1
### Tests all of the actions in each phase in detection only mode
6
comment => "pass in phase:1",
8
SecRuleEngine DetectionOnly
9
SecRequestBodyAccess On
10
SecResponseBodyAccess On
11
SecResponseBodyMimeType null
12
SecDebugLog "$ENV{DEBUG_LOG}"
14
SecAction "phase:1,pass,msg:'PASSED'"
15
SecAction "phase:1,deny,msg:'DENIED'"
18
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
23
request => new HTTP::Request(
24
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
29
comment => "pass in phase:2",
31
SecRuleEngine DetectionOnly
32
SecRequestBodyAccess On
33
SecResponseBodyAccess On
34
SecResponseBodyMimeType null
35
SecAction "phase:2,pass,msg:'PASSED'"
36
SecAction "phase:2,deny,msg:'DENIED'"
39
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
44
request => new HTTP::Request(
45
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
50
comment => "pass in phase:3",
52
SecRuleEngine DetectionOnly
53
SecRequestBodyAccess On
54
SecResponseBodyAccess On
55
SecResponseBodyMimeType null
56
SecDebugLog "$ENV{DEBUG_LOG}"
58
SecAction "phase:3,pass,msg:'PASSED'"
59
SecAction "phase:3,deny,msg:'DENIED'"
62
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
67
request => new HTTP::Request(
68
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
73
comment => "pass in phase:4",
75
SecRuleEngine DetectionOnly
76
SecRequestBodyAccess On
77
SecResponseBodyAccess On
78
SecResponseBodyMimeType null
79
SecDebugLog "$ENV{DEBUG_LOG}"
81
SecAction "phase:4,pass,msg:'PASSED'"
82
SecAction "phase:4,deny,msg:'DENIED'"
85
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
90
request => new HTTP::Request(
91
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
98
comment => "allow in phase:1",
100
SecRuleEngine DetectionOnly
101
SecRequestBodyAccess On
102
SecResponseBodyAccess On
103
SecResponseBodyMimeType null
104
SecAction "phase:1,allow,msg:'ALLOWED'"
105
SecAction "phase:1,deny,msg:'DENIED'"
108
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
109
-error => [ qr/Access allowed/, 1 ],
110
# TODO: Allow should probably stop rule execution
111
# -error => [ qr/DENIED/, 1 ],
116
request => new HTTP::Request(
117
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
122
comment => "allow in phase:2",
124
SecRuleEngine DetectionOnly
125
SecRequestBodyAccess On
126
SecResponseBodyAccess On
127
SecResponseBodyMimeType null
128
SecAction "phase:2,allow,msg:'ALLOWED'"
129
SecAction "phase:2,deny,msg:'DENIED'"
132
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
133
-error => [ qr/Access allowed/, 1 ],
134
# TODO: Allow should probably stop rule execution
135
# -error => [ qr/DENIED/, 1 ],
140
request => new HTTP::Request(
141
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
146
comment => "allow in phase:3",
148
SecRuleEngine DetectionOnly
149
SecRequestBodyAccess On
150
SecResponseBodyAccess On
151
SecResponseBodyMimeType null
152
SecAction "phase:3,allow,msg:'ALLOWED'"
153
SecAction "phase:3,deny,msg:'DENIED'"
156
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
157
-error => [ qr/Access allowed/, 1 ],
158
# TODO: Allow should probably stop rule execution
159
# -error => [ qr/DENIED/, 1 ],
164
request => new HTTP::Request(
165
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
170
comment => "allow in phase:4",
172
SecRuleEngine DetectionOnly
173
SecRequestBodyAccess On
174
SecResponseBodyAccess On
175
SecResponseBodyMimeType null
176
SecAction "phase:4,allow,msg:'ALLOWED'"
177
SecAction "phase:4,deny,msg:'DENIED'"
180
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
181
-error => [ qr/Access allowed/, 1 ],
182
# TODO: Allow should probably stop rule execution
183
# -error => [ qr/DENIED/, 1 ],
188
request => new HTTP::Request(
189
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
196
comment => "deny in phase:1",
198
SecRuleEngine DetectionOnly
199
SecRequestBodyAccess On
200
SecResponseBodyAccess On
201
SecResponseBodyMimeType null
202
SecAction "phase:1,deny,msg:'DENIED'"
205
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
206
-error => [ qr/Access denied/, 1 ],
211
request => new HTTP::Request(
212
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
217
comment => "deny in phase:2",
219
SecRuleEngine DetectionOnly
220
SecRequestBodyAccess On
221
SecResponseBodyAccess On
222
SecResponseBodyMimeType null
223
SecAction "phase:2,deny,msg:'DENIED'"
226
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
227
-error => [ qr/Access denied/, 1 ],
232
request => new HTTP::Request(
233
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
238
comment => "deny in phase:3",
240
SecRuleEngine DetectionOnly
241
SecRequestBodyAccess On
242
SecResponseBodyAccess On
243
SecResponseBodyMimeType null
244
SecAction "phase:3,deny,msg:'DENIED'"
247
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
248
-error => [ qr/Access denied/, 1 ],
253
request => new HTTP::Request(
254
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
259
comment => "deny in phase:4",
261
SecRuleEngine DetectionOnly
262
SecRequestBodyAccess On
263
SecResponseBodyAccess On
264
SecResponseBodyMimeType null
265
SecAction "phase:4,deny,msg:'DENIED'"
268
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
269
-error => [ qr/Access denied/, 1 ],
274
request => new HTTP::Request(
275
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
282
comment => "drop in phase:1",
284
SecRuleEngine DetectionOnly
285
SecRequestBodyAccess On
286
SecResponseBodyAccess On
287
SecResponseBodyMimeType null
288
SecAction "phase:1,drop,msg:'DROPPED'"
291
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
292
-error => [ qr/Access denied/, 1 ],
297
request => new HTTP::Request(
298
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
303
comment => "drop in phase:2",
305
SecRuleEngine DetectionOnly
306
SecRequestBodyAccess On
307
SecResponseBodyAccess On
308
SecResponseBodyMimeType null
309
SecAction "phase:2,drop,msg:'DROPPED'"
312
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
313
-error => [ qr/Access denied/, 1 ],
318
request => new HTTP::Request(
319
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
324
comment => "drop in phase:3",
326
SecRuleEngine DetectionOnly
327
SecRequestBodyAccess On
328
SecResponseBodyAccess On
329
SecResponseBodyMimeType null
330
SecAction "phase:3,drop,msg:'DROPPED'"
333
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
334
-error => [ qr/Access denied/, 1 ],
339
request => new HTTP::Request(
340
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
345
comment => "drop in phase:4",
347
SecRuleEngine DetectionOnly
348
SecRequestBodyAccess On
349
SecResponseBodyAccess On
350
SecResponseBodyMimeType null
351
SecAction "phase:4,drop,msg:'DROPPED'"
354
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
355
-error => [ qr/Access denied/, 1 ],
360
request => new HTTP::Request(
361
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
368
comment => "redirect in phase:1 (get)",
370
SecRuleEngine DetectionOnly
371
SecRequestBodyAccess On
372
SecResponseBodyAccess On
373
SecResponseBodyMimeType null
374
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
377
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
378
-error => [ qr/Access denied/, 1 ],
382
content => qr/^TEST 2$/,
384
request => new HTTP::Request(
385
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
390
comment => "redirect in phase:2 (get)",
392
SecRuleEngine DetectionOnly
393
SecRequestBodyAccess On
394
SecResponseBodyAccess On
395
SecResponseBodyMimeType null
396
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
399
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
400
-error => [ qr/Access denied/, 1 ],
404
content => qr/^TEST 2$/,
406
request => new HTTP::Request(
407
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
412
comment => "redirect in phase:3 (get)",
414
SecRuleEngine DetectionOnly
415
SecRequestBodyAccess On
416
SecResponseBodyAccess On
417
SecResponseBodyMimeType null
418
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
421
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
422
-error => [ qr/Access denied/, 1 ],
426
content => qr/^TEST 2$/,
428
request => new HTTP::Request(
429
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
434
comment => "redirect in phase:4 (get)",
436
SecRuleEngine DetectionOnly
437
SecRequestBodyAccess On
438
SecResponseBodyAccess On
439
SecResponseBodyMimeType null
440
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
443
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
444
-error => [ qr/Access denied/, 1 ],
448
content => qr/^TEST 2$/,
450
request => new HTTP::Request(
451
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
458
comment => "proxy in phase:1 (get)",
460
SecRuleEngine DetectionOnly
461
SecRequestBodyAccess On
462
SecResponseBodyAccess On
463
SecResponseBodyMimeType null
464
SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
467
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
468
-error => [ qr/Access denied/, 1 ],
472
content => qr/^TEST 2$/,
474
request => new HTTP::Request(
475
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
480
comment => "proxy in phase:2 (get)",
482
SecRuleEngine DetectionOnly
483
SecRequestBodyAccess On
484
SecResponseBodyAccess On
485
SecResponseBodyMimeType null
486
SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
489
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
490
-error => [ qr/Access denied/, 1 ],
494
content => qr/^TEST 2$/,
496
request => new HTTP::Request(
497
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
502
comment => "proxy in phase:3 (get)",
504
SecRuleEngine DetectionOnly
505
SecRequestBodyAccess On
506
SecResponseBodyAccess On
507
SecResponseBodyMimeType null
508
SecDebugLog "$ENV{DEBUG_LOG}"
510
SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
513
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
514
-error => [ qr/Access denied/, 1 ],
519
request => new HTTP::Request(
520
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
525
comment => "proxy in phase:4 (get)",
527
SecRuleEngine DetectionOnly
528
SecRequestBodyAccess On
529
SecResponseBodyAccess On
530
SecResponseBodyMimeType null
531
SecDebugLog "$ENV{DEBUG_LOG}"
533
SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
536
error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
537
-error => [ qr/Access denied/, 1 ],
542
request => new HTTP::Request(
543
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",