1[ 2 { 3 "enabled":1, 4 "version_min":300000, 5 "title":"Testing ctl:ruleRemoveById - issue 2099", 6 "expected":{ 7 "http_code":200 8 }, 9 "client":{ 10 "ip":"200.249.12.31", 11 "port":123 12 }, 13 "request":{ 14 "headers":{ 15 "Host":"localhost", 16 "User-Agent":"curl/7.38.0", 17 "Accept":"*/*" 18 }, 19 "uri":"/remote.php/webdav?bar=foo", 20 "method":"GET", 21 "body": "" 22 }, 23 "server":{ 24 "ip":"200.249.12.31", 25 "port":80 26 }, 27 "rules":[ 28 "SecRuleEngine On", 29 "SecRequestBodyAccess On", 30 "SecRule REQUEST_FILENAME \"@contains /remote.php/webdav\" \"id:9003100,phase:2,pass,t:none,nolog,ctl:ruleRemoveByTag=attack-injection-php,ctl:ruleRemoveById=941000-942999,ctl:ruleRemoveById=951000-951999,ctl:ruleRemoveById=953100-953130,ctl:ruleRemoveById=920420,ctl:ruleRemoveById=920440\"", 31 "SecRule ARGS \"@contains foo\" \"id:951001,phase:2,t:none,drop\"" 32 ] 33 }, 34 { 35 "enabled":1, 36 "version_min":300000, 37 "title":"Testing ctl:ruleRemoveById against - issue 2099", 38 "expected":{ 39 "http_code":403 40 }, 41 "client":{ 42 "ip":"200.249.12.31", 43 "port":123 44 }, 45 "request":{ 46 "headers":{ 47 "Host":"localhost", 48 "User-Agent":"curl/7.38.0", 49 "Accept":"*/*" 50 }, 51 "uri":"/remote.php?bar=foo", 52 "method":"GET", 53 "body": "" 54 }, 55 "server":{ 56 "ip":"200.249.12.31", 57 "port":80 58 }, 59 "rules":[ 60 "SecRuleEngine On", 61 "SecRequestBodyAccess On", 62 "SecRule REQUEST_FILENAME \"@contains /remote.php/webdav\" \"id:9003100,phase:2,pass,t:none,nolog,ctl:ruleRemoveByTag=attack-injection-php,ctl:ruleRemoveById=941000-942999,ctl:ruleRemoveById=951000-951999,ctl:ruleRemoveById=953100-953130,ctl:ruleRemoveById=920420,ctl:ruleRemoveById=920440\"", 63 "SecRule ARGS \"@contains foo\" \"id:951001,phase:2,t:none,drop\"" 64 ] 65 }, 66 { 67 "enabled":1, 68 "version_min":300000, 69 "title":"Testing ctl:ruleRemoveByTag - issue 2099", 70 "expected":{ 71 "http_code":200 72 }, 73 "client":{ 74 "ip":"200.249.12.31", 75 "port":123 76 }, 77 "request":{ 78 "headers":{ 79 "Host":"localhost", 80 "User-Agent":"curl/7.38.0", 81 "Accept":"*/*" 82 }, 83 "uri":"/remote.php/webdav?bar=foo", 84 "method":"GET", 85 "body": "" 86 }, 87 "server":{ 88 "ip":"200.249.12.31", 89 "port":80 90 }, 91 "rules":[ 92 "SecRuleEngine On", 93 "SecRequestBodyAccess On", 94 "SecRule REQUEST_FILENAME \"@contains /remote.php/webdav\" \"id:1000001,phase:2,pass,t:none,nolog,ctl:ruleRemoveByTag=attack-injection-php,ctl:ruleRemoveById=1100000-2100000,ctl:ruleRemoveById=9990000\"", 95 "SecRule ARGS \"@contains foo\" \"id:4400000,tag:'attack-injection-php',phase:2,t:none,msg:'test rule',drop\"" 96 ] 97 }, 98 { 99 "enabled":1, 100 "version_min":300000, 101 "title":"Testing ctl:ruleRemoveByTag against - issue 2099", 102 "expected":{ 103 "http_code":403 104 }, 105 "client":{ 106 "ip":"200.249.12.31", 107 "port":123 108 }, 109 "request":{ 110 "headers":{ 111 "Host":"localhost", 112 "User-Agent":"curl/7.38.0", 113 "Accept":"*/*" 114 }, 115 "uri":"/remote.php?bar=foo", 116 "method":"GET", 117 "body": "" 118 }, 119 "server":{ 120 "ip":"200.249.12.31", 121 "port":80 122 }, 123 "rules":[ 124 "SecRuleEngine On", 125 "SecRequestBodyAccess On", 126 "SecRule REQUEST_FILENAME \"@contains /remote.php/webdav\" \"id:1000001,phase:2,pass,t:none,nolog,ctl:ruleRemoveByTag=attack-injection-php,ctl:ruleRemoveById=1100000-2100000,ctl:ruleRemoveById=9990000\"", 127 "SecRule ARGS \"@contains foo\" \"id:4400000,tag:'attack-injection-php',phase:2,t:none,msg:'test rule',drop\"" 128 ] 129 }, 130 { 131 "enabled":1, 132 "version_min":300000, 133 "title":"Testing ctl:ruleRemoveTargetByTag - issue 2099", 134 "expected":{ 135 "http_code":200 136 }, 137 "client":{ 138 "ip":"1.2.3.4", 139 "port":123 140 }, 141 "request":{ 142 "headers":{ 143 "Host":"localhost", 144 "User-Agent":"curl/7.38.0", 145 "Accept":"*/*" 146 }, 147 "uri":"/test.php?a=a", 148 "method":"GET", 149 "body": "" 150 }, 151 "server":{ 152 "ip":"200.249.12.31", 153 "port":80 154 }, 155 "rules":[ 156 "SecRuleEngine On", 157 "SecRequestBodyAccess On", 158 "SecRule REQUEST_URI \"@contains /test.php\" \"id:100,phase:1,nolog,pass,ctl:ruleRemoveTargetByTag=attack-injection-php;ARGS:a,ctl:ruleRemoveTargetByTag=attack-rce;ARGS:a\"", 159 "SecRule ARGS \"@contains a\" \"id:4400000,tag:'attack-injection-php',phase:2,t:none,msg:'test rule',drop\"" 160 ] 161 }, 162 { 163 "enabled":1, 164 "version_min":300000, 165 "title":"Testing ctl:ruleRemoveTargetByTag against - issue 2099", 166 "expected":{ 167 "http_code":403 168 }, 169 "client":{ 170 "ip":"1.2.3.4", 171 "port":123 172 }, 173 "request":{ 174 "headers":{ 175 "Host":"localhost", 176 "User-Agent":"curl/7.38.0", 177 "Accept":"*/*" 178 }, 179 "uri":"/index.php?a=a", 180 "method":"GET", 181 "body": "" 182 }, 183 "server":{ 184 "ip":"200.249.12.31", 185 "port":80 186 }, 187 "rules":[ 188 "SecRuleEngine On", 189 "SecRequestBodyAccess On", 190 "SecRule REQUEST_URI \"@contains /test.php\" \"id:100,phase:1,nolog,pass,ctl:ruleRemoveTargetByTag=attack-injection-php;ARGS:a,ctl:ruleRemoveTargetByTag=attack-rce;ARGS:a\"", 191 "SecRule ARGS \"@contains a\" \"id:4400000,tag:'attack-injection-php',phase:2,t:none,msg:'test rule',drop\"" 192 ] 193 } 194] 195 196