1[ 2 { 3 "enabled":1, 4 "version_min":300000, 5 "version_max":0, 6 "title":"Testing action :: SecDefaultAction: supporting transformation", 7 "client":{ 8 "ip":"200.249.12.31", 9 "port":2313 10 }, 11 "server":{ 12 "ip":"200.249.12.31", 13 "port":80 14 }, 15 "request":{ 16 "headers":{ 17 "User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 18 "Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 19 "Accept-Language":"en-us,en;q=0.5", 20 "Accept-Encoding":"gzip,deflate", 21 "Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7", 22 "Keep-Alive":"300", 23 "Connection":"keep-alive", 24 "Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 25 "Pragma":"no-cache", 26 "Cache-Control":"no-cache" 27 }, 28 "uri":"\/test.pl?param1= test ¶m2=test2", 29 "method":"GET", 30 "http_version":1.1, 31 "body":"" 32 }, 33 "response":{ 34 "headers":{ 35 "Content-Type":"text\/xml; charset=utf-8\n\r", 36 "Content-Length":"length\n\r" 37 }, 38 "body":[ 39 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r", 40 "<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r", 41 " <soap:Body>\n\r", 42 " <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r", 43 " <EnlightenResult>string<\/EnlightenResult>\n\r", 44 " <\/EnlightenResponse>\n\r", 45 " <\/soap:Body>\n\r", 46 "<\/soap:Envelope>\n\r" 47 ] 48 }, 49 "expected":{ 50 "audit_log":"", 51 "debug_log":"lowercase: \"300\"", 52 "error_log":"" 53 }, 54 "rules":[ 55 "SecRuleEngine On", 56 "SecDefaultAction \"phase:2,t:lowercase,pass\"", 57 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 58 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 59 ] 60 }, 61 { 62 "enabled":1, 63 "version_min":300000, 64 "version_max":0, 65 "title":"Testing action :: SecDefaultAction: supporting transformation + t:none", 66 "client":{ 67 "ip":"200.249.12.31", 68 "port":2313 69 }, 70 "server":{ 71 "ip":"200.249.12.31", 72 "port":80 73 }, 74 "request":{ 75 "headers":{ 76 "User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 77 "Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 78 "Accept-Language":"en-us,en;q=0.5", 79 "Accept-Encoding":"gzip,deflate", 80 "Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7", 81 "Keep-Alive":"300", 82 "Connection":"keep-alive", 83 "Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 84 "Pragma":"no-cache", 85 "Cache-Control":"no-cache" 86 }, 87 "uri":"\/test.pl?param1= test ¶m2=test2", 88 "method":"GET", 89 "http_version":1.1, 90 "body":"" 91 }, 92 "response":{ 93 "headers":{ 94 "Content-Type":"text\/xml; charset=utf-8\n\r", 95 "Content-Length":"length\n\r" 96 }, 97 "body":[ 98 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r", 99 "<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r", 100 " <soap:Body>\n\r", 101 " <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r", 102 " <EnlightenResult>string<\/EnlightenResult>\n\r", 103 " <\/EnlightenResponse>\n\r", 104 " <\/soap:Body>\n\r", 105 "<\/soap:Envelope>\n\r" 106 ] 107 }, 108 "expected":{ 109 "audit_log":"", 110 "debug_log":" Target value: \"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120\" ", 111 "error_log":"" 112 }, 113 "rules":[ 114 "SecRuleEngine On", 115 "SecDefaultAction \"phase:2,t:lowercase,pass\"", 116 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"t:none,phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 117 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 118 ] 119 }, 120 { 121 "enabled":1, 122 "version_min":300000, 123 "version_max":0, 124 "title":"Testing action :: SecDefaultAction: t:none", 125 "expected":{ 126 "parser_error":"The transformation none is not suitable to be part of the SecDefaultActions" 127 }, 128 "rules":[ 129 "SecRuleEngine On", 130 "SecDefaultAction \"phase:2,t:none\"", 131 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"t:none,phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 132 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 133 ] 134 }, 135 { 136 "enabled":1, 137 "version_min":300000, 138 "version_max":0, 139 "title":"Testing action :: SecDefaultAction: simple test", 140 "client":{ 141 "ip":"200.249.12.31", 142 "port":2313 143 }, 144 "server":{ 145 "ip":"200.249.12.31", 146 "port":80 147 }, 148 "request":{ 149 "headers":{ 150 "User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 151 "Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 152 "Accept-Language":"en-us,en;q=0.5", 153 "Accept-Encoding":"gzip,deflate", 154 "Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7", 155 "Keep-Alive":"300", 156 "Connection":"keep-alive", 157 "Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 158 "Pragma":"no-cache", 159 "Cache-Control":"no-cache" 160 }, 161 "uri":"\/test.pl?param1= test ¶m2=test2", 162 "method":"GET", 163 "http_version":1.1, 164 "body":"" 165 }, 166 "response":{ 167 "headers":{ 168 "Content-Type":"text\/xml; charset=utf-8\n\r", 169 "Content-Length":"length\n\r" 170 }, 171 "body":[ 172 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r", 173 "<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r", 174 " <soap:Body>\n\r", 175 " <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r", 176 " <EnlightenResult>string<\/EnlightenResult>\n\r", 177 " <\/EnlightenResponse>\n\r", 178 " <\/soap:Body>\n\r", 179 "<\/soap:Envelope>\n\r" 180 ] 181 }, 182 "expected":{ 183 "audit_log":"", 184 "debug_log":"Saving msg: This is a test, text\/html,application", 185 "error_log":"" 186 }, 187 "rules":[ 188 "SecRuleEngine On", 189 "SecDefaultAction \"phase:2,log,auditlog,pass\"", 190 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"id:1,t:lowercase,t:none,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 191 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 192 ] 193 }, 194 { 195 "enabled":1, 196 "version_min":300000, 197 "version_max":0, 198 "title":"Testing action :: SecDefaultAction: action not suitable", 199 "expected":{ 200 "parser_error":"The action 'id' is not suitable to be part of the SecDefaultActions" 201 }, 202 "rules":[ 203 "SecRuleEngine On", 204 "SecDefaultAction \"phase:2,id:1,log,auditlog,pass,tag:'teste'\"", 205 206 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"id:1,tag:'teste',t:lowercase,t:none,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 207 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 208 ] 209 }, 210 { 211 "enabled":1, 212 "version_min":300000, 213 "version_max":0, 214 "title":"Testing action :: SecDefaultAction: twice", 215 "expected":{ 216 "parser_error":"SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already." 217 }, 218 "rules":[ 219 "SecRuleEngine On", 220 "SecDefaultAction \"phase:2,log,auditlog,pass,tag:'teste'\"", 221 "SecDefaultAction \"phase:2,log,auditlog,pass,tag:'teste'\"", 222 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"id:1,tag:'teste',t:lowercase,t:none,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", 223 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" 224 ] 225 }, 226 { 227 "enabled":1, 228 "version_min":300000, 229 "version_max":0, 230 "title":"Testing action :: SecDefaultAction: status + redirect", 231 "client":{ 232 "ip":"200.249.12.31", 233 "port":2313 234 }, 235 "server":{ 236 "ip":"200.249.12.31", 237 "port":80 238 }, 239 "request":{ 240 "headers":{ 241 "User-Agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 242 "Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 243 "Accept-Language":"en-us,en;q=0.5", 244 "Accept-Encoding":"gzip,deflate", 245 "Accept-Charset":"ISO-8859-1,utf-8;q=0.7,*;q=0.7", 246 "Keep-Alive":"300", 247 "Connection":"keep-alive", 248 "Cookie":"PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 249 "Pragma":"no-cache", 250 "Cache-Control":"no-cache" 251 }, 252 "uri":"\/test.pl?param1= test ¶m2=test2", 253 "method":"GET", 254 "http_version":1.1, 255 "body":"" 256 }, 257 "response":{ 258 "headers":{ 259 "Content-Type":"text\/xml; charset=utf-8\n\r", 260 "Content-Length":"length\n\r" 261 }, 262 "body":[ 263 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r", 264 "<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r", 265 " <soap:Body>\n\r", 266 " <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r", 267 " <EnlightenResult>string<\/EnlightenResult>\n\r", 268 " <\/EnlightenResponse>\n\r", 269 " <\/soap:Body>\n\r", 270 "<\/soap:Envelope>\n\r" 271 ] 272 }, 273 "expected":{ 274 "audit_log":"", 275 "debug_log":"Request was relevant to be saved.", 276 "http_code": 302 277 }, 278 "rules":[ 279 "SecRuleEngine On", 280 "SecDefaultAction \"phase:2,log,auditlog,status:302,redirect:'http://www.google.com'\"", 281 "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,block\"", 282 "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none,block\"" 283 ] 284 } 285] 286