apache2/t/regression/config/10-response-directives.t

   1 ### Tests for directives altering how a response is handled
   2
   3 # SecResponseBodyMimeTypesClear
   4 {
   5         type => "config",
   6         comment => "SecResponseBodyMimeTypesClear",
   7         conf => qq(
   8                 SecRuleEngine On
   9                 SecResponseBodyAccess On
  10                 SecResponseBodyMimeTypesClear
  11                 SecDebugLog $ENV{DEBUG_LOG}
  12                 SecDebugLogLevel 9
  13                 SecRule RESPONSE_BODY "TEST" "phase:4,deny"
  14         ),
  15         match_log => {
  16                 -error => [ qr/Access denied/, 1 ],
  17                 debug => [ qr/Not buffering response body for unconfigured MIME type/, 1 ],
  18         },
  19         match_response => {
  20                 status => qr/^200$/,
  21         },
  22         request => new HTTP::Request(
  23                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  24         ),
  25 },
  26
  27 # SecResponseBodyAccess & SecResponseBodyMimeType
  28 {
  29         type => "config",
  30         comment => "SecResponseBodyAccess On",
  31         conf => qq(
  32                 SecRuleEngine On
  33                 SecDebugLog $ENV{DEBUG_LOG}
  34                 SecDebugLogLevel 9
  35                 SecResponseBodyAccess On
  36                 SecResponseBodyMimeType text/plain null
  37                 SecRule RESPONSE_BODY "TEST" "phase:4,deny"
  38         ),
  39         match_log => {
  40                 error => [ qr/Access denied with code 403 \(phase 4\)\. Pattern match "TEST" at RESPONSE_BODY\./, 1 ],
  41         },
  42         match_response => {
  43                 status => qr/^403$/,
  44         },
  45         request => new HTTP::Request(
  46                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  47         ),
  48 },
  49 {
  50         type => "config",
  51         comment => "SecResponseBodyAccess Off",
  52         conf => qq(
  53                 SecRuleEngine On
  54                 SecDebugLog $ENV{DEBUG_LOG}
  55                 SecDebugLogLevel 9
  56                 SecResponseBodyAccess Off
  57                 SecResponseBodyMimeType text/plain null
  58                 SecRule RESPONSE_BODY "TEST" "phase:4,deny"
  59         ),
  60         match_log => {
  61                 -error => [ qr/Access denied/, 1 ],
  62                 debug => [ qr/Response body buffering is not enabled\./, 1 ],
  63         },
  64         match_response => {
  65                 status => qr/^200$/,
  66         },
  67         request => new HTTP::Request(
  68                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
  69         ),
  70 },
  71
  72 # SecResponseBodyLimit
  73 {
  74         type => "config",
  75         comment => "SecResponseBodyLimit (equal)",
  76         conf => qq(
  77                 SecRuleEngine On
  78                 SecResponseBodyAccess On
  79                 SecResponseBodyMimeType text/plain null
  80                 SecResponseBodyLimit 8192
  81         ),
  82         match_log => {
  83                 -error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
  84         },
  85         match_response => {
  86                 status => qr/^200$/,
  87         },
  88         request => new HTTP::Request(
  89                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
  90         ),
  91 },
  92 {
  93         type => "config",
  94         comment => "SecResponseBodyLimit (less)",
  95         conf => qq(
  96                 SecRuleEngine On
  97                 SecResponseBodyAccess On
  98                 SecResponseBodyMimeType text/plain null
  99                 SecResponseBodyLimit 9000
 100         ),
 101         match_log => {
 102                 -error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
 103         },
 104         match_response => {
 105                 status => qr/^200$/,
 106         },
 107         request => new HTTP::Request(
 108                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
 109         ),
 110 },
 111 {
 112         type => "config",
 113         comment => "SecResponseBodyLimit (greater)",
 114         conf => qq(
 115                 SecRuleEngine On
 116                 SecResponseBodyAccess On
 117                 SecResponseBodyMimeType text/plain null
 118                 SecResponseBodyLimit 8000
 119         ),
 120         match_log => {
 121                 error => [ qr/Content-Length \(\d+\) over the limit \(8000\)\./, 1 ],
 122         },
 123         match_response => {
 124                 status => qr/^500$/,
 125         },
 126         request => new HTTP::Request(
 127                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
 128         ),
 129 },
 130
 131 # ResponseBodyLimitAction
 132 {
 133         type => "config",
 134         comment => "SecResponseBodyLimitAction Reject",
 135         conf => qq(
 136                 SecRuleEngine On
 137                 SecResponseBodyAccess On
 138                 SecResponseBodyMimeType text/plain null
 139                 SecResponseBodyLimit 5
 140                 SecResponseBodyLimitAction Reject
 141         ),
 142         match_log => {
 143                 error => [ qr/Content-Length \(\d+\) over the limit \(5\)\./, 1 ],
 144         },
 145         match_response => {
 146                 status => qr/^500$/,
 147         },
 148         request => new HTTP::Request(
 149                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
 150         ),
 151 },
 152 {
 153         type => "config",
 154         comment => "SecResponseBodyLimitAction ProcessPartial",
 155         conf => qq(
 156                 SecRuleEngine On
 157                 SecResponseBodyAccess On
 158                 SecResponseBodyMimeType text/plain null
 159                 SecResponseBodyLimit 5
 160                 SecDebugLog $ENV{DEBUG_LOG}
 161                 SecDebugLogLevel 4
 162                 SecResponseBodyLimitAction ProcessPartial
 163         ),
 164         match_log => {
 165                 -error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
 166                 debug => [ qr/Processing partial response body \(limit 5\)/, 1 ],
 167         },
 168         match_response => {
 169                 status => qr/^200$/,
 170         },
 171         request => new HTTP::Request(
 172                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
 173         ),
 174 },