1 ### Tests all of the actions in each phase in detection only mode
6 comment => "pass in phase:1",
8 SecRuleEngine DetectionOnly
9 SecRequestBodyAccess On
10 SecResponseBodyAccess On
11 SecResponseBodyMimeType null
12 SecDebugLog "$ENV{DEBUG_LOG}"
14 SecAction "phase:1,pass,msg:'PASSED'"
15 SecAction "phase:1,deny,msg:'DENIED'"
18 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
23 request => new HTTP::Request(
24 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
29 comment => "pass in phase:2",
31 SecRuleEngine DetectionOnly
32 SecRequestBodyAccess On
33 SecResponseBodyAccess On
34 SecResponseBodyMimeType null
35 SecAction "phase:2,pass,msg:'PASSED'"
36 SecAction "phase:2,deny,msg:'DENIED'"
39 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
44 request => new HTTP::Request(
45 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
50 comment => "pass in phase:3",
52 SecRuleEngine DetectionOnly
53 SecRequestBodyAccess On
54 SecResponseBodyAccess On
55 SecResponseBodyMimeType null
56 SecDebugLog "$ENV{DEBUG_LOG}"
58 SecAction "phase:3,pass,msg:'PASSED'"
59 SecAction "phase:3,deny,msg:'DENIED'"
62 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
67 request => new HTTP::Request(
68 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
73 comment => "pass in phase:4",
75 SecRuleEngine DetectionOnly
76 SecRequestBodyAccess On
77 SecResponseBodyAccess On
78 SecResponseBodyMimeType null
79 SecDebugLog "$ENV{DEBUG_LOG}"
81 SecAction "phase:4,pass,msg:'PASSED'"
82 SecAction "phase:4,deny,msg:'DENIED'"
85 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*PASSED/, 1 ],
90 request => new HTTP::Request(
91 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
98 comment => "allow in phase:1",
100 SecRuleEngine DetectionOnly
101 SecRequestBodyAccess On
102 SecResponseBodyAccess On
103 SecResponseBodyMimeType null
104 SecAction "phase:1,allow,msg:'ALLOWED'"
105 SecAction "phase:1,deny,msg:'DENIED'"
108 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
109 -error => [ qr/Access allowed/, 1 ],
110 # TODO: Allow should probably stop rule execution
111 # -error => [ qr/DENIED/, 1 ],
116 request => new HTTP::Request(
117 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
122 comment => "allow in phase:2",
124 SecRuleEngine DetectionOnly
125 SecRequestBodyAccess On
126 SecResponseBodyAccess On
127 SecResponseBodyMimeType null
128 SecAction "phase:2,allow,msg:'ALLOWED'"
129 SecAction "phase:2,deny,msg:'DENIED'"
132 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
133 -error => [ qr/Access allowed/, 1 ],
134 # TODO: Allow should probably stop rule execution
135 # -error => [ qr/DENIED/, 1 ],
140 request => new HTTP::Request(
141 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
146 comment => "allow in phase:3",
148 SecRuleEngine DetectionOnly
149 SecRequestBodyAccess On
150 SecResponseBodyAccess On
151 SecResponseBodyMimeType null
152 SecAction "phase:3,allow,msg:'ALLOWED'"
153 SecAction "phase:3,deny,msg:'DENIED'"
156 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
157 -error => [ qr/Access allowed/, 1 ],
158 # TODO: Allow should probably stop rule execution
159 # -error => [ qr/DENIED/, 1 ],
164 request => new HTTP::Request(
165 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
170 comment => "allow in phase:4",
172 SecRuleEngine DetectionOnly
173 SecRequestBodyAccess On
174 SecResponseBodyAccess On
175 SecResponseBodyMimeType null
176 SecAction "phase:4,allow,msg:'ALLOWED'"
177 SecAction "phase:4,deny,msg:'DENIED'"
180 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*ALLOWED/, 1 ],
181 -error => [ qr/Access allowed/, 1 ],
182 # TODO: Allow should probably stop rule execution
183 # -error => [ qr/DENIED/, 1 ],
188 request => new HTTP::Request(
189 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
196 comment => "deny in phase:1",
198 SecRuleEngine DetectionOnly
199 SecRequestBodyAccess On
200 SecResponseBodyAccess On
201 SecResponseBodyMimeType null
202 SecAction "phase:1,deny,msg:'DENIED'"
205 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
206 -error => [ qr/Access denied/, 1 ],
211 request => new HTTP::Request(
212 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
217 comment => "deny in phase:2",
219 SecRuleEngine DetectionOnly
220 SecRequestBodyAccess On
221 SecResponseBodyAccess On
222 SecResponseBodyMimeType null
223 SecAction "phase:2,deny,msg:'DENIED'"
226 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
227 -error => [ qr/Access denied/, 1 ],
232 request => new HTTP::Request(
233 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
238 comment => "deny in phase:3",
240 SecRuleEngine DetectionOnly
241 SecRequestBodyAccess On
242 SecResponseBodyAccess On
243 SecResponseBodyMimeType null
244 SecAction "phase:3,deny,msg:'DENIED'"
247 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
248 -error => [ qr/Access denied/, 1 ],
253 request => new HTTP::Request(
254 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
259 comment => "deny in phase:4",
261 SecRuleEngine DetectionOnly
262 SecRequestBodyAccess On
263 SecResponseBodyAccess On
264 SecResponseBodyMimeType null
265 SecAction "phase:4,deny,msg:'DENIED'"
268 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DENIED/, 1 ],
269 -error => [ qr/Access denied/, 1 ],
274 request => new HTTP::Request(
275 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
282 comment => "drop in phase:1",
284 SecRuleEngine DetectionOnly
285 SecRequestBodyAccess On
286 SecResponseBodyAccess On
287 SecResponseBodyMimeType null
288 SecAction "phase:1,drop,msg:'DROPPED'"
291 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
292 -error => [ qr/Access denied/, 1 ],
297 request => new HTTP::Request(
298 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
303 comment => "drop in phase:2",
305 SecRuleEngine DetectionOnly
306 SecRequestBodyAccess On
307 SecResponseBodyAccess On
308 SecResponseBodyMimeType null
309 SecAction "phase:2,drop,msg:'DROPPED'"
312 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
313 -error => [ qr/Access denied/, 1 ],
318 request => new HTTP::Request(
319 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
324 comment => "drop in phase:3",
326 SecRuleEngine DetectionOnly
327 SecRequestBodyAccess On
328 SecResponseBodyAccess On
329 SecResponseBodyMimeType null
330 SecAction "phase:3,drop,msg:'DROPPED'"
333 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
334 -error => [ qr/Access denied/, 1 ],
339 request => new HTTP::Request(
340 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
345 comment => "drop in phase:4",
347 SecRuleEngine DetectionOnly
348 SecRequestBodyAccess On
349 SecResponseBodyAccess On
350 SecResponseBodyMimeType null
351 SecAction "phase:4,drop,msg:'DROPPED'"
354 error => [ qr/ModSecurity: Warning. Unconditional match in SecAction.*DROPPED/, 1 ],
355 -error => [ qr/Access denied/, 1 ],
360 request => new HTTP::Request(
361 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
368 comment => "redirect in phase:1 (get)",
370 SecRuleEngine DetectionOnly
371 SecRequestBodyAccess On
372 SecResponseBodyAccess On
373 SecResponseBodyMimeType null
374 SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
377 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
378 -error => [ qr/Access denied/, 1 ],
382 content => qr/^TEST 2$/,
384 request => new HTTP::Request(
385 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
390 comment => "redirect in phase:2 (get)",
392 SecRuleEngine DetectionOnly
393 SecRequestBodyAccess On
394 SecResponseBodyAccess On
395 SecResponseBodyMimeType null
396 SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
399 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
400 -error => [ qr/Access denied/, 1 ],
404 content => qr/^TEST 2$/,
406 request => new HTTP::Request(
407 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
412 comment => "redirect in phase:3 (get)",
414 SecRuleEngine DetectionOnly
415 SecRequestBodyAccess On
416 SecResponseBodyAccess On
417 SecResponseBodyMimeType null
418 SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
421 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
422 -error => [ qr/Access denied/, 1 ],
426 content => qr/^TEST 2$/,
428 request => new HTTP::Request(
429 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
434 comment => "redirect in phase:4 (get)",
436 SecRuleEngine DetectionOnly
437 SecRequestBodyAccess On
438 SecResponseBodyAccess On
439 SecResponseBodyMimeType null
440 SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,redirect:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'REDIRECTED'"
443 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*REDIRECTED/, 1 ],
444 -error => [ qr/Access denied/, 1 ],
448 content => qr/^TEST 2$/,
450 request => new HTTP::Request(
451 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
458 comment => "proxy in phase:1 (get)",
460 SecRuleEngine DetectionOnly
461 SecRequestBodyAccess On
462 SecResponseBodyAccess On
463 SecResponseBodyMimeType null
464 SecRule REQUEST_URI "\@streq /test2.txt" "phase:1,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
467 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
468 -error => [ qr/Access denied/, 1 ],
472 content => qr/^TEST 2$/,
474 request => new HTTP::Request(
475 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
480 comment => "proxy in phase:2 (get)",
482 SecRuleEngine DetectionOnly
483 SecRequestBodyAccess On
484 SecResponseBodyAccess On
485 SecResponseBodyMimeType null
486 SecRule REQUEST_URI "\@streq /test2.txt" "phase:2,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
489 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
490 -error => [ qr/Access denied/, 1 ],
494 content => qr/^TEST 2$/,
496 request => new HTTP::Request(
497 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
502 comment => "proxy in phase:3 (get)",
504 SecRuleEngine DetectionOnly
505 SecRequestBodyAccess On
506 SecResponseBodyAccess On
507 SecResponseBodyMimeType null
508 SecDebugLog "$ENV{DEBUG_LOG}"
510 SecRule REQUEST_URI "\@streq /test2.txt" "phase:3,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
513 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
514 -error => [ qr/Access denied/, 1 ],
519 request => new HTTP::Request(
520 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",
525 comment => "proxy in phase:4 (get)",
527 SecRuleEngine DetectionOnly
528 SecRequestBodyAccess On
529 SecResponseBodyAccess On
530 SecResponseBodyMimeType null
531 SecDebugLog "$ENV{DEBUG_LOG}"
533 SecRule REQUEST_URI "\@streq /test2.txt" "phase:4,proxy:'http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt',msg:'PROXIED'"
536 error => [ qr/ModSecurity: Warning. String match "\/test2.txt" at REQUEST_URI.*PROXIED/, 1 ],
537 -error => [ qr/Access denied/, 1 ],
542 request => new HTTP::Request(
543 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test2.txt",