1[ 2 { 3 "enabled":1, 4 "version_min":300000, 5 "title":"Variable offset - ARGS", 6 "request":{ 7 "headers":{ 8 "Host":"localhost", 9 "Content-Length": "27", 10 "Content-Type": "application/x-www-form-urlencoded" 11 }, 12 "uri":"/index.html?param1=value1¶m2=value1", 13 "method":"GET" 14 }, 15 "response":{ 16 "headers":{ 17 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 18 "Content-Type":"text/html" 19 }, 20 "body":[ 21 "no need." 22 ] 23 }, 24 "expected":{ 25 "error_log":"o0,3v23,6t:trim" 26 }, 27 "rules":[ 28 "SecRule ARGS \"@rx val\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 29 ] 30 }, 31 { 32 "enabled":1, 33 "version_min":300000, 34 "title":"Variable offset - ARGS_GET", 35 "request":{ 36 "headers":{ 37 "Host":"localhost", 38 "Content-Length": "27", 39 "Content-Type": "application/x-www-form-urlencoded" 40 }, 41 "uri":"/index.html?param1=value1¶m2=value2", 42 "method":"GET" 43 }, 44 "response":{ 45 "headers":{ 46 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 47 "Content-Type":"text/html" 48 }, 49 "body":[ 50 "no need." 51 ] 52 }, 53 "expected":{ 54 "error_log":"o3,3v37,6t:trim" 55 }, 56 "rules":[ 57 "SecRule ARGS_GET \"@rx ue2\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 58 ] 59 }, 60 { 61 "enabled":1, 62 "version_min":300000, 63 "title":"Variable offset - ARGS_POST 1", 64 "request":{ 65 "headers":{ 66 "Host":"localhost", 67 "Content-Length": "27", 68 "Content-Type": "application/x-www-form-urlencoded" 69 }, 70 "uri":"/index.html?param1=value1¶m2=value1", 71 "method":"POST", 72 "body":[ 73 "param1=value1¶m2=value1" 74 ] 75 }, 76 "response":{ 77 "headers":{ 78 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 79 "Content-Type":"text/html" 80 }, 81 "body":[ 82 "no need." 83 ] 84 }, 85 "expected":{ 86 "error_log":"o3,3v142,6t:trim" 87 }, 88 "rules":[ 89 "SecRequestBodyAccess On", 90 "SecRule ARGS_POST \"@rx ue1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 91 ] 92 }, 93 { 94 "enabled":1, 95 "version_min":300000, 96 "title":"Variable offset - ARGS_POST 2", 97 "request":{ 98 "headers":{ 99 "Host":"localhost", 100 "Content-Length": "27", 101 "Content-Type": "application/x-www-form-urlencoded" 102 }, 103 "uri":"/index.html?param1=value1¶m2=value1", 104 "method":"POST", 105 "body":[ 106 "param1=value1¶m2=value2¶m3=value3" 107 ] 108 }, 109 "response":{ 110 "headers":{ 111 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 112 "Content-Type":"text/html" 113 }, 114 "body":[ 115 "no need." 116 ] 117 }, 118 "expected":{ 119 "error_log":"o3,3v156,6t:trim" 120 }, 121 "rules":[ 122 "SecRequestBodyAccess On", 123 "SecRule ARGS_POST \"@rx ue2\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 124 ] 125 }, 126 { 127 "enabled":1, 128 "version_min":300000, 129 "title":"Variable offset - ARGS_GET_NAMES 1", 130 "request":{ 131 "headers":{ 132 "Host":"localhost", 133 "Content-Length": "27", 134 "Content-Type": "application/x-www-form-urlencoded" 135 }, 136 "uri":"/index.html?param1=value1¶m2=value1", 137 "method":"POST", 138 "body":[ 139 "param1=value1¶m2=value2¶m3=value3" 140 ] 141 }, 142 "response":{ 143 "headers":{ 144 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 145 "Content-Type":"text/html" 146 }, 147 "body":[ 148 "no need." 149 ] 150 }, 151 "expected":{ 152 "error_log":"o0,6v17,6t:trim" 153 }, 154 "rules":[ 155 "SecRequestBodyAccess On", 156 "SecRule ARGS_GET_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 157 ] 158 }, 159 { 160 "enabled":1, 161 "version_min":300000, 162 "title":"Variable offset - ARGS_GET_NAMES 2", 163 "request":{ 164 "headers":{ 165 "Host":"localhost", 166 "Content-Length": "27", 167 "Content-Type": "application/x-www-form-urlencoded" 168 }, 169 "uri":"/index.html?param1=value1¶m2=value1", 170 "method":"POST", 171 "body":[ 172 "param1=value1¶m2=value2¶m3=value3" 173 ] 174 }, 175 "response":{ 176 "headers":{ 177 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 178 "Content-Type":"text/html" 179 }, 180 "body":[ 181 "no need." 182 ] 183 }, 184 "expected":{ 185 "error_log":"o0,6v31,6t:trim" 186 }, 187 "rules":[ 188 "SecRequestBodyAccess On", 189 "SecRule ARGS_GET_NAMES \"@rx param2\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 190 ] 191 }, 192 { 193 "enabled":1, 194 "version_min":300000, 195 "title":"Variable offset - ARGS_GET_NAMES 3", 196 "request":{ 197 "headers":{ 198 "Host":"localhost", 199 "Content-Length": "27", 200 "Content-Type": "application/x-www-form-urlencoded" 201 }, 202 "uri":"/index.html?param1=value1¶m2=value1", 203 "method":"POST", 204 "body":[ 205 "param1=value1¶m2=value2¶m3=value3" 206 ] 207 }, 208 "response":{ 209 "headers":{ 210 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 211 "Content-Type":"text/html" 212 }, 213 "body":[ 214 "no need." 215 ] 216 }, 217 "expected":{ 218 // should not match 219 }, 220 "rules":[ 221 "SecRequestBodyAccess On", 222 "SecRule ARGS_GET_NAMES \"@rx am1 par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 223 ] 224 }, 225 { 226 "enabled":1, 227 "version_min":300000, 228 "title":"Variable offset - ARGS_GET_NAMES 4", 229 "request":{ 230 "headers":{ 231 "Host":"localhost", 232 "Content-Length": "27", 233 "Content-Type": "application/x-www-form-urlencoded" 234 }, 235 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 236 "method":"POST", 237 "body":[ 238 "param1=value1¶m2=value2¶m3=value3" 239 ] 240 }, 241 "response":{ 242 "headers":{ 243 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 244 "Content-Type":"text/html" 245 }, 246 "body":[ 247 "no need." 248 ] 249 }, 250 "expected":{ 251 // should not match 252 }, 253 "rules":[ 254 "SecRequestBodyAccess On", 255 "SecRule ARGS_GET_NAMES \"@rx am1 param2 par\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 256 ] 257 }, 258 { 259 "enabled":1, 260 "version_min":300000, 261 "title":"Variable offset - ARGS_POST_NAMES", 262 "request":{ 263 "headers":{ 264 "Host":"localhost", 265 "Content-Length": "27", 266 "Content-Type": "application/x-www-form-urlencoded" 267 }, 268 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 269 "method":"POST", 270 "body":[ 271 "param1=value1¶m2=value2¶m3=value3" 272 ] 273 }, 274 "response":{ 275 "headers":{ 276 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 277 "Content-Type":"text/html" 278 }, 279 "body":[ 280 "no need." 281 ] 282 }, 283 "expected":{ 284 "error_log": "0,6v149,6t:trim" 285 }, 286 "rules":[ 287 "SecRequestBodyAccess On", 288 "SecRule ARGS_POST_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 289 ] 290 }, 291 { 292 "enabled":1, 293 "version_min":300000, 294 "title":"Variable offset - ARGS_NAMES", 295 "request":{ 296 "headers":{ 297 "Host":"localhost", 298 "Content-Length": "27", 299 "Content-Type": "application/x-www-form-urlencoded" 300 }, 301 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 302 "method":"POST", 303 "body":[ 304 "param1=value1¶m2=value2¶m3=value3" 305 ] 306 }, 307 "response":{ 308 "headers":{ 309 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 310 "Content-Type":"text/html" 311 }, 312 "body":[ 313 "no need." 314 ] 315 }, 316 "expected":{ 317 "error_log":"o0,6v17,6t:trim" 318 }, 319 "rules":[ 320 "SecRequestBodyAccess On", 321 "SecRule ARGS_NAMES \"@rx param1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 322 ] 323 }, 324 { 325 "enabled":1, 326 "version_min":300000, 327 "title":"Variable offset - ARGS_COMBINED_SIZE 1", 328 "request":{ 329 "headers":{ 330 "Host":"localhost", 331 "Content-Length": "27", 332 "Content-Type": "application/x-www-form-urlencoded" 333 }, 334 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 335 "method":"GET" 336 }, 337 "response":{ 338 "headers":{ 339 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 340 "Content-Type":"text/html" 341 }, 342 "body":[ 343 "no need." 344 ] 345 }, 346 "expected":{ 347 "error_log":"v16,6v23,6v30,6v37,6v44,6v51,6t:trim" 348 }, 349 "rules":[ 350 "SecRequestBodyAccess On", 351 "SecRule ARGS_COMBINED_SIZE \"@gt 1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 352 ] 353 }, 354 { 355 "enabled":1, 356 "version_min":300000, 357 "title":"Variable offset - ARGS_COMBINED_SIZE 2", 358 "request":{ 359 "headers":{ 360 "Host":"localhost", 361 "Content-Length": "27", 362 "Content-Type": "application/x-www-form-urlencoded" 363 }, 364 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 365 "method":"GET" 366 }, 367 "response":{ 368 "headers":{ 369 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 370 "Content-Type":"text/html" 371 }, 372 "body":[ 373 "no need." 374 ] 375 }, 376 "expected":{ 377 "error_log":"v16,6v23,6v30,6v37,6v44,6v51,6t:trim" 378 }, 379 "rules":[ 380 "SecRequestBodyAccess On", 381 "SecRule ARGS_COMBINED_SIZE \"@gt 1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 382 ] 383 }, 384 { 385 "enabled":1, 386 "version_min":300000, 387 "title":"Variable offset - REQUEST_LINE", 388 "request":{ 389 "headers":{ 390 "Host":"localhost", 391 "Content-Length": "27", 392 "Content-Type": "application/x-www-form-urlencoded", 393 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 394 }, 395 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 396 "method":"GET" 397 }, 398 "response":{ 399 "headers":{ 400 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 401 "Content-Type":"text/html" 402 }, 403 "body":[ 404 "no need." 405 ] 406 }, 407 "expected":{ 408 "error_log":"o23,6v0,63t:trim" 409 }, 410 "rules":[ 411 "SecRequestBodyAccess On", 412 "SecRule REQUEST_LINE \"value1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 413 ] 414 }, 415 { 416 "enabled":1, 417 "version_min":300000, 418 "title":"Variable offset - REQUEST_METHOD", 419 "request":{ 420 "headers":{ 421 "Host":"localhost", 422 "Content-Length": "27", 423 "Content-Type": "application/x-www-form-urlencoded", 424 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 425 }, 426 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 427 "method":"GET", 428 "http_version": 1.1 429 }, 430 "response":{ 431 "headers":{ 432 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 433 "Content-Type":"text/html" 434 }, 435 "body":[ 436 "no need." 437 ] 438 }, 439 "expected":{ 440 "error_log":"o0,3v0,3t:trim" 441 }, 442 "rules":[ 443 "SecRequestBodyAccess On", 444 "SecRule REQUEST_METHOD \"GET\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 445 ] 446 }, 447 { 448 "enabled":1, 449 "version_min":300000, 450 "title":"Variable offset - REQUEST_PROTOCOL", 451 "request":{ 452 "headers":{ 453 "Host":"localhost", 454 "Content-Length": "27", 455 "Content-Type": "application/x-www-form-urlencoded", 456 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 457 }, 458 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 459 "method":"GET", 460 "http_version": 1.1 461 }, 462 "response":{ 463 "headers":{ 464 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 465 "Content-Type":"text/html" 466 }, 467 "body":[ 468 "no need." 469 ] 470 }, 471 "expected":{ 472 "error_log":"o5,3v58,8t:trim" 473 }, 474 "rules":[ 475 "SecRequestBodyAccess On", 476 "SecRule REQUEST_PROTOCOL \"1.1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 477 ] 478 }, 479 { 480 "enabled":1, 481 "version_min":300000, 482 "title":"Variable offset - PATH_INFO", 483 "request":{ 484 "headers":{ 485 "Host":"localhost", 486 "Content-Length": "27", 487 "Content-Type": "application/x-www-form-urlencoded", 488 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 489 }, 490 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 491 "method":"GET", 492 "http_version": 1.1 493 }, 494 "response":{ 495 "headers":{ 496 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 497 "Content-Type":"text/html" 498 }, 499 "body":[ 500 "no need." 501 ] 502 }, 503 "expected":{ 504 "error_log":"o1,5v4,11t:trim" 505 }, 506 "rules":[ 507 "SecRequestBodyAccess On", 508 "SecRule PATH_INFO \"index\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 509 ] 510 }, 511 { 512 "enabled":1, 513 "version_min":300000, 514 "title":"Variable offset - QUERY_STRING", 515 "request":{ 516 "headers":{ 517 "Host":"localhost", 518 "Content-Length": "27", 519 "Content-Type": "application/x-www-form-urlencoded", 520 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 521 }, 522 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 523 "method":"GET", 524 "http_version": 1.1 525 }, 526 "response":{ 527 "headers":{ 528 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 529 "Content-Type":"text/html" 530 }, 531 "body":[ 532 "no need." 533 ] 534 }, 535 "expected":{ 536 "error_log":"o7,6v16,41t:trim" 537 }, 538 "rules":[ 539 "SecRequestBodyAccess On", 540 "SecRule QUERY_STRING \"value1\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 541 ] 542 }, 543 { 544 "enabled":1, 545 "version_min":300000, 546 "title":"Variable offset - REQUEST_BASENAME", 547 "request":{ 548 "headers":{ 549 "Host":"localhost", 550 "Content-Length": "27", 551 "Content-Type": "application/x-www-form-urlencoded", 552 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 553 }, 554 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 555 "method":"GET", 556 "http_version": 1.1 557 }, 558 "response":{ 559 "headers":{ 560 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 561 "Content-Type":"text/html" 562 }, 563 "body":[ 564 "no need." 565 ] 566 }, 567 "expected":{ 568 "error_log":"o6,4v5,10t:trim" 569 }, 570 "rules":[ 571 "SecRequestBodyAccess On", 572 "SecRule REQUEST_BASENAME \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 573 ] 574 }, 575 { 576 "enabled":1, 577 "version_min":300000, 578 "title":"Variable offset - REQUEST_URI", 579 "request":{ 580 "headers":{ 581 "Host":"localhost", 582 "Content-Length": "27", 583 "Content-Type": "application/x-www-form-urlencoded", 584 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 585 }, 586 "uri":"/index.html%20%20?param1=value1¶m2=value1¶m3=value1", 587 "method":"GET", 588 "http_version": 1.1 589 }, 590 "response":{ 591 "headers":{ 592 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 593 "Content-Type":"text/html" 594 }, 595 "body":[ 596 "no need." 597 ] 598 }, 599 "expected":{ 600 "error_log":"o7,4v4,59t:trim" 601 }, 602 "rules":[ 603 "SecRequestBodyAccess On", 604 "SecRule REQUEST_URI \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 605 ] 606 }, 607 { 608 "enabled":1, 609 "version_min":300000, 610 "title":"Variable offset - REQUEST_URI_RAW", 611 "request":{ 612 "headers":{ 613 "Host":"localhost", 614 "Content-Length": "27", 615 "Content-Type": "application/x-www-form-urlencoded", 616 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 617 }, 618 "uri":"/index.html%20%20?param1=value1¶m2=value1¶m3=value1", 619 "method":"GET", 620 "http_version": 1.1 621 }, 622 "response":{ 623 "headers":{ 624 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 625 "Content-Type":"text/html" 626 }, 627 "body":[ 628 "no need." 629 ] 630 }, 631 "expected":{ 632 "error_log":"o7,4v4,59t:trim" 633 }, 634 "rules":[ 635 "SecRequestBodyAccess On", 636 "SecRule REQUEST_URI_RAW \"html\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 637 ] 638 }, 639 640 { 641 "enabled":1, 642 "version_min":300000, 643 "title":"Variable offset - REQUEST_HEADERS", 644 "request":{ 645 "headers":{ 646 "Content-Length": "27", 647 "Host":"localhost", 648 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 649 "Content-Type": "application/x-www-form-urlencoded" 650 }, 651 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 652 "method":"GET" 653 }, 654 "response":{ 655 "headers":{ 656 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 657 "Content-Type":"text/html" 658 }, 659 "body":[ 660 "no need." 661 ] 662 }, 663 "expected":{ 664 "error_log":"o0,9v89,9t:trim" 665 }, 666 "rules":[ 667 "SecRequestBodyAccess On", 668 "SecRule REQUEST_HEADERS \"localhost\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 669 ] 670 }, 671 672 { 673 "enabled":1, 674 "version_min":300000, 675 "title":"Variable offset - REQUEST_HEADERS:content-type", 676 "request":{ 677 "headers":{ 678 "Content-Length": "27", 679 "Host":"localhost", 680 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 681 "Content-Type": "application/x-www-form-urlencoded" 682 }, 683 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 684 "method":"GET" 685 }, 686 "response":{ 687 "headers":{ 688 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 689 "Content-Type":"text/html" 690 }, 691 "body":[ 692 "no need." 693 ] 694 }, 695 "expected":{ 696 "error_log":"o14,3v163,33t:trim" 697 }, 698 "rules":[ 699 "SecRequestBodyAccess On", 700 "SecRule REQUEST_HEADERS \"www\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 701 ] 702 }, 703 { 704 "enabled":1, 705 "version_min":300000, 706 "title":"Variable offset - AUTH_TYPE 1", 707 "request":{ 708 "headers":{ 709 "Host":"localhost", 710 "Content-Length": "27", 711 "Content-Type": "application/x-www-form-urlencoded", 712 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" 713 }, 714 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 715 "method":"GET" 716 }, 717 "response":{ 718 "headers":{ 719 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 720 "Content-Type":"text/html" 721 }, 722 "body":[ 723 "no need." 724 ] 725 }, 726 "expected":{ 727 "error_log":"o0,5v162,5t:trim" 728 }, 729 "rules":[ 730 "SecRequestBodyAccess On", 731 "SecRule AUTH_TYPE \"Basic\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 732 ] 733 }, 734 { 735 "enabled":1, 736 "version_min":300000, 737 "title":"Variable offset - AUTH_TYPE 2", 738 "request":{ 739 "headers":{ 740 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 741 "Host":"localhost", 742 "Content-Length": "27", 743 "Content-Type": "application/x-www-form-urlencoded" 744 }, 745 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 746 "method":"GET" 747 }, 748 "response":{ 749 "headers":{ 750 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 751 "Content-Type":"text/html" 752 }, 753 "body":[ 754 "no need." 755 ] 756 }, 757 "expected":{ 758 "error_log":"o0,5v79,5t:trim" 759 }, 760 "rules":[ 761 "SecRequestBodyAccess On", 762 "SecRule AUTH_TYPE \"Basic\" \"id:1,phase:2,pass,t:trim,msg:'ops'\"" 763 ] 764 }, 765 { 766 "enabled":1, 767 "version_min":300000, 768 "title":"Variable offset - REQUEST_HEADERS_NAMES", 769 "request":{ 770 "headers":{ 771 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 772 "Host":"localhost", 773 "Content-Length": "27", 774 "Content-Type": "application/x-www-form-urlencoded" 775 }, 776 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 777 "method":"GET" 778 }, 779 "response":{ 780 "headers":{ 781 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 782 "Content-Type":"text/html" 783 }, 784 "body":[ 785 "no need." 786 ] 787 }, 788 "expected":{ 789 "error_log":"o0,4v64,13t:lowercase" 790 }, 791 "rules":[ 792 "SecRequestBodyAccess On", 793 "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowercase,msg:'ops'\"" 794 ] 795 }, 796 { 797 "enabled":1, 798 "version_min":300000, 799 "title":"Variable offset - REQUEST_COOKIES 1", 800 "request":{ 801 "headers":{ 802 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 803 "Host":"localhost", 804 "Content-Length": "27", 805 "Content-Type": "application/x-www-form-urlencoded", 806 "Cookie":"USER_TOKEN=Yes; a=z; t=b" 807 }, 808 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 809 "method":"GET" 810 }, 811 "response":{ 812 "headers":{ 813 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 814 "Content-Type":"text/html" 815 }, 816 "body":[ 817 "no need." 818 ] 819 }, 820 "expected":{ 821 "error_log":"o1,2v216,3t:lowercase" 822 }, 823 "rules":[ 824 "SecRequestBodyAccess On", 825 "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowercase,msg:'ops'\"" 826 ] 827 }, 828 { 829 "enabled":1, 830 "version_min":300000, 831 "title":"Variable offset - REQUEST_COOKIES 2", 832 "request":{ 833 "headers":{ 834 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 835 "Host":"localhost", 836 "Content-Length": "27", 837 "Content-Type": "application/x-www-form-urlencoded", 838 "Cookie":"USER_TOKEN=Yes; a=z; t=b" 839 }, 840 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 841 "method":"GET" 842 }, 843 "response":{ 844 "headers":{ 845 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 846 "Content-Type":"text/html" 847 }, 848 "body":[ 849 "no need." 850 ] 851 }, 852 "expected":{ 853 "error_log":"o0,1v223,1t:lowercase" 854 }, 855 "rules":[ 856 "SecRequestBodyAccess On", 857 "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowercase,msg:'ops'\"" 858 ] 859 }, 860 { 861 "enabled":1, 862 "version_min":300000, 863 "title":"Variable offset - REQUEST_COOKIES 3", 864 "request":{ 865 "headers":{ 866 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 867 "Host":"localhost", 868 "Content-Length": "27", 869 "Content-Type": "application/x-www-form-urlencoded", 870 "Cookie":"USER_TOKEN=Yes; a=z; t=b" 871 }, 872 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 873 "method":"GET" 874 }, 875 "response":{ 876 "headers":{ 877 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 878 "Content-Type":"text/html" 879 }, 880 "body":[ 881 "no need." 882 ] 883 }, 884 "expected":{ 885 "error_log":"o0,1v228,1t:lowercase,t:trim" 886 }, 887 "rules":[ 888 "SecRequestBodyAccess On", 889 "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowercase,t:trim,msg:'ops'\"" 890 ] 891 }, 892 { 893 "enabled":1, 894 "version_min":300000, 895 "title":"Variable offset - REQUEST_COOKIES_NAMES", 896 "request":{ 897 "headers":{ 898 "AuThOrIzAtIoN": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", 899 "Host":"localhost", 900 "Content-Length": "27", 901 "Content-Type": "application/x-www-form-urlencoded", 902 "Cookie":"USER_TOKEN=Yes; a=z; t=b" 903 }, 904 "uri":"/index.html?param1=value1¶m2=value1¶m3=value1", 905 "method":"GET" 906 }, 907 "response":{ 908 "headers":{ 909 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 910 "Content-Type":"text/html" 911 }, 912 "body":[ 913 "no need." 914 ] 915 }, 916 "expected":{ 917 "error_log":"o0,1v226,1" 918 }, 919 "rules":[ 920 "SecRequestBodyAccess On", 921 "SecRule REQUEST_COOKIES_NAMES \"t\" \"id:1,phase:2,pass,msg:'ops'\"" 922 ] 923 }, 924 { 925 "enabled":1, 926 "version_min":300000, 927 "title":"Testing Variables :: REMOTE_USER", 928 "client":{ 929 "ip":"200.249.12.31", 930 "port":123 931 }, 932 "server":{ 933 "ip":"200.249.12.31", 934 "port":80 935 }, 936 "request":{ 937 "headers":{ 938 "Host":"localhost", 939 "User-Agent":"curl/7.38.0", 940 "Accept":"*/*", 941 "Content-Length":"27", 942 "Content-Type":"application/x-www-form-urlencoded", 943 "Authorization": "Basic QWxhZGRpbjpPcGVuU2VzYW1l" 944 }, 945 "uri":"/one/two/three?key1=value1&key2=v%20a%20l%20u%20e%202", 946 "method":"GET" 947 }, 948 "response":{ 949 "headers":{ 950 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 951 "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", 952 "Content-Type":"text/html" 953 }, 954 "body":[ 955 "no need." 956 ] 957 }, 958 "expected":{ 959 "error_log":"o0,7v198,30t:trim" 960 }, 961 "rules":[ 962 "SecRuleEngine On", 963 "SecRule REMOTE_USER \"Aladdin\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 964 ] 965 }, 966 { 967 "enabled":1, 968 "version_min":300000, 969 "title":"Testing Variables :: REQUEST_BODY", 970 "client":{ 971 "ip":"200.249.12.31", 972 "port":123 973 }, 974 "server":{ 975 "ip":"200.249.12.31", 976 "port":80 977 }, 978 "request":{ 979 "headers":{ 980 "Host":"localhost", 981 "User-Agent":"curl/7.38.0", 982 "Accept":"*/*", 983 "Content-Length":"330", 984 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 985 "Expect":"100-continue" 986 }, 987 "uri":"/", 988 "method":"POST", 989 "body":[ 990 "----------------------------756b6d74fa1a8ee2", 991 "Content-Disposition: form-data; name=\"name\"", 992 "", 993 "test", 994 "----------------------------756b6d74fa1a8ee2", 995 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 996 "Content-Type: text/plain", 997 "", 998 "This is a very small test file..", 999 "----------------------------756b6d74fa1a8ee2", 1000 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1001 "Content-Type: text/plain", 1002 "", 1003 "This is another very small test file..", 1004 "----------------------------756b6d74fa1a8ee2--" 1005 ] 1006 }, 1007 "expected":{ 1008 "error_log":"o45,30v193,516t:trim" 1009 }, 1010 "rules":[ 1011 "SecRequestBodyAccess On", 1012 "SecRule REQUEST_BODY \"Content-Disposition: form-data\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1013 ] 1014 }, 1015 { 1016 "enabled":1, 1017 "version_min":300000, 1018 "title":"Testing Variables :: REQUEST_BODY", 1019 "client":{ 1020 "ip":"200.249.12.31", 1021 "port":123 1022 }, 1023 "server":{ 1024 "ip":"200.249.12.31", 1025 "port":80 1026 }, 1027 "request":{ 1028 "headers":{ 1029 "Host":"localhost", 1030 "User-Agent":"curl/7.38.0", 1031 "Accept":"*/*", 1032 "Content-Length":"330", 1033 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1034 "Expect":"100-continue" 1035 }, 1036 "uri":"/", 1037 "method":"POST", 1038 "body":[ 1039 "----------------------------756b6d74fa1a8ee2", 1040 "Content-Disposition: form-data; name=\"name\"", 1041 "", 1042 "test", 1043 "----------------------------756b6d74fa1a8ee2", 1044 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1045 "Content-Type: text/plain", 1046 "", 1047 "This is a very small test file..", 1048 "----------------------------756b6d74fa1a8ee2", 1049 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1050 "Content-Type: text/plain", 1051 "", 1052 "This is another very small test file..", 1053 "----------------------------756b6d74fa1a8ee2--" 1054 ] 1055 }, 1056 "expected":{ 1057 "error_log":"o45,30v193,516t:trim" 1058 }, 1059 "rules":[ 1060 "SecRequestBodyAccess On", 1061 "SecRule REQUEST_BODY \"Content-Disposition: form-data\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1062 ] 1063 }, 1064 { 1065 "enabled":1, 1066 "version_min":300000, 1067 "title":"Testing Variables :: REQUEST_BODY_LENGTH", 1068 "client":{ 1069 "ip":"200.249.12.31", 1070 "port":123 1071 }, 1072 "server":{ 1073 "ip":"200.249.12.31", 1074 "port":80 1075 }, 1076 "request":{ 1077 "headers":{ 1078 "Host":"localhost", 1079 "User-Agent":"curl/7.38.0", 1080 "Accept":"*/*", 1081 "Content-Length":"330", 1082 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1083 "Expect":"100-continue" 1084 }, 1085 "uri":"/", 1086 "method":"POST", 1087 "body":[ 1088 "----------------------------756b6d74fa1a8ee2", 1089 "Content-Disposition: form-data; name=\"name\"", 1090 "", 1091 "test", 1092 "----------------------------756b6d74fa1a8ee2", 1093 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1094 "Content-Type: text/plain", 1095 "", 1096 "This is a very small test file..", 1097 "----------------------------756b6d74fa1a8ee2", 1098 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1099 "Content-Type: text/plain", 1100 "", 1101 "This is another very small test file..", 1102 "----------------------------756b6d74fa1a8ee2--" 1103 ] 1104 }, 1105 "expected":{ 1106 "error_log":"v193,516t:trim" 1107 }, 1108 "rules":[ 1109 "SecRequestBodyAccess On", 1110 "SecRule REQUEST_BODY_LENGTH \"@gt 5\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1111 ] 1112 }, 1113 { 1114 "enabled":1, 1115 "version_min":300000, 1116 "title":"Testing Variables :: REQUEST_FILENAME 1", 1117 "client":{ 1118 "ip":"200.249.12.31", 1119 "port":123 1120 }, 1121 "server":{ 1122 "ip":"200.249.12.31", 1123 "port":80 1124 }, 1125 "request":{ 1126 "headers":{ 1127 "Host":"localhost", 1128 "User-Agent":"curl/7.38.0", 1129 "Accept":"*/*", 1130 "Content-Length":"330", 1131 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1132 "Expect":"100-continue" 1133 }, 1134 "uri":"/wheee/file?something else", 1135 "method":"POST", 1136 "body":[ 1137 "----------------------------756b6d74fa1a8ee2", 1138 "Content-Disposition: form-data; name=\"name\"", 1139 "", 1140 "test", 1141 "----------------------------756b6d74fa1a8ee2", 1142 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1143 "Content-Type: text/plain", 1144 "", 1145 "This is a very small test file..", 1146 "----------------------------756b6d74fa1a8ee2", 1147 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1148 "Content-Type: text/plain", 1149 "", 1150 "This is another very small test file..", 1151 "----------------------------756b6d74fa1a8ee2--" 1152 ] 1153 }, 1154 "expected":{ 1155 "error_log":"o6,5v5,11t:trim" 1156 }, 1157 "rules":[ 1158 "SecRequestBodyAccess On", 1159 "SecRule REQUEST_FILENAME \"/file\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1160 ] 1161 }, 1162 { 1163 "enabled":1, 1164 "version_min":300000, 1165 "title":"Testing Variables :: REQUEST_FILENAME 2", 1166 "client":{ 1167 "ip":"200.249.12.31", 1168 "port":123 1169 }, 1170 "server":{ 1171 "ip":"200.249.12.31", 1172 "port":80 1173 }, 1174 "request":{ 1175 "headers":{ 1176 "Host":"localhost", 1177 "User-Agent":"curl/7.38.0", 1178 "Accept":"*/*", 1179 "Content-Length":"330", 1180 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1181 "Expect":"100-continue" 1182 }, 1183 "uri":"/wheee/f%20i%20l%20e%20?something else", 1184 "method":"POST", 1185 "body":[ 1186 "----------------------------756b6d74fa1a8ee2", 1187 "Content-Disposition: form-data; name=\"name\"", 1188 "", 1189 "test", 1190 "----------------------------756b6d74fa1a8ee2", 1191 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1192 "Content-Type: text/plain", 1193 "", 1194 "This is a very small test file..", 1195 "----------------------------756b6d74fa1a8ee2", 1196 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1197 "Content-Type: text/plain", 1198 "", 1199 "This is another very small test file..", 1200 "----------------------------756b6d74fa1a8ee2--" 1201 ] 1202 }, 1203 "expected":{ 1204 "error_log":"o6,8v5,23t:trim" 1205 }, 1206 "rules":[ 1207 "SecRequestBodyAccess On", 1208 "SecRule REQUEST_FILENAME \"/f i l e\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1209 ] 1210 }, 1211 { 1212 "enabled":1, 1213 "version_min":300000, 1214 "title":"Testing Variables :: REQUEST_FILENAME 3", 1215 "client":{ 1216 "ip":"200.249.12.31", 1217 "port":123 1218 }, 1219 "server":{ 1220 "ip":"200.249.12.31", 1221 "port":80 1222 }, 1223 "request":{ 1224 "headers":{ 1225 "Host":"localhost", 1226 "User-Agent":"curl/7.38.0", 1227 "Accept":"*/*", 1228 "Content-Length":"330", 1229 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1230 "Expect":"100-continue" 1231 }, 1232 "uri":"/wheee/f%20i%20l%20e%20", 1233 "method":"POST", 1234 "body":[ 1235 "----------------------------756b6d74fa1a8ee2", 1236 "Content-Disposition: form-data; name=\"name\"", 1237 "", 1238 "test", 1239 "----------------------------756b6d74fa1a8ee2", 1240 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1241 "Content-Type: text/plain", 1242 "", 1243 "This is a very small test file..", 1244 "----------------------------756b6d74fa1a8ee2", 1245 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file.txt\"", 1246 "Content-Type: text/plain", 1247 "", 1248 "This is another very small test file..", 1249 "----------------------------756b6d74fa1a8ee2--" 1250 ] 1251 }, 1252 "expected":{ 1253 "error_log":"o6,8v5,23t:trim" 1254 }, 1255 "rules":[ 1256 "SecRequestBodyAccess On", 1257 "SecRule REQUEST_FILENAME \"/f i l e\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1258 ] 1259 }, 1260 { 1261 "enabled":1, 1262 "version_min":300000, 1263 "title":"Testing Variables :: ARGS/Multipart 1", 1264 "client":{ 1265 "ip":"200.249.12.31", 1266 "port":123 1267 }, 1268 "server":{ 1269 "ip":"200.249.12.31", 1270 "port":80 1271 }, 1272 "request":{ 1273 "headers":{ 1274 "Host":"localhost", 1275 "User-Agent":"curl/7.38.0", 1276 "Accept":"*/*", 1277 "Content-Length":"330", 1278 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1279 "Expect":"100-continue" 1280 }, 1281 "uri":"/wheee/f%20i%20l%20e%20", 1282 "method":"POST", 1283 "body":[ 1284 "----------------------------756b6d74fa1a8ee2", 1285 "Content-Disposition: form-data; name=\"name\"", 1286 "", 1287 "test", 1288 "----------------------------756b6d74fa1a8ee2", 1289 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1290 "Content-Type: text/plain", 1291 "", 1292 "This is a very small test file..", 1293 "----------------------------756b6d74fa1a8ee2", 1294 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file2.txt\"", 1295 "Content-Type: text/plain", 1296 "", 1297 "This is another very small test file..", 1298 "----------------------------756b6d74fa1a8ee2--" 1299 ] 1300 }, 1301 "expected":{ 1302 "error_log":"o0,4v306,4t:trim" 1303 }, 1304 "rules":[ 1305 "SecRequestBodyAccess On", 1306 "SecRule ARGS \"test\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1307 ] 1308 }, 1309 { 1310 "enabled":1, 1311 "version_min":300000, 1312 "title":"Testing Variables :: ARGS/Multipart 2", 1313 "client":{ 1314 "ip":"200.249.12.31", 1315 "port":123 1316 }, 1317 "server":{ 1318 "ip":"200.249.12.31", 1319 "port":80 1320 }, 1321 "request":{ 1322 "headers":{ 1323 "Host":"localhost", 1324 "User-Agent":"curl/7.38.0", 1325 "Accept":"*/*", 1326 "Content-Length":"330", 1327 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1328 "Expect":"100-continue" 1329 }, 1330 "uri":"/wheee/f%20i%20l%20e%20", 1331 "method":"POST", 1332 "body":[ 1333 "----------------------------756b6d74fa1a8ee2", 1334 "Content-Disposition: form-data; name=\"name\"", 1335 "", 1336 "test", 1337 "----------------------------756b6d74fa1a8ee2", 1338 "Content-Disposition: form-data; name=\"name2\"", 1339 "", 1340 "test2", 1341 "----------------------------756b6d74fa1a8ee2", 1342 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1343 "Content-Type: text/plain", 1344 "", 1345 "This is a very small test file..", 1346 "----------------------------756b6d74fa1a8ee2", 1347 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file2.txt\"", 1348 "Content-Type: text/plain", 1349 "", 1350 "This is another very small test file..", 1351 "----------------------------756b6d74fa1a8ee2--" 1352 ] 1353 }, 1354 "expected":{ 1355 "error_log":"o0,5v402,5t:trim" 1356 }, 1357 "rules":[ 1358 "SecRequestBodyAccess On", 1359 "SecRule ARGS \"test2\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1360 ] 1361 }, 1362 { 1363 "enabled":1, 1364 "version_min":300000, 1365 "title":"Variable offset - FILES", 1366 "client":{ 1367 "ip":"200.249.12.31", 1368 "port":123 1369 }, 1370 "server":{ 1371 "ip":"200.249.12.31", 1372 "port":80 1373 }, 1374 "request":{ 1375 "headers":{ 1376 "Host":"localhost", 1377 "User-Agent":"curl/7.38.0", 1378 "Accept":"*/*", 1379 "Content-Length":"330", 1380 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1381 "Expect":"100-continue" 1382 }, 1383 "uri":"/wheee/f%20i%20l%20e%20", 1384 "method":"POST", 1385 "body":[ 1386 "----------------------------756b6d74fa1a8ee2", 1387 "Content-Disposition: form-data; name=\"name\"", 1388 "", 1389 "test", 1390 "----------------------------756b6d74fa1a8ee2", 1391 "Content-Disposition: form-data; name=\"name2\"", 1392 "", 1393 "test2", 1394 "----------------------------756b6d74fa1a8ee2", 1395 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1396 "Content-Type: text/plain", 1397 "", 1398 "This is a very small test file..", 1399 "----------------------------756b6d74fa1a8ee2", 1400 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1401 "Content-Type: text/plain", 1402 "", 1403 "This is another very small test file..", 1404 "----------------------------756b6d74fa1a8ee2--" 1405 ] 1406 }, 1407 "expected":{ 1408 "error_log":"o0,16v680,20t:trim" 1409 }, 1410 "rules":[ 1411 "SecRequestBodyAccess On", 1412 "SecRule FILES \"small_text_file2\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1413 ] 1414 }, 1415 { 1416 "enabled":1, 1417 "version_min":300000, 1418 "title":"Variable offset - FILES", 1419 "client":{ 1420 "ip":"200.249.12.31", 1421 "port":123 1422 }, 1423 "server":{ 1424 "ip":"200.249.12.31", 1425 "port":80 1426 }, 1427 "request":{ 1428 "headers":{ 1429 "Host":"localhost", 1430 "User-Agent":"curl/7.38.0", 1431 "Accept":"*/*", 1432 "Content-Length":"330", 1433 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1434 "Expect":"100-continue" 1435 }, 1436 "uri":"/wheee/f%20i%20l%20e%20", 1437 "method":"POST", 1438 "body":[ 1439 "----------------------------756b6d74fa1a8ee2", 1440 "Content-Disposition: form-data; name=\"name\"", 1441 "", 1442 "test", 1443 "----------------------------756b6d74fa1a8ee2", 1444 "Content-Disposition: form-data; name=\"name2\"", 1445 "", 1446 "test2", 1447 "----------------------------756b6d74fa1a8ee2", 1448 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1449 "Content-Type: text/plain", 1450 "", 1451 "This is a very small test file..", 1452 "----------------------------756b6d74fa1a8ee2", 1453 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1454 "Content-Type: text/plain", 1455 "", 1456 "This is another very small test file..", 1457 "----------------------------756b6d74fa1a8ee2--" 1458 ] 1459 }, 1460 "expected":{ 1461 "error_log":"o0,16v512,20t:trim" 1462 }, 1463 "rules":[ 1464 "SecRequestBodyAccess On", 1465 "SecRule FILES \"small_text_file1\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1466 ] 1467 }, 1468 { 1469 "enabled":1, 1470 "version_min":300000, 1471 "title":"Variable offset - FILES_NAMES", 1472 "client":{ 1473 "ip":"200.249.12.31", 1474 "port":123 1475 }, 1476 "server":{ 1477 "ip":"200.249.12.31", 1478 "port":80 1479 }, 1480 "request":{ 1481 "headers":{ 1482 "Host":"localhost", 1483 "User-Agent":"curl/7.38.0", 1484 "Accept":"*/*", 1485 "Content-Length":"330", 1486 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1487 "Expect":"100-continue" 1488 }, 1489 "uri":"/wheee/f%20i%20l%20e%20", 1490 "method":"POST", 1491 "body":[ 1492 "----------------------------756b6d74fa1a8ee2", 1493 "Content-Disposition: form-data; name=\"name\"", 1494 "", 1495 "test", 1496 "----------------------------756b6d74fa1a8ee2", 1497 "Content-Disposition: form-data; name=\"name2\"", 1498 "", 1499 "test2", 1500 "----------------------------756b6d74fa1a8ee2", 1501 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1502 "Content-Type: text/plain", 1503 "", 1504 "This is a very small test file..", 1505 "----------------------------756b6d74fa1a8ee2", 1506 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1507 "Content-Type: text/plain", 1508 "", 1509 "This is another very small test file..", 1510 "----------------------------756b6d74fa1a8ee2--" 1511 ] 1512 }, 1513 "expected":{ 1514 "error_log":"o0,8o0,8v491,8t:trimo0,16o0,16v709,16t:trim" 1515 }, 1516 "rules":[ 1517 "SecRequestBodyAccess On", 1518 "SecRule FILES_NAMES \"(fiasdfasdfledata|filedata)\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1519 ] 1520 }, 1521 { 1522 "enabled":1, 1523 "version_min":300000, 1524 "title":"Variable offset - FILES_SIZES 1", 1525 "client":{ 1526 "ip":"200.249.12.31", 1527 "port":123 1528 }, 1529 "server":{ 1530 "ip":"200.249.12.31", 1531 "port":80 1532 }, 1533 "request":{ 1534 "headers":{ 1535 "Host":"localhost", 1536 "User-Agent":"curl/7.38.0", 1537 "Accept":"*/*", 1538 "Content-Length":"330", 1539 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1540 "Expect":"100-continue" 1541 }, 1542 "uri":"/wheee/f%20i%20l%20e%20", 1543 "method":"POST", 1544 "body":[ 1545 "----------------------------756b6d74fa1a8ee2", 1546 "Content-Disposition: form-data; name=\"name\"", 1547 "", 1548 "test", 1549 "----------------------------756b6d74fa1a8ee2", 1550 "Content-Disposition: form-data; name=\"name2\"", 1551 "", 1552 "test2", 1553 "----------------------------756b6d74fa1a8ee2", 1554 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1555 "Content-Type: text/plain", 1556 "", 1557 "This is a very small test file..", 1558 "----------------------------756b6d74fa1a8ee2", 1559 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1560 "Content-Type: text/plain", 1561 "", 1562 "This is another very small test file..", 1563 "----------------------------756b6d74fa1a8ee2--" 1564 ] 1565 }, 1566 "expected":{ 1567 "error_log":"v560,32t:trim" 1568 }, 1569 "rules":[ 1570 "SecRequestBodyAccess On", 1571 "SecRule FILES_SIZES:filedata \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1572 ] 1573 }, 1574 { 1575 "enabled":1, 1576 "version_min":300000, 1577 "title":"Variable offset - FILES_SIZES 2", 1578 "client":{ 1579 "ip":"200.249.12.31", 1580 "port":123 1581 }, 1582 "server":{ 1583 "ip":"200.249.12.31", 1584 "port":80 1585 }, 1586 "request":{ 1587 "headers":{ 1588 "Host":"localhost", 1589 "User-Agent":"curl/7.38.0", 1590 "Accept":"*/*", 1591 "Content-Length":"330", 1592 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1593 "Expect":"100-continue" 1594 }, 1595 "uri":"/wheee/f%20i%20l%20e%20", 1596 "method":"POST", 1597 "body":[ 1598 "----------------------------756b6d74fa1a8ee2", 1599 "Content-Disposition: form-data; name=\"name\"", 1600 "", 1601 "test", 1602 "----------------------------756b6d74fa1a8ee2", 1603 "Content-Disposition: form-data; name=\"name2\"", 1604 "", 1605 "test2", 1606 "----------------------------756b6d74fa1a8ee2", 1607 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1608 "Content-Type: text/plain", 1609 "", 1610 "This is a very small test file..", 1611 "----------------------------756b6d74fa1a8ee2", 1612 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1613 "Content-Type: text/plain", 1614 "", 1615 "This is another very small test file..", 1616 "----------------------------756b6d74fa1a8ee2--" 1617 ] 1618 }, 1619 "expected":{ 1620 "error_log":"v754,38t:trim" 1621 }, 1622 "rules":[ 1623 "SecRequestBodyAccess On", 1624 "SecRule FILES_SIZES:fiasdfasdfledata \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1625 ] 1626 }, 1627 { 1628 "enabled":1, 1629 "version_min":300000, 1630 "title":"Variable offset - FILES_COMBINED_SIZE", 1631 "client":{ 1632 "ip":"200.249.12.31", 1633 "port":123 1634 }, 1635 "server":{ 1636 "ip":"200.249.12.31", 1637 "port":80 1638 }, 1639 "request":{ 1640 "headers":{ 1641 "Host":"localhost", 1642 "User-Agent":"curl/7.38.0", 1643 "Accept":"*/*", 1644 "Content-Length":"330", 1645 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1646 "Expect":"100-continue" 1647 }, 1648 "uri":"/wheee/f%20i%20l%20e%20", 1649 "method":"POST", 1650 "body":[ 1651 "----------------------------756b6d74fa1a8ee2", 1652 "Content-Disposition: form-data; name=\"name\"", 1653 "", 1654 "test", 1655 "----------------------------756b6d74fa1a8ee2", 1656 "Content-Disposition: form-data; name=\"name2\"", 1657 "", 1658 "test2", 1659 "----------------------------756b6d74fa1a8ee2", 1660 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1661 "Content-Type: text/plain", 1662 "", 1663 "This is a very small test file..", 1664 "----------------------------756b6d74fa1a8ee2", 1665 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1666 "Content-Type: text/plain", 1667 "", 1668 "This is another very small test file..", 1669 "----------------------------756b6d74fa1a8ee2--" 1670 ] 1671 }, 1672 "expected":{ 1673 "error_log":"v560,32v754,38t:trim" 1674 }, 1675 "rules":[ 1676 "SecRequestBodyAccess On", 1677 "SecRule FILES_COMBINED_SIZE \"@gt 0\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1678 ] 1679 }, 1680 { 1681 "enabled":1, 1682 "version_min":300000, 1683 "title":"Variable offset - FILES_TMP_CONTENT 1", 1684 "client":{ 1685 "ip":"200.249.12.31", 1686 "port":123 1687 }, 1688 "server":{ 1689 "ip":"200.249.12.31", 1690 "port":80 1691 }, 1692 "request":{ 1693 "headers":{ 1694 "Host":"localhost", 1695 "User-Agent":"curl/7.38.0", 1696 "Accept":"*/*", 1697 "Content-Length":"330", 1698 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1699 "Expect":"100-continue" 1700 }, 1701 "uri":"/wheee/f%20i%20l%20e%20", 1702 "method":"POST", 1703 "body":[ 1704 "----------------------------756b6d74fa1a8ee2", 1705 "Content-Disposition: form-data; name=\"name\"", 1706 "", 1707 "test", 1708 "----------------------------756b6d74fa1a8ee2", 1709 "Content-Disposition: form-data; name=\"name2\"", 1710 "", 1711 "test2", 1712 "----------------------------756b6d74fa1a8ee2", 1713 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1714 "Content-Type: text/plain", 1715 "", 1716 "This is a very small test file..", 1717 "----------------------------756b6d74fa1a8ee2", 1718 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1719 "Content-Type: text/plain", 1720 "", 1721 "This is another very small test file..", 1722 "----------------------------756b6d74fa1a8ee2--" 1723 ] 1724 }, 1725 "expected":{ 1726 "error_log":"o8,7v754,38t:trim" 1727 }, 1728 "rules":[ 1729 "SecRequestBodyAccess On", 1730 "SecUploadKeepFiles On", 1731 "SecUploadDir /tmp", 1732 "SecRule FILES_TMP_CONTENT \"another\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1733 ] 1734 }, 1735 { 1736 "enabled":1, 1737 "version_min":300000, 1738 "title":"Variable offset - FILES_TMP_CONTENT 2", 1739 "client":{ 1740 "ip":"200.249.12.31", 1741 "port":123 1742 }, 1743 "server":{ 1744 "ip":"200.249.12.31", 1745 "port":80 1746 }, 1747 "request":{ 1748 "headers":{ 1749 "Host":"localhost", 1750 "User-Agent":"curl/7.38.0", 1751 "Accept":"*/*", 1752 "Content-Length":"330", 1753 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1754 "Expect":"100-continue" 1755 }, 1756 "uri":"/wheee/f%20i%20l%20e%20", 1757 "method":"POST", 1758 "body":[ 1759 "----------------------------756b6d74fa1a8ee2", 1760 "Content-Disposition: form-data; name=\"name\"", 1761 "", 1762 "test", 1763 "----------------------------756b6d74fa1a8ee2", 1764 "Content-Disposition: form-data; name=\"name2\"", 1765 "", 1766 "test2", 1767 "----------------------------756b6d74fa1a8ee2", 1768 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1769 "Content-Type: text/plain", 1770 "", 1771 "This is a very small test file..", 1772 "----------------------------756b6d74fa1a8ee2", 1773 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1774 "Content-Type: text/plain", 1775 "", 1776 "This is another very small test file..", 1777 "----------------------------756b6d74fa1a8ee2--" 1778 ] 1779 }, 1780 "expected":{ 1781 "error_log":"o15,5v560,32t:trim" 1782 }, 1783 "rules":[ 1784 "SecRequestBodyAccess On", 1785 "SecUploadKeepFiles On", 1786 "SecUploadDir /tmp", 1787 "SecRule FILES_TMP_CONTENT:small_text_file1.txt \"small\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1788 ] 1789 }, 1790 { 1791 "enabled":1, 1792 "version_min":300000, 1793 "title":"Variable offset - PATH_INFO", 1794 "client":{ 1795 "ip":"200.249.12.31", 1796 "port":123 1797 }, 1798 "server":{ 1799 "ip":"200.249.12.31", 1800 "port":80 1801 }, 1802 "request":{ 1803 "headers":{ 1804 "Host":"localhost", 1805 "User-Agent":"curl/7.38.0", 1806 "Accept":"*/*", 1807 "Content-Length":"330", 1808 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1809 "Expect":"100-continue" 1810 }, 1811 "uri":"/wheee/f%20i%20l%20e%20", 1812 "method":"POST", 1813 "body":[ 1814 "----------------------------756b6d74fa1a8ee2", 1815 "Content-Disposition: form-data; name=\"name\"", 1816 "", 1817 "test", 1818 "----------------------------756b6d74fa1a8ee2", 1819 "Content-Disposition: form-data; name=\"name2\"", 1820 "", 1821 "test2", 1822 "----------------------------756b6d74fa1a8ee2", 1823 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1824 "Content-Type: text/plain", 1825 "", 1826 "This is a very small test file..", 1827 "----------------------------756b6d74fa1a8ee2", 1828 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1829 "Content-Type: text/plain", 1830 "", 1831 "This is another very small test file..", 1832 "----------------------------756b6d74fa1a8ee2--" 1833 ] 1834 }, 1835 "expected":{ 1836 "error_log":"o6,4v5,23t:trim" 1837 }, 1838 "rules":[ 1839 "SecRequestBodyAccess On", 1840 "SecUploadKeepFiles On", 1841 "SecUploadDir /tmp", 1842 "SecRule PATH_INFO \"/f i\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1843 ] 1844 }, 1845 { 1846 "enabled":1, 1847 "version_min":300000, 1848 "title":"Variable offset - MULTIPART_FILENAME", 1849 "client":{ 1850 "ip":"200.249.12.31", 1851 "port":123 1852 }, 1853 "server":{ 1854 "ip":"200.249.12.31", 1855 "port":80 1856 }, 1857 "request":{ 1858 "headers":{ 1859 "Host":"localhost", 1860 "User-Agent":"curl/7.38.0", 1861 "Accept":"*/*", 1862 "Content-Length":"330", 1863 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1864 "Expect":"100-continue" 1865 }, 1866 "uri":"/wheee/f%20i%20l%20e%20", 1867 "method":"POST", 1868 "body":[ 1869 "----------------------------756b6d74fa1a8ee2", 1870 "Content-Disposition: form-data; name=\"name\"", 1871 "", 1872 "test", 1873 "----------------------------756b6d74fa1a8ee2", 1874 "Content-Disposition: form-data; name=\"name2\"", 1875 "", 1876 "test2", 1877 "----------------------------756b6d74fa1a8ee2", 1878 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1879 "Content-Type: text/plain", 1880 "", 1881 "This is a very small test file..", 1882 "----------------------------756b6d74fa1a8ee2", 1883 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1884 "Content-Type: text/plain", 1885 "", 1886 "This is another very small test file..", 1887 "----------------------------756b6d74fa1a8ee2--" 1888 ] 1889 }, 1890 "expected":{ 1891 "error_log":"o0,20v680,20t:trim" 1892 }, 1893 "rules":[ 1894 "SecRequestBodyAccess On", 1895 "SecUploadKeepFiles On", 1896 "SecUploadDir /tmp", 1897 "SecRule MULTIPART_FILENAME \"small_text_file2.txt\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1898 ] 1899 }, 1900 { 1901 "enabled":1, 1902 "version_min":300000, 1903 "title":"Variable offset - MULTIPART_NAME", 1904 "client":{ 1905 "ip":"200.249.12.31", 1906 "port":123 1907 }, 1908 "server":{ 1909 "ip":"200.249.12.31", 1910 "port":80 1911 }, 1912 "request":{ 1913 "headers":{ 1914 "Host":"localhost", 1915 "User-Agent":"curl/7.38.0", 1916 "Accept":"*/*", 1917 "Content-Length":"330", 1918 "Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2", 1919 "Expect":"100-continue" 1920 }, 1921 "uri":"/wheee/f%20i%20l%20e%20", 1922 "method":"POST", 1923 "body":[ 1924 "----------------------------756b6d74fa1a8ee2", 1925 "Content-Disposition: form-data; name=\"name\"", 1926 "", 1927 "test", 1928 "----------------------------756b6d74fa1a8ee2", 1929 "Content-Disposition: form-data; name=\"name2\"", 1930 "", 1931 "test2", 1932 "----------------------------756b6d74fa1a8ee2", 1933 "Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"", 1934 "Content-Type: text/plain", 1935 "", 1936 "This is a very small test file..", 1937 "----------------------------756b6d74fa1a8ee2", 1938 "Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"fiasdfasdfledata\" ", 1939 "Content-Type: text/plain", 1940 "", 1941 "This is another very small test file..", 1942 "----------------------------756b6d74fa1a8ee2--" 1943 ] 1944 }, 1945 "expected":{ 1946 "error_log":"o0,16v709,16t:trim" 1947 }, 1948 "rules":[ 1949 "SecRequestBodyAccess On", 1950 "SecUploadKeepFiles On", 1951 "SecUploadDir /tmp", 1952 "SecRule MULTIPART_NAME \"fiasdfasdfledata\" \"id:1,phase:3,pass,t:trim,msg:'s'\"" 1953 ] 1954 }, 1955 { 1956 "enabled":1, 1957 "version_min":300000, 1958 "title":"Variable offset - ARGS n", 1959 "request":{ 1960 "headers":{ 1961 "Host":"localhost", 1962 "Content-Length": "27", 1963 "Content-Type": "application/x-www-form-urlencoded" 1964 }, 1965 "uri":"/index.html?param01=5555&bbbbbbbmy_id=6", 1966 "method":"GET" 1967 }, 1968 "response":{ 1969 "headers":{ 1970 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 1971 "Content-Type":"text/html" 1972 }, 1973 "body":[ 1974 "no need." 1975 ] 1976 }, 1977 "expected":{ 1978 "http_code": 403, 1979 "error_log":"o0,1v42,1" 1980 }, 1981 "rules":[ 1982 "SecRuleEngine On", 1983 "SecRule ARGS \"@contains 6\" \"id:1,phase:2,deny,status:403,log\"" 1984 ] 1985 }, 1986 { 1987 "enabled":1, 1988 "version_min":300000, 1989 "title":"Variable offset - ARGS_NAMES n", 1990 "request":{ 1991 "headers":{ 1992 "Host":"localhost", 1993 "Content-Length": "27", 1994 "Content-Type": "application/x-www-form-urlencoded" 1995 }, 1996 "uri":"/index.html?param01=5555&bbbbbbbmy_id=6", 1997 "method":"GET" 1998 }, 1999 "response":{ 2000 "headers":{ 2001 "Date":"Mon, 13 Jul 2015 20:02:41 GMT", 2002 "Content-Type":"text/html" 2003 }, 2004 "body":[ 2005 "no need." 2006 ] 2007 }, 2008 "expected":{ 2009 "http_code": 403, 2010 "error_log":"o7,5v29,12" 2011 }, 2012 "rules":[ 2013 "SecRuleEngine On", 2014 "SecRule ARGS_NAMES \"@contains my_id\" \"id:1,phase:2,deny,status:403,log\"" 2015 ] 2016 } 2017] 2018