source-git / mod_security

Clone
Source Code
GIT

Files

  1.   384592efa1429cbfb4d7f37e97830055f99c6751
  2.   tests
  3.   regression
  4.   action
  5.   10-logging.t
Blob Blame History Raw 
### Logging tests

# log/nolog (pass)
{
	type => "action",
	comment => "log (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,log,id:500006"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "nolog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,nolog,id:500007"
	),
	match_log => {
		-error => [ qr/500007/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# log/nolog (deny)
{
	type => "action",
	comment => "log (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,log,id:500008"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "nolog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,nolog,id:500009"
	),
	match_log => {
		-error => [ qr/500009/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# auditlog/noauditlog (pass)
{
	type => "action",
	comment => "auditlog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,auditlog,id:500010"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "noauditlog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,noauditlog,id:500011"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# auditlog/noauditlog (deny)
{
	type => "action",
	comment => "auditlog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,auditlog,id:500012"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "noauditlog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,noauditlog,id:500013"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# All log/nolog auditlog/noauditlog combos (pass)
{
	type => "action",
	comment => "log,auditlog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,log,auditlog,id:500014"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "log,noauditlog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,log,noauditlog,id:500015"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "nolog,auditlog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,nolog,auditlog,id:500016"
	),
	match_log => {
		audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "nolog,noauditlog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,nolog,noauditlog,id:500017"
	),
	match_log => {
		-error => [ qr/500017/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "auditlog,log (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,auditlog,log,id:500018"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Warning\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "auditlog,nolog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,auditlog,nolog,id:500019"
	),
	match_log => {
		-error => [ qr/500019/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "noauditlog,log (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,noauditlog,log,id:500020"
	),
	match_log => {
		error => [ qr/ModSecurity: Warning\. Unconditional match in SecAction\./, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "noauditlog,nolog (pass)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,pass,noauditlog,nolog,id:500021"
	),
	match_log => {
		-error => [ qr/500021/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# All log/nolog auditlog/noauditlog combos (deny)
{
	type => "action",
	comment => "log,auditlog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,log,auditlog,id:500022"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "log,noauditlog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,log,noauditlog,id:500023"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "nolog,auditlog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,nolog,auditlog,id:500024"
	),
	match_log => {
		audit => [ qr/-H--\s+Message: .*Stopwatch: /s, 1 ],
	},
	match_response => {
		-error => [ qr/ModSecurity: /, 1 ],
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "nolog,noauditlog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025"
	),
	match_log => {
		-error => [ qr/500025/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "auditlog,log (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,auditlog,log,id:500026"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/Message: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "auditlog,nolog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027"
	),
	match_log => {
		-error => [ qr/500027/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "noauditlog,log (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,noauditlog,log,id:500028"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 403 \(phase 1\)\. Unconditional match in SecAction\./, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},
{
	type => "action",
	comment => "noauditlog,nolog (deny)",
	conf => qq(
		SecRuleEngine On
		SecDebugLog "$ENV{DEBUG_LOG}"
		SecDebugLogLevel 9
        SecAuditLogRelevantStatus xxx
		SecAuditEngine RelevantOnly
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029"
	),
	match_log => {
		-error => [ qr/500029/, 1 ],
		-audit => [ qr/./, 1 ],
	},
	match_response => {
		status => qr/^403$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation