
Packit |
284210 |
},
|