6 comment => "ARGS (get)",
9 SecRequestBodyAccess On
10 SecResponseBodyAccess On
11 SecResponseBodyMimeType null
12 SecDebugLog $ENV{DEBUG_LOG}
14 SecRule ARGS "val1" "phase:2,log,pass"
15 SecRule ARGS "val2" "phase:2,log,pass"
18 error => [ qr/Pattern match "val1" at ARGS.*Pattern match "val2" at ARGS/s, 1 ],
19 debug => [ qr/Adding request argument \(QUERY_STRING\): name "arg1", value "val1".*Adding request argument \(QUERY_STRING\): name "arg2", value "val2"/s, 1 ],
24 request => new HTTP::Request(
25 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
30 comment => "ARGS (post)",
33 SecRequestBodyAccess On
34 SecResponseBodyAccess On
35 SecResponseBodyMimeType null
36 SecDebugLog $ENV{DEBUG_LOG}
38 SecRule ARGS "val1" "phase:2,log,pass"
39 SecRule ARGS "val2" "phase:2,log,pass"
42 error => [ qr/Pattern match "val1" at ARGS.*Pattern match "val2" at ARGS/s, 1 ],
43 debug => [ qr/Adding request argument \(BODY\): name "arg1", value "val1".*Adding request argument \(BODY\): name "arg2", value "val2"/s, 1 ],
48 request => new HTTP::Request(
49 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
51 "Content-Type" => "application/x-www-form-urlencoded",
53 "arg1=val1&arg2=val2",
60 comment => "ARGS_COMBINED_SIZE (get)",
63 SecRequestBodyAccess On
64 SecResponseBodyAccess On
65 SecResponseBodyMimeType null
66 SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass"
69 error => [ qr/Operator EQ matched 16 at ARGS_COMBINED_SIZE\./s, 1 ],
74 request => new HTTP::Request(
75 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
80 comment => "ARGS_COMBINED_SIZE (post)",
83 SecRequestBodyAccess On
84 SecResponseBodyAccess On
85 SecResponseBodyMimeType null
86 SecRule ARGS_COMBINED_SIZE "\@eq 16" "phase:2,log,pass"
89 error => [ qr/Operator EQ matched 16 at ARGS_COMBINED_SIZE\./s, 1 ],
94 request => new HTTP::Request(
95 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
97 "Content-Type" => "application/x-www-form-urlencoded",
99 "arg1=val1&arg2=val2",
106 comment => "ARGS_NAMES (get)",
109 SecRequestBodyAccess On
110 SecResponseBodyAccess On
111 SecResponseBodyMimeType null
112 SecDebugLog $ENV{DEBUG_LOG}
114 SecRule ARGS_NAMES "arg1" "phase:2,log,pass"
115 SecRule ARGS_NAMES "arg2" "phase:2,log,pass"
118 error => [ qr/Pattern match "arg1" at ARGS.*Pattern match "arg2" at ARGS/s, 1 ],
119 debug => [ qr/Adding request argument \(QUERY_STRING\): name "arg1", value "val1".*Adding request argument \(QUERY_STRING\): name "arg2", value "val2"/s, 1 ],
124 request => new HTTP::Request(
125 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
130 comment => "ARGS_NAMES (post)",
133 SecRequestBodyAccess On
134 SecResponseBodyAccess On
135 SecResponseBodyMimeType null
136 SecDebugLog $ENV{DEBUG_LOG}
138 SecRule ARGS_NAMES "arg1" "phase:2,log,pass"
139 SecRule ARGS_NAMES "arg2" "phase:2,log,pass"
142 error => [ qr/Pattern match "arg1" at ARGS_NAMES.*Pattern match "arg2" at ARGS_NAMES/s, 1 ],
143 debug => [ qr/Adding request argument \(BODY\): name "arg1", value "val1".*Adding request argument \(BODY\): name "arg2", value "val2"/s, 1 ],
148 request => new HTTP::Request(
149 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
151 "Content-Type" => "application/x-www-form-urlencoded",
153 "arg1=val1&arg2=val2",
160 comment => "ARGS_GET (get)",
163 SecRequestBodyAccess On
164 SecResponseBodyAccess On
165 SecResponseBodyMimeType null
166 SecDebugLog $ENV{DEBUG_LOG}
168 SecRule ARGS_GET "val1" "phase:2,log,pass"
169 SecRule ARGS_GET "val2" "phase:2,log,pass"
172 error => [ qr/Pattern match "val1" at ARGS_GET.*Pattern match "val2" at ARGS_GET/s, 1 ],
173 debug => [ qr/Adding request argument \(QUERY_STRING\): name "arg1", value "val1".*Adding request argument \(QUERY_STRING\): name "arg2", value "val2"/s, 1 ],
178 request => new HTTP::Request(
179 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
184 comment => "ARGS_GET (post)",
187 SecRequestBodyAccess On
188 SecResponseBodyAccess On
189 SecResponseBodyMimeType null
190 SecDebugLog $ENV{DEBUG_LOG}
192 SecRule ARGS_GET "val1" "phase:2,log,pass"
193 SecRule ARGS_GET "val2" "phase:2,log,pass"
196 -error => [ qr/Pattern match/, 1 ],
197 debug => [ qr/Adding request argument \(BODY\): name "arg1", value "val1".*Adding request argument \(BODY\): name "arg2", value "val2"/s, 1 ],
202 request => new HTTP::Request(
203 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
205 "Content-Type" => "application/x-www-form-urlencoded",
207 "arg1=val1&arg2=val2",
214 comment => "ARGS_GET_NAMES (get)",
217 SecRequestBodyAccess On
218 SecResponseBodyAccess On
219 SecResponseBodyMimeType null
220 SecDebugLog $ENV{DEBUG_LOG}
222 SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass"
223 SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass"
226 error => [ qr/Pattern match "arg1" at ARGS_GET.*Pattern match "arg2" at ARGS_GET/s, 1 ],
227 debug => [ qr/Adding request argument \(QUERY_STRING\): name "arg1", value "val1".*Adding request argument \(QUERY_STRING\): name "arg2", value "val2"/s, 1 ],
232 request => new HTTP::Request(
233 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
238 comment => "ARGS_GET_NAMES (post)",
241 SecRequestBodyAccess On
242 SecResponseBodyAccess On
243 SecResponseBodyMimeType null
244 SecDebugLog $ENV{DEBUG_LOG}
246 SecRule ARGS_GET_NAMES "arg1" "phase:2,log,pass"
247 SecRule ARGS_GET_NAMES "arg2" "phase:2,log,pass"
250 -error => [ qr/Pattern match/, 1 ],
251 debug => [ qr/Adding request argument \(BODY\): name "arg1", value "val1".*Adding request argument \(BODY\): name "arg2", value "val2"/s, 1 ],
256 request => new HTTP::Request(
257 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
259 "Content-Type" => "application/x-www-form-urlencoded",
261 "arg1=val1&arg2=val2",
268 comment => "ARGS_POST (get)",
271 SecRequestBodyAccess On
272 SecResponseBodyAccess On
273 SecResponseBodyMimeType null
274 SecDebugLog $ENV{DEBUG_LOG}
276 SecRule ARGS_POST "val1" "phase:2,log,pass"
277 SecRule ARGS_POST "val2" "phase:2,log,pass"
280 -error => [ qr/Pattern match/, 1 ],
281 debug => [ qr/Adding request argument \(QUERY_STRING\): name "arg1", value "val1".*Adding request argument \(QUERY_STRING\): name "arg2", value "val2"/s, 1 ],
286 request => new HTTP::Request(
287 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
292 comment => "ARGS_POST (post)",
295 SecRequestBodyAccess On
296 SecResponseBodyAccess On
297 SecResponseBodyMimeType null
298 SecDebugLog $ENV{DEBUG_LOG}
300 SecRule ARGS_POST "val1" "phase:2,log,pass"
301 SecRule ARGS_POST "val2" "phase:2,log,pass"
304 error => [ qr/Pattern match "val1" at ARGS_POST.*Pattern match "val2" at ARGS_POST/s, 1 ],
305 debug => [ qr/Adding request argument \(BODY\): name "arg1", value "val1".*Adding request argument \(BODY\): name "arg2", value "val2"/s, 1 ],
310 request => new HTTP::Request(
311 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
313 "Content-Type" => "application/x-www-form-urlencoded",
315 "arg1=val1&arg2=val2",
322 comment => "ARGS_POST_NAMES (get)",
325 SecRequestBodyAccess On
326 SecResponseBodyAccess On
327 SecResponseBodyMimeType null
328 SecDebugLog $ENV{DEBUG_LOG}
330 SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass"
331 SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass"
334 -error => [ qr/Pattern match/, 1 ],
335 debug => [ qr/Adding request argument \(QUERY_STRING\): name "arg1", value "val1".*Adding request argument \(QUERY_STRING\): name "arg2", value "val2"/s, 1 ],
340 request => new HTTP::Request(
341 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?arg1=val1&arg2=val2",
346 comment => "ARGS_POST_NAMES (post)",
349 SecRequestBodyAccess On
350 SecResponseBodyAccess On
351 SecResponseBodyMimeType null
352 SecDebugLog $ENV{DEBUG_LOG}
354 SecRule ARGS_POST_NAMES "arg1" "phase:2,log,pass"
355 SecRule ARGS_POST_NAMES "arg2" "phase:2,log,pass"
358 error => [ qr/Pattern match "arg1" at ARGS_POST.*Pattern match "arg2" at ARGS_POST/s, 1 ],
359 debug => [ qr/Adding request argument \(BODY\): name "arg1", value "val1".*Adding request argument \(BODY\): name "arg2", value "val2"/s, 1 ],
364 request => new HTTP::Request(
365 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
367 "Content-Type" => "application/x-www-form-urlencoded",
369 "arg1=val1&arg2=val2",
376 # comment => "AUTH_TYPE",
379 # <IfModule !mod_authn_file.c>
380 # LoadModule authn_file_module modules/mod_authn_file.so
383 ## <IfVersion ~ ^2.0.>
384 ## <IfModule !mod_auth.c>
385 ## LoadModule auth_module modules/mod_auth.so
391 # AuthUserFile "$ENV{CONF_DIR}/htpasswd"
392 # Require user nobody
395 # SecRequestBodyAccess On
396 # SecResponseBodyAccess On
397 # SecResponseBodyMimeType null
398 ## SecDebugLog $ENV{DEBUG_LOG}
399 ## SecDebugLogLevel 9
400 # SecRule REQUEST_HEADERS:Authorization "Basic (.*)" "phase:2,log,pass,capture,chain"
401 # SecRule TX:1 "nobody:test" "t:none,t:base64Decode,chain"
402 # SecRule AUTH_TYPE "Basic"
405 # error => [ qr/Pattern match "Basic" at AUTH_TYPE/s, 1 ],
407 # match_response => {
408 # status => qr/^200$/,
410 # request => new HTTP::Request(
411 # GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
413 # "Authorization" => "Basic bm9ib2R5OnRlc3Q="
418 ## ENH: We cannot include this test as we cannot distribute the database.
419 ## Instead we should create a simple test DB of our own.
423 # comment => "GEO (ip)",
426 # SecDebugLog $ENV{DEBUG_LOG}
428 # SecGeoLookupDB GeoLiteCity.dat
429 # SecRule ARGS:ip "\@geoLookup" "phase:2,log,pass,t:none"
430 # SecRule GEO:COUNTRY_CODE "\@streq US" "phase:2,log,pass,t:none"
431 # SecRule GEO:COUNTRY_CODE3 "\@streq USA" "phase:2,log,pass,t:none"
432 # SecRule GEO:COUNTRY_NAME "\@streq United States" "phase:2,log,pass,t:none"
433 # # ENH: Not in this database?
434 # SecRule GEO:COUNTRY_CONTINENT "\@streq NA" "phase:2,log,pass,t:none"
435 # SecRule GEO:REGION "\@streq CA" "phase:2,log,pass,t:none"
436 # SecRule GEO:CITY "\@streq San Diego" "phase:2,log,pass,t:none"
437 # SecRule GEO:POSTAL_CODE "\@streq 92123" "phase:2,log,pass,t:none"
438 # SecRule GEO:LATITUDE "\@beginsWith 32.8" "phase:2,log,pass,t:none"
439 # SecRule GEO:LONGITUDE "\@beginsWith 117.1" "phase:2,log,pass,t:none"
440 # SecRule GEO:DMA_CODE "\@streq 825" "phase:2,log,pass,t:none"
441 # SecRule GEO:AREA_CODE "\@streq 858" "phase:2,log,pass,t:none"
444 # debug => [ qr/Geo lookup for "216.75.21.122" succeeded.*match "US" at GEO:COUNTRY_CODE.*match "USA" at GEO:COUNTRY_CODE3.*match "United States" at GEO:COUNTRY_NAME.*match "NA" at GEO:COUNTRY_CONTINENT.*match "CA" at GEO:REGION.*match "San Diego" at GEO:CITY.*match "92123" at GEO:POSTAL_CODE.*match "32.8" at GEO:LATITUDE.*match "825" at GEO:DMA_CODE.*match "858" at GEO:AREA_CODE/si, 1 ],
446 # match_response => {
447 # status => qr/^200$/,
449 # request => new HTTP::Request(
450 # GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?ip=216.75.21.122",
455 # comment => "GEO (host)",
458 # SecDebugLog $ENV{DEBUG_LOG}
460 # SecGeoLookupDB GeoLiteCity.dat
461 # SecRule ARGS:host "\@geoLookup" "phase:2,log,pass,t:none"
462 # SecRule GEO:COUNTRY_CODE "\@streq US" "phase:2,log,pass,t:none"
463 # SecRule GEO:COUNTRY_CODE3 "\@streq USA" "phase:2,log,pass,t:none"
464 # SecRule GEO:COUNTRY_NAME "\@streq United States" "phase:2,log,pass,t:none"
465 # # ENH: Not in this database?
466 # SecRule GEO:COUNTRY_CONTINENT "\@streq NA" "phase:2,log,pass,t:none"
467 # SecRule GEO:REGION "\@streq CA" "phase:2,log,pass,t:none"
468 # SecRule GEO:CITY "\@streq San Diego" "phase:2,log,pass,t:none"
469 # SecRule GEO:POSTAL_CODE "\@streq 92123" "phase:2,log,pass,t:none"
470 # SecRule GEO:LATITUDE "\@beginsWith 32.8" "phase:2,log,pass,t:none"
471 # SecRule GEO:LONGITUDE "\@beginsWith 117.1" "phase:2,log,pass,t:none"
472 # SecRule GEO:DMA_CODE "\@streq 825" "phase:2,log,pass,t:none"
473 # SecRule GEO:AREA_CODE "\@streq 858" "phase:2,log,pass,t:none"
476 # debug => [ qr/Using address "\d+\.\d+\.\d+\.\d+".*Geo lookup for "www\.modsecurity\.org" succeeded.*match "US" at GEO:COUNTRY_CODE.*match "USA" at GEO:COUNTRY_CODE3.*match "United States" at GEO:COUNTRY_NAME.*match "NA" at GEO:COUNTRY_CONTINENT.*match "CA" at GEO:REGION.*match "San Diego" at GEO:CITY.*match "92123" at GEO:POSTAL_CODE.*match "32.8" at GEO:LATITUDE.*match "825" at GEO:DMA_CODE.*match "858" at GEO:AREA_CODE/si, 1 ],
478 # match_response => {
479 # status => qr/^200$/,
481 # request => new HTTP::Request(
482 # GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?host=www.modsecurity.org",
487 # comment => "GEO (failed lookup)",
490 # SecDebugLog $ENV{DEBUG_LOG}
492 # SecGeoLookupDB GeoLiteCity.dat
493 # SecRule ARGS:ip "\@geoLookup" "phase:2,log,pass,t:none"
494 # SecRule \&GEO "\@eq 0" "phase:2,log,deny,status:403,t:none"
495 # SecRule ARGS:badip "\@geoLookup" "phase:2,log,pass,t:none"
496 # SecRule \&GEO "!\@eq 0" "phase:2,log,deny,status:403,t:none"
499 # -debug => [ qr/Geo lookup for "127\.0\.0\.1" succeeded/si, 1 ],
501 # match_response => {
502 # status => qr/^200$/,
504 # request => new HTTP::Request(
505 # GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?ip=216.75.21.122&badip=127.0.0.1",
511 # TODO: FILES_COMBINED_SIZE
514 # TODO: FILES_TMPNAMES
515 # TODO: HIGHEST_SEVERITY
517 # TODO: MATCHED_VAR_NAME
519 # TODO: MULTIPART_CRLF_LF_LINES
520 # TODO: MULTIPART_STRICT_ERROR
521 # TODO: MULTIPART_UNMATCHED_BOUNDARY
528 # TODO: REQBODY_PROCESSOR
529 # TODO: REQBODY_PROCESSOR_ERROR
530 # TODO: REQBODY_PROCESSOR_ERROR_MSG
531 # TODO: REQUEST_BASENAME
533 # TODO: REQUEST_COOKIES
534 # TODO: REQUEST_COOKIES_NAMES
535 # TODO: REQUEST_FILENAME
536 # TODO: REQUEST_HEADERS
537 # TODO: REQUEST_HEADERS_NAMES
539 # TODO: REQUEST_METHOD
540 # TODO: REQUEST_PROTOCOL
542 # TODO: REQUEST_URI_RAW
543 # TODO: RESPONSE_BODY
544 # TODO: RESPONSE_CONTENT_LENGTH
545 # TODO: RESPONSE_CONTENT_TYPE
546 # TODO: RESPONSE_HEADERS
547 # TODO: RESPONSE_HEADERS_NAMES
548 # TODO: RESPONSE_PROTOCOL
549 # TODO: RESPONSE_STATUS
551 # TODO: SCRIPT_BASENAME
552 # TODO: SCRIPT_FILENAME
554 # TODO: SCRIPT_GROUPNAME
557 # TODO: SCRIPT_USERNAME
575 # TODO: WEBSERVER_ERROR_LOG