apache2/t/regression/action/10-detectiononly-actions.t

   1 ### Tests all of the actions in each phase in detection only mode
   2
   3 # Pass
   4 {
   5         type => "action",
   6         comment => "pass in phase:1",
   7         conf => qq(
   8                 SecRuleEngine DetectionOnly
   9                 SecRequestBodyAccess On
  10                 SecResponseBodyAccess On
  11                 SecResponseBodyMimeType null
  12                 SecDebugLog "$ENV{DEBUG_LOG}"
  13                 SecDebugLogLevel 9
  14                 SecAction "phase:1,pass,msg:'PASSED'"
  15                 SecAction "phase:1,deny,msg:'DENIED'"
  16         ),
  17         match_log => {
  18                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
  19         },
  20         match_response => {
  21                 status => qr/^200$/,
  22         },
  23         request => new HTTP::Request(
  24                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  25         ),
  26 },
  27 {
  28         type => "action",
  29         comment => "pass in phase:2",
  30         conf => qq(
  31                 SecRuleEngine DetectionOnly
  32                 SecRequestBodyAccess On
  33                 SecResponseBodyAccess On
  34                 SecResponseBodyMimeType null
  35                 SecAction "phase:2,pass,msg:'PASSED'"
  36                 SecAction "phase:2,deny,msg:'DENIED'"
  37         ),
  38         match_log => {
  39                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
  40         },
  41         match_response => {
  42                 status => qr/^200$/,
  43         },
  44         request => new HTTP::Request(
  45                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  46         ),
  47 },
  48 {
  49         type => "action",
  50         comment => "pass in phase:3",
  51         conf => qq(
  52                 SecRuleEngine DetectionOnly
  53                 SecRequestBodyAccess On
  54                 SecResponseBodyAccess On
  55                 SecResponseBodyMimeType null
  56                 SecDebugLog "$ENV{DEBUG_LOG}"
  57                 SecDebugLogLevel 4
  58                 SecAction "phase:3,pass,msg:'PASSED'"
  59                 SecAction "phase:3,deny,msg:'DENIED'"
  60         ),
  61         match_log => {
  62                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
  63         },
  64         match_response => {
  65                 status => qr/^200$/,
  66         },
  67         request => new HTTP::Request(
  68                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  69         ),
  70 },
  71 {
  72         type => "action",
  73         comment => "pass in phase:4",
  74         conf => qq(
  75                 SecRuleEngine DetectionOnly
  76                 SecRequestBodyAccess On
  77                 SecResponseBodyAccess On
  78                 SecResponseBodyMimeType null
  79                 SecDebugLog "$ENV{DEBUG_LOG}"
  80                 SecDebugLogLevel 4
  81                 SecAction "phase:4,pass,msg:'PASSED'"
  82                 SecAction "phase:4,deny,msg:'DENIED'"
  83         ),
  84         match_log => {
  85                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
  86         },
  87         match_response => {
  88                 status => qr/^200$/,
  89         },
  90         request => new HTTP::Request(
  91                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  92         ),
  93 },
  94
  95 # Allow
  96 {
  97         type => "action",
  98         comment => "allow in phase:1",
  99         conf => qq(
 100                 SecRuleEngine DetectionOnly
 101                 SecRequestBodyAccess On
 102                 SecResponseBodyAccess On
 103                 SecResponseBodyMimeType null
 104                 SecAction "phase:1,allow,msg:'ALLOWED'"
 105                 SecAction "phase:1,deny,msg:'DENIED'"
 106         ),
 107         match_log => {
 108                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
 109                 -error => [ qr/Access allowed/, 1 ],
 110 # TODO: Allow should probably stop rule execution
 111 #               -error => [ qr/DENIED/, 1 ],
 112         },
 113         match_response => {
 114                 status => qr/^200$/,
 115         },
 116         request => new HTTP::Request(
 117                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 118         ),
 119 },
 120 {
 121         type => "action",
 122         comment => "allow in phase:2",
 123         conf => qq(
 124                 SecRuleEngine DetectionOnly
 125                 SecRequestBodyAccess On
 126                 SecResponseBodyAccess On
 127                 SecResponseBodyMimeType null
 128                 SecAction "phase:2,allow,msg:'ALLOWED'"
 129                 SecAction "phase:2,deny,msg:'DENIED'"
 130         ),
 131         match_log => {
 132                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
 133                 -error => [ qr/Access allowed/, 1 ],
 134 # TODO: Allow should probably stop rule execution
 135 #               -error => [ qr/DENIED/, 1 ],
 136         },
 137         match_response => {
 138                 status => qr/^200$/,
 139         },
 140         request => new HTTP::Request(
 141                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 142         ),
 143 },
 144 {
 145         type => "action",
 146         comment => "allow in phase:3",
 147         conf => qq(
 148                 SecRuleEngine DetectionOnly
 149                 SecRequestBodyAccess On
 150                 SecResponseBodyAccess On
 151                 SecResponseBodyMimeType null
 152                 SecAction "phase:3,allow,msg:'ALLOWED'"
 153                 SecAction "phase:3,deny,msg:'DENIED'"
 154         ),
 155         match_log => {
 156                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
 157                 -error => [ qr/Access allowed/, 1 ],
 158 # TODO: Allow should probably stop rule execution
 159 #               -error => [ qr/DENIED/, 1 ],
 160         },
 161         match_response => {
 162                 status => qr/^200$/,
 163         },
 164         request => new HTTP::Request(
 165                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 166         ),
 167 },
 168 {
 169         type => "action",
 170         comment => "allow in phase:4",
 171         conf => qq(
 172                 SecRuleEngine DetectionOnly
 173                 SecRequestBodyAccess On
 174                 SecResponseBodyAccess On
 175                 SecResponseBodyMimeType null
 176                 SecAction "phase:4,allow,msg:'ALLOWED'"
 177                 SecAction "phase:4,deny,msg:'DENIED'"
 178         ),
 179         match_log => {
 180                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
 181                 -error => [ qr/Access allowed/, 1 ],
 182 # TODO: Allow should probably stop rule execution
 183 #               -error => [ qr/DENIED/, 1 ],
 184         },
 185         match_response => {
 186                 status => qr/^200$/,
 187         },
 188         request => new HTTP::Request(
 189                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 190         ),
 191 },
 192
 193 # Deny
 194 {
 195         type => "action",
 196         comment => "deny in phase:1",
 197         conf => qq(
 198                 SecRuleEngine DetectionOnly
 199                 SecRequestBodyAccess On
 200                 SecResponseBodyAccess On
 201                 SecResponseBodyMimeType null
 202                 SecAction "phase:1,deny,msg:'DENIED'"
 203         ),
 204         match_log => {
 205                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
 206                 -error => [ qr/Access denied/, 1 ],
 207         },
 208         match_response => {
 209                 status => qr/^200$/,
 210         },
 211         request => new HTTP::Request(
 212                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 213         ),
 214 },
 215 {
 216         type => "action",
 217         comment => "deny in phase:2",
 218         conf => qq(
 219                 SecRuleEngine DetectionOnly
 220                 SecRequestBodyAccess On
 221                 SecResponseBodyAccess On
 222                 SecResponseBodyMimeType null
 223                 SecAction "phase:2,deny,msg:'DENIED'"
 224         ),
 225         match_log => {
 226                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
 227                 -error => [ qr/Access denied/, 1 ],
 228         },
 229         match_response => {
 230                 status => qr/^200$/,
 231         },
 232         request => new HTTP::Request(
 233                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 234         ),
 235 },
 236 {
 237         type => "action",
 238         comment => "deny in phase:3",
 239         conf => qq(
 240                 SecRuleEngine DetectionOnly
 241                 SecRequestBodyAccess On
 242                 SecResponseBodyAccess On
 243                 SecResponseBodyMimeType null
 244                 SecAction "phase:3,deny,msg:'DENIED'"
 245         ),
 246         match_log => {
 247                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
 248                 -error => [ qr/Access denied/, 1 ],
 249         },
 250         match_response => {
 251                 status => qr/^200$/,
 252         },
 253         request => new HTTP::Request(
 254                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 255         ),
 256 },
 257 {
 258         type => "action",
 259         comment => "deny in phase:4",
 260         conf => qq(
 261                 SecRuleEngine DetectionOnly
 262                 SecRequestBodyAccess On
 263                 SecResponseBodyAccess On
 264                 SecResponseBodyMimeType null
 265                 SecAction "phase:4,deny,msg:'DENIED'"
 266         ),
 267         match_log => {
 268                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
 269                 -error => [ qr/Access denied/, 1 ],
 270         },
 271         match_response => {
 272                 status => qr/^200$/,
 273         },
 274         request => new HTTP::Request(
 275                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 276         ),
 277 },
 278
 279 # Drop
 280 {
 281         type => "action",
 282         comment => "drop in phase:1",
 283         conf => qq(
 284                 SecRuleEngine DetectionOnly
 285                 SecRequestBodyAccess On
 286                 SecResponseBodyAccess On
 287                 SecResponseBodyMimeType null
 288                 SecAction "phase:1,drop,msg:'DROPPED'"
 289         ),
 290         match_log => {
 291                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
 292                 -error => [ qr/Access denied/, 1 ],
 293         },
 294         match_response => {
 295                 status => qr/^200$/,
 296         },
 297         request => new HTTP::Request(
 298                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 299         ),
 300 },
 301 {
 302         type => "action",
 303         comment => "drop in phase:2",
 304         conf => qq(
 305                 SecRuleEngine DetectionOnly
 306                 SecRequestBodyAccess On
 307                 SecResponseBodyAccess On
 308                 SecResponseBodyMimeType null
 309                 SecAction "phase:2,drop,msg:'DROPPED'"
 310         ),
 311         match_log => {
 312                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
 313                 -error => [ qr/Access denied/, 1 ],
 314         },
 315         match_response => {
 316                 status => qr/^200$/,
 317         },
 318         request => new HTTP::Request(
 319                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 320         ),
 321 },
 322 {
 323         type => "action",
 324         comment => "drop in phase:3",
 325         conf => qq(
 326                 SecRuleEngine DetectionOnly
 327                 SecRequestBodyAccess On
 328                 SecResponseBodyAccess On
 329                 SecResponseBodyMimeType null
 330                 SecAction "phase:3,drop,msg:'DROPPED'"
 331         ),
 332         match_log => {
 333                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
 334                 -error => [ qr/Access denied/, 1 ],
 335         },
 336         match_response => {
 337                 status => qr/^200$/,
 338         },
 339         request => new HTTP::Request(
 340                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 341         ),
 342 },
 343 {
 344         type => "action",
 345         comment => "drop in phase:4",
 346         conf => qq(
 347                 SecRuleEngine DetectionOnly
 348                 SecRequestBodyAccess On
 349                 SecResponseBodyAccess On
 350                 SecResponseBodyMimeType null
 351                 SecAction "phase:4,drop,msg:'DROPPED'"
 352         ),
 353         match_log => {
 354                 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
 355                 -error => [ qr/Access denied/, 1 ],
 356         },
 357         match_response => {
 358                 status => qr/^200$/,
 359         },
 360         request => new HTTP::Request(
 361                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 362         ),
 363 },
 364
 365 # Redirect
 366 {
 367         type => "action",
 368         comment => "redirect in phase:1 (get)",
 369         conf => qq(
 370                 SecRuleEngine DetectionOnly
 371                 SecRequestBodyAccess On
 372                 SecResponseBodyAccess On
 373                 SecResponseBodyMimeType null
 374                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
 375         ),
 376         match_log => {
 377                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
 378                 -error => [ qr/Access denied/, 1 ],
 379         },
 380         match_response => {
 381                 status => qr/^200$/,
 382                 content => qr/^TEST 2$/,
 383         },
 384         request => new HTTP::Request(
 385                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 386         ),
 387 },
 388 {
 389         type => "action",
 390         comment => "redirect in phase:2 (get)",
 391         conf => qq(
 392                 SecRuleEngine DetectionOnly
 393                 SecRequestBodyAccess On
 394                 SecResponseBodyAccess On
 395                 SecResponseBodyMimeType null
 396                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
 397         ),
 398         match_log => {
 399                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
 400                 -error => [ qr/Access denied/, 1 ],
 401         },
 402         match_response => {
 403                 status => qr/^200$/,
 404                 content => qr/^TEST 2$/,
 405         },
 406         request => new HTTP::Request(
 407                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 408         ),
 409 },
 410 {
 411         type => "action",
 412         comment => "redirect in phase:3 (get)",
 413         conf => qq(
 414                 SecRuleEngine DetectionOnly
 415                 SecRequestBodyAccess On
 416                 SecResponseBodyAccess On
 417                 SecResponseBodyMimeType null
 418                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
 419         ),
 420         match_log => {
 421                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
 422                 -error => [ qr/Access denied/, 1 ],
 423         },
 424         match_response => {
 425                 status => qr/^200$/,
 426                 content => qr/^TEST 2$/,
 427         },
 428         request => new HTTP::Request(
 429                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 430         ),
 431 },
 432 {
 433         type => "action",
 434         comment => "redirect in phase:4 (get)",
 435         conf => qq(
 436                 SecRuleEngine DetectionOnly
 437                 SecRequestBodyAccess On
 438                 SecResponseBodyAccess On
 439                 SecResponseBodyMimeType null
 440                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
 441         ),
 442         match_log => {
 443                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
 444                 -error => [ qr/Access denied/, 1 ],
 445         },
 446         match_response => {
 447                 status => qr/^200$/,
 448                 content => qr/^TEST 2$/,
 449         },
 450         request => new HTTP::Request(
 451                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 452         ),
 453 },
 454
 455 # Proxy
 456 {
 457         type => "action",
 458         comment => "proxy in phase:1 (get)",
 459         conf => qq(
 460                 SecRuleEngine DetectionOnly
 461                 SecRequestBodyAccess On
 462                 SecResponseBodyAccess On
 463                 SecResponseBodyMimeType null
 464                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
 465         ),
 466         match_log => {
 467                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
 468                 -error => [ qr/Access denied/, 1 ],
 469         },
 470         match_response => {
 471                 status => qr/^200$/,
 472                 content => qr/^TEST 2$/,
 473         },
 474         request => new HTTP::Request(
 475                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 476         ),
 477 },
 478 {
 479         type => "action",
 480         comment => "proxy in phase:2 (get)",
 481         conf => qq(
 482                 SecRuleEngine DetectionOnly
 483                 SecRequestBodyAccess On
 484                 SecResponseBodyAccess On
 485                 SecResponseBodyMimeType null
 486                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
 487         ),
 488         match_log => {
 489                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
 490                 -error => [ qr/Access denied/, 1 ],
 491         },
 492         match_response => {
 493                 status => qr/^200$/,
 494                 content => qr/^TEST 2$/,
 495         },
 496         request => new HTTP::Request(
 497                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 498         ),
 499 },
 500 {
 501         type => "action",
 502         comment => "proxy in phase:3 (get)",
 503         conf => qq(
 504                 SecRuleEngine DetectionOnly
 505                 SecRequestBodyAccess On
 506                 SecResponseBodyAccess On
 507                 SecResponseBodyMimeType null
 508                 SecDebugLog "$ENV{DEBUG_LOG}"
 509                 SecDebugLogLevel 4
 510                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
 511         ),
 512         match_log => {
 513                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
 514                 -error => [ qr/Access denied/, 1 ],
 515         },
 516         match_response => {
 517                 status => qr/^200$/,
 518         },
 519         request => new HTTP::Request(
 520                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 521         ),
 522 },
 523 {
 524         type => "action",
 525         comment => "proxy in phase:4 (get)",
 526         conf => qq(
 527                 SecRuleEngine DetectionOnly
 528                 SecRequestBodyAccess On
 529                 SecResponseBodyAccess On
 530                 SecResponseBodyMimeType null
 531                 SecDebugLog "$ENV{DEBUG_LOG}"
 532                 SecDebugLogLevel 4
 533                 SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
 534         ),
 535         match_log => {
 536                 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
 537                 -error => [ qr/Access denied/, 1 ],
 538         },
 539         match_response => {
 540                 status => qr/^200$/,
 541         },
 542         request => new HTTP::Request(
 543                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
 544         ),
 545 },