1[ 2 { 3 "enabled": 1, 4 "version_min": 300000, 5 "version_max": 0, 6 "title": "SecMarker 1", 7 "client": { 8 "ip": "200.249.12.31", 9 "port": 2313 10 }, 11 "server": { 12 "ip": "200.249.12.31", 13 "port": 80 14 }, 15 "request": { 16 "headers": { 17 "Host": "net.tutsplus.com", 18 "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 19 "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 20 "Accept-Language": "en-us,en;q=0.5", 21 "Accept-Encoding": "gzip,deflate", 22 "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", 23 "Keep-Alive": "300", 24 "Connection": "keep-alive", 25 "Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120", 26 "Pragma": "no-cache", 27 "Cache-Control": "no-cache" 28 }, 29 "uri": "\/test.pl?param1= test ¶m2=test2", 30 "method": "GET", 31 "http_version": 1.1, 32 "body": "" 33 }, 34 "response": { 35 "headers": { 36 "Content-Type": "text\/xml; charset=utf-8\n\r", 37 "Content-Length": "length\n\r" 38 }, 39 "body": [ 40 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r", 41 "<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r", 42 " <soap:Body>\n\r", 43 " <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r", 44 " <EnlightenResult>string<\/EnlightenResult>\n\r", 45 " <\/EnlightenResponse>\n\r", 46 " <\/soap:Body>\n\r", 47 "<\/soap:Envelope>\n\r" 48 ] 49 }, 50 "expected": { 51 "audit_log": "", 52 "debug_log": "Target value: \"test", 53 "error_log": "" 54 }, 55 "rules": [ 56 "SecRuleEngine On", 57 "SecRule ARGS \"@contains test\" \"phase:2,id:1,t:trim\"", 58 "SecAction \"phase:2,nolog,pass\"", 59 "SecMarker HERE_GOES_A_MARKER", 60 "SecRule ARGS \"@contains test\" \"phase:2,id:2,t:trim\"" 61 ] 62 }, 63 { 64 "enabled": 1, 65 "version_min": 300000, 66 "version_max": 0, 67 "title": "SecMarker 2", 68 "client": { 69 "ip": "200.249.12.31", 70 "port": 2313 71 }, 72 "server": { 73 "ip": "200.249.12.31", 74 "port": 80 75 }, 76 "request": { 77 "headers": { 78 "Host": "net.tutsplus.com", 79 "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", 80 "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", 81 "Accept-Language": "en-us,en;q=0.5", 82 "Accept-Encoding": "gzip,deflate", 83 "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", 84 "Keep-Alive": "300", 85 "Connection": "keep-alive", 86 "Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120", 87 "Pragma": "no-cache", 88 "Cache-Control": "no-cache" 89 }, 90 "uri": "\/test.pl?param1= test ¶m2=test2", 91 "method": "GET", 92 "http_version": 1.1, 93 "body": "" 94 }, 95 "response": { 96 "headers": { 97 "Content-Type": "text\/xml; charset=utf-8\n\r", 98 "Content-Length": "length\n\r" 99 }, 100 "body": [ 101 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r", 102 "<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r", 103 " <soap:Body>\n\r", 104 " <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r", 105 " <EnlightenResult>string<\/EnlightenResult>\n\r", 106 " <\/EnlightenResponse>\n\r", 107 " <\/soap:Body>\n\r", 108 "<\/soap:Envelope>\n\r" 109 ] 110 }, 111 "expected": { 112 "audit_log": "", 113 "debug_log": "Rule: 6", 114 "error_log": "" 115 }, 116 "rules": [ 117 "SecRuleEngine On", 118 "SecRule ARGS \"@contains test\" \"phase:2,id:1,t:trim,skipAfter:HERE_GOES_A_MARKER\"", 119 "SecRule ARGS \"@contains test1\" \"phase:2,id:2,t:trim\"", 120 "SecRule ARGS \"@contains test2\" \"phase:2,id:3,t:trim\"", 121 "SecRule ARGS \"@contains test3\" \"phase:2,id:4,t:trim\"", 122 "SecRule ARGS \"@contains test4\" \"phase:2,id:5,t:trim\"", 123 "SecAction \"phase:2,nolog,pass\"", 124 "SecMarker HERE_GOES_A_MARKER", 125 "SecRule ARGS \"@contains test5\" \"phase:2,id:6,t:trim\"" 126 ] 127 } 128] 129