Skip to content

Instantly share code, notes, and snippets.

@airween

airween/issue-3053.json

Last active February 9, 2024 21:08
Show Gist options
  • Save airween/5399baec32c7dc9a9aa30e38115c3979 to your computer and use it in GitHub Desktop.
Save airween/5399baec32c7dc9a9aa30e38115c3979 to your computer and use it in GitHub Desktop.
Download ZIP
Regression test cases for ModSecurity issue #3053
Raw
issue-3053.json
[
{
"enabled":1,
"version_min":300000,
"title":"Testing CtlRuleRemoteById (1) - issue 3053",
"expected":{
"debug_log": "Rule id: 2 was skipped due to a ruleRemoveById action...",
"http_code": 403
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/wp-login.php?whee&pwd=lhebs",
"method":"GET",
"body": [ ]
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:Host \"!@streq example.com\" \"id:1,phase:1,pass,t:none,nolog,ctl:ruleRemoveById=2\"",
"SecRule REQUEST_FILENAME \"@unconditionalMatch\" \"id:2,phase:1,pass,t:none,nolog,ctl:ruleRemoveByTag=OWASP_CRS\"",
"SecRule ARGS_NAMES \"@contains whe\" \"id:3,phase:1,t:none,nolog,deny,tag:'OWASP_CRS'\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing CtlRuleRemoteById (2) - issue 3053",
"expected":{
"debug_log": "Skipped rule id '3'. Skipped due to a ruleRemoveByTag action.",
"http_code": 200
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"example.com",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/wp-login.php?whee&pwd=lhebs",
"method":"GET",
"body": [ ]
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:Host \"!@streq example.com\" \"id:1,phase:1,pass,t:none,nolog,ctl:ruleRemoveById=2\"",
"SecRule REQUEST_FILENAME \"@unconditionalMatch\" \"id:2,phase:1,pass,t:none,nolog,ctl:ruleRemoveByTag=OWASP_CRS\"",
"SecRule ARGS_NAMES \"@contains whe\" \"id:3,phase:1,t:none,nolog,deny,tag:'OWASP_CRS'\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing CtlRuleRemoteById (3) - issue 3053",
"expected":{
"http_code": 403
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/wp-login.php?whee&pwd=lhebs",
"method":"GET",
"body": [ ]
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:Host \"!@streq example.com\" \"id:1,phase:1,pass,t:none,log,msg:'This is rule id 1',ctl:ruleRemoveById=2\"",
"SecAction \"id:2,phase:1,pass,t:none,log,msg:'This is rule id 2',ctl:ruleRemoveByTag=OWASP_CRS\"",
"SecRule ARGS_NAMES \"@contains whe\" \"id:3,phase:1,t:none,log,msg:'This is rule id 3',deny,tag:'OWASP_CRS'\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing CtlRuleRemoteById (4) - issue 3053",
"expected":{
"http_code": 200
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"example.com",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/wp-login.php?whee&pwd=lhebs",
"method":"GET",
"body": [ ]
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecRule REQUEST_HEADERS:Host \"!@streq example.com\" \"id:1,phase:1,pass,t:none,log,msg:'This is rule id 1',ctl:ruleRemoveById=2\"",
"SecAction \"id:2,phase:1,pass,t:none,log,msg:'This is rule id 2',ctl:ruleRemoveByTag=OWASP_CRS\"",
"SecRule ARGS_NAMES \"@contains whe\" \"id:3,phase:1,t:none,log,msg:'This is rule id 3',deny,tag:'OWASP_CRS'\""
]
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment