1[ 2 { 3 "enabled":1, 4 "version_min":300000, 5 "title":"Variable key selection using a regular expression (1/n)", 6 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 7 "gihub_issue": 2296, 8 "client":{ 9 "ip":"200.249.12.31", 10 "port":123 11 }, 12 "server":{ 13 "ip":"200.249.12.31", 14 "port":80 15 }, 16 "request":{ 17 "headers":{ 18 "Host":"localhost", 19 "User-Agent":"curl/7.38.0", 20 "name1": "value1" 21 }, 22 "uri":"/?THIS=is+a+simple+test", 23 "method":"GET" 24 }, 25 "response":{ 26 "headers":{ 27 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 28 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 29 "Content-Type":"text/html" 30 }, 31 "body":[ 32 "no need." 33 ] 34 }, 35 "expected":{ 36 "http_code":200, 37 "debug_log":"Target value: \"is a simple test\"", 38 "error_log":"Operator `Rx' with parameter `test' against variable `ARGS:THIS'" 39 }, 40 "rules":[ 41 "SecRuleEngine On", 42 "SecRule ARGS:/^ThIs$/ \"test\" \"id:1\"" 43 ] 44 }, 45 { 46 "enabled":1, 47 "version_min":300000, 48 "title":"Variable key selection using a regular expression (2/n)", 49 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 50 "gihub_issue": 2296, 51 "client":{ 52 "ip":"200.249.12.31", 53 "port":123 54 }, 55 "server":{ 56 "ip":"200.249.12.31", 57 "port":80 58 }, 59 "request":{ 60 "headers":{ 61 "Host":"localhost", 62 "User-Agent":"curl/7.38.0", 63 "name1": "value1" 64 }, 65 "uri":"/?THIS=is+a+simple+test", 66 "method":"GET" 67 }, 68 "response":{ 69 "headers":{ 70 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 71 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 72 "Content-Type":"text/html" 73 }, 74 "body":[ 75 "no need." 76 ] 77 }, 78 "expected":{ 79 "http_code":200, 80 "debug_log":"Rule returned 0", 81 "error_log":"" 82 }, 83 "rules":[ 84 "SecRuleEngine On", 85 "SecRule ARGS:/^ThIz$/ \"test\" \"id:1,deny,status:302\"" 86 ] 87 }, 88 { 89 "enabled":1, 90 "version_min":300000, 91 "title":"Variable key selection using a regular expression - msg (3/n)", 92 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 93 "gihub_issue": 2296, 94 "client":{ 95 "ip":"200.249.12.31", 96 "port":123 97 }, 98 "server":{ 99 "ip":"200.249.12.31", 100 "port":80 101 }, 102 "request":{ 103 "headers":{ 104 "Host":"localhost", 105 "User-Agent":"curl/7.38.0", 106 "name1": "value1" 107 }, 108 "uri":"/?THIS=is+a+simple+test", 109 "method":"GET" 110 }, 111 "response":{ 112 "headers":{ 113 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 114 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 115 "Content-Type":"text/html" 116 }, 117 "body":[ 118 "no need." 119 ] 120 }, 121 "expected":{ 122 "http_code":200, 123 "debug_log":"Target value: \"is a simple test\"", 124 "error_log":"msg \"Testing is a simple test\"" 125 }, 126 "rules":[ 127 "SecRuleEngine On", 128 "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}'\"" 129 ] 130 }, 131 { 132 "enabled":1, 133 "version_min":300000, 134 "title":"Variable key selection using a regular expression - matched_vars (4/n)", 135 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 136 "gihub_issue": 2296, 137 "client":{ 138 "ip":"200.249.12.31", 139 "port":123 140 }, 141 "server":{ 142 "ip":"200.249.12.31", 143 "port":80 144 }, 145 "request":{ 146 "headers":{ 147 "Host":"localhost", 148 "User-Agent":"curl/7.38.0", 149 "name1": "value1" 150 }, 151 "uri":"/?THIS=is+a+simple+test", 152 "method":"GET" 153 }, 154 "response":{ 155 "headers":{ 156 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 157 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 158 "Content-Type":"text/html" 159 }, 160 "body":[ 161 "no need." 162 ] 163 }, 164 "expected":{ 165 "http_code":200, 166 "debug_log":"Target value: \"is a simple test\"", 167 "error_log":"msg \"Testing is a simple test\"" 168 }, 169 "rules":[ 170 "SecRuleEngine On", 171 "SecRule ARGS:/^ThIs$/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}',chain\"", 172 "SecRule MATCHED_VARS:/thIs/ \"is a simple test\" \"log\"" 173 ] 174 }, 175 { 176 "enabled":1, 177 "version_min":300000, 178 "title":"Variable key selection using a regular expression - rule (5/n)", 179 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 180 "gihub_issue": 2296, 181 "client":{ 182 "ip":"200.249.12.31", 183 "port":123 184 }, 185 "server":{ 186 "ip":"200.249.12.31", 187 "port":80 188 }, 189 "request":{ 190 "headers":{ 191 "Host":"localhost", 192 "User-Agent":"curl/7.38.0", 193 "name1": "value1" 194 }, 195 "uri":"/?THIS=is+a+simple+test", 196 "method":"GET" 197 }, 198 "response":{ 199 "headers":{ 200 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 201 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 202 "Content-Type":"text/html" 203 }, 204 "body":[ 205 "no need." 206 ] 207 }, 208 "expected":{ 209 "http_code":403, 210 "debug_log":"Target value: .1. .Variable: RULE:id.", 211 "error_log":"Operator `Rx' with parameter `1' against variable `RULE:id' .Value: `1' ." 212 }, 213 "rules":[ 214 "SecRuleEngine On", 215 "SecRule RULE:/^Id$/ \"1\" \"id:1,msg:'Testing %{RULE.id}% -- ',deny\"" 216 ] 217 }, 218 { 219 "enabled":1, 220 "version_min":300000, 221 "title":"Variable key selection using a regular expression - TX (6/n)", 222 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 223 "gihub_issue": 2296, 224 "client":{ 225 "ip":"200.249.12.31", 226 "port":123 227 }, 228 "server":{ 229 "ip":"200.249.12.31", 230 "port":80 231 }, 232 "request":{ 233 "headers":{ 234 "Host":"localhost", 235 "User-Agent":"curl/7.38.0", 236 "name1": "value1" 237 }, 238 "uri":"/", 239 "method":"GET" 240 }, 241 "response":{ 242 "headers":{ 243 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 244 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 245 "Content-Type":"text/html" 246 }, 247 "body":[ 248 "no need." 249 ] 250 }, 251 "expected":{ 252 "http_code":437, 253 "error_log":"`Within' with parameter `/name1/' against variable `TX:header_name_name1'" 254 }, 255 "rules":[ 256 "SecRuleEngine On", 257 "SecAction \"id:1,phase:1,setvar:'TX.restricted_headers=/name1/'\"", 258 "SecRule REQUEST_HEADERS_NAMES \"^.*$\" \"id:2,phase:2,setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',deny,status:437,chain,capture\"", 259 "SecRule TX:/^header_name_/ \"@within %{TX:/esTrictEd_headers/}\" \"setvar:'tx.matched=1'\"" 260 ] 261 }, 262 { 263 "enabled":1, 264 "version_min":300000, 265 "title":"Variable key selection using a regular expression - TX (7/n)", 266 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 267 "gihub_issue": 2296, 268 "client":{ 269 "ip":"200.249.12.31", 270 "port":123 271 }, 272 "server":{ 273 "ip":"200.249.12.31", 274 "port":80 275 }, 276 "request":{ 277 "headers":{ 278 "Host":"localhost", 279 "User-Agent":"curl/7.38.0", 280 "name1": "value1" 281 }, 282 "uri":"/", 283 "method":"GET" 284 }, 285 "response":{ 286 "headers":{ 287 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 288 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 289 "Content-Type":"text/html" 290 }, 291 "body":[ 292 "no need." 293 ] 294 }, 295 "expected":{ 296 "http_code":437, 297 "error_log":"`Within' with parameter `/name1/' against variable `TX:header_name_name1'" 298 }, 299 "rules":[ 300 "SecRuleEngine On", 301 "SecAction \"id:1,phase:1,setvar:'TX.restricted_headers=/name1/'\"", 302 "SecRule REQUEST_HEADERS_NAMES \"^.*$\" \"id:2,phase:2,setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',deny,status:437,capture,chain\"", 303 "SecRule TX:/^HEADER_NAME_/ \"@within %{tx.restricted_headers}\" \"setvar:'tx.matched=1',log\"" 304 ] 305 }, 306 { 307 "enabled":1, 308 "version_min":300000, 309 "title":"Variable key selection using a regular expression - exclusion (8/n)", 310 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 311 "gihub_issue": 2296, 312 "client":{ 313 "ip":"200.249.12.31", 314 "port":123 315 }, 316 "server":{ 317 "ip":"200.249.12.31", 318 "port":80 319 }, 320 "request":{ 321 "headers":{ 322 "Host":"localhost", 323 "User-Agent":"curl/7.38.0", 324 "name1": "value1" 325 }, 326 "uri":"/?THIS=is+a+simple+test", 327 "method":"GET" 328 }, 329 "response":{ 330 "headers":{ 331 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 332 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 333 "Content-Type":"text/html" 334 }, 335 "body":[ 336 "no need." 337 ] 338 }, 339 "expected":{ 340 "http_code":200 341 }, 342 "rules":[ 343 "SecRuleEngine On", 344 "SecRule ARGS \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}',deny,status:500,chain\"", 345 "SecRule MATCHED_VARS:/thIs/ \"is a simple test\" \"log\"", 346 "SecRuleUpdateTargetById 1 !ARGS:/ThIs/" 347 ] 348 }, 349 { 350 "enabled":1, 351 "version_min":300000, 352 "title":"Variable key selection using a regular expression - exclusion/ARGS (9/n)", 353 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 354 "gihub_issue": 2296, 355 "client":{ 356 "ip":"200.249.12.31", 357 "port":123 358 }, 359 "server":{ 360 "ip":"200.249.12.31", 361 "port":80 362 }, 363 "request":{ 364 "headers":{ 365 "Host":"localhost", 366 "User-Agent":"curl/7.38.0", 367 "name1": "value1" 368 }, 369 "uri":"/?THIS=is+a+simple+test", 370 "method":"GET" 371 }, 372 "response":{ 373 "headers":{ 374 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 375 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 376 "Content-Type":"text/html" 377 }, 378 "body":[ 379 "no need." 380 ] 381 }, 382 "expected":{ 383 "http_code":200 384 }, 385 "rules":[ 386 "SecRuleEngine On", 387 "SecRule ARGS|!ARGS:/tHiS/ \"test\" \"id:1,msg:'Testing %{ARGS:/^ThIs$/}',deny,status:500,chain\"", 388 "SecRule MATCHED_VARS:/thIs/ \"is a simple test\" \"log\"" 389 ] 390 }, 391 { 392 "enabled":1, 393 "version_min":300000, 394 "title":"Variable key selection using a regular expression - exclusion/TX (10/n)", 395 "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/2296", 396 "gihub_issue": 2296, 397 "client":{ 398 "ip":"200.249.12.31", 399 "port":123 400 }, 401 "server":{ 402 "ip":"200.249.12.31", 403 "port":80 404 }, 405 "request":{ 406 "headers":{ 407 "Host":"localhost", 408 "User-Agent":"curl/7.38.0", 409 "name1": "value1" 410 }, 411 "uri":"/?THIS=is+a+simple+test", 412 "method":"GET" 413 }, 414 "response":{ 415 "headers":{ 416 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 417 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 418 "Content-Type":"text/html" 419 }, 420 "body":[ 421 "no need." 422 ] 423 }, 424 "expected":{ 425 "http_code":200 426 }, 427 "rules":[ 428 "SecRuleEngine On", 429 "SecAction \"phase:1,setvar:'tx.a=10'\"", 430 "SecRule TX|!TX:/a/ \"10\" \"id:10,deny,status:500\"" 431 ] 432 } 433] 434