diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c
index 8deeb01c9..073fefe12 100644
--- a/apache2/apache2_io.c
+++ b/apache2/apache2_io.c
@@ -299,15 +299,16 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
#endif
}
+ if (msr->reqbody_length + buflen > (apr_size_t)msr->txcfg->reqbody_limit && msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL) {
+ buflen = (apr_size_t)msr->txcfg->reqbody_limit - msr->reqbody_length;
+ finished_reading = 1;
+ modsecurity_request_body_enable_partial_processing(msr);
+ }
+
msr->reqbody_length += buflen;
if (buflen != 0) {
int rcbs = modsecurity_request_body_store(msr, buf, buflen, error_msg);
-
- if (msr->reqbody_length > (apr_size_t)msr->txcfg->reqbody_limit && msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL) {
- finished_reading = 1;
- }
-
if (rcbs < 0) {
if (rcbs == -5) {
if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
@@ -351,11 +352,13 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
msr->if_status = IF_STATUS_WANTS_TO_RUN;
- if (rcbe == -5) {
- return HTTP_REQUEST_ENTITY_TOO_LARGE;
- }
- if (rcbe < 0) {
- return HTTP_INTERNAL_SERVER_ERROR;
+ if (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT) {
+ if (rcbe == -5) {
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
+ }
+ if (rcbe < 0) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
}
return APR_SUCCESS;
}
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index 289471703..b26e3a8f9 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -279,6 +279,7 @@ struct modsec_rec {
unsigned int if_started_forwarding;
apr_size_t reqbody_length;
+ unsigned int reqbody_partial_proessing_enabled;
apr_bucket_brigade *of_brigade;
unsigned int of_status;
@@ -736,6 +737,8 @@ apr_status_t DSOLOCAL modsecurity_request_body_start(modsec_rec *msr, char **err
apr_status_t DSOLOCAL modsecurity_request_body_store(modsec_rec *msr,
const char *data, apr_size_t length, char **error_msg);
+void DSOLOCAL modsecurity_request_body_enable_partial_processing(modsec_rec *msr);
+
apr_status_t DSOLOCAL modsecurity_request_body_end(modsec_rec *msr, char **error_msg);
apr_status_t DSOLOCAL modsecurity_request_body_to_stream(modsec_rec *msr, const char *buffer, int buflen, char **error_msg);
diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index cae7bf4f7..234fea2eb 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -187,7 +187,7 @@ static int yajl_start_array(void *ctx) {
msr->json->current_depth++;
if (msr->json->current_depth > msr->txcfg->reqbody_json_depth_limit) {
msr->json->depth_limit_exceeded = 1;
- return 0;
+ return 0;
}
if (msr->txcfg->debuglog_level >= 9) {
@@ -262,7 +262,7 @@ static int yajl_start_map(void *ctx)
msr->json->current_depth++;
if (msr->json->current_depth > msr->txcfg->reqbody_json_depth_limit) {
msr->json->depth_limit_exceeded = 1;
- return 0;
+ return 0;
}
if (msr->txcfg->debuglog_level >= 9) {
@@ -367,6 +367,10 @@ int json_init(modsec_rec *msr, char **error_msg) {
return 1;
}
+void json_allow_partial_values(modsec_rec *msr) {
+ (void)yajl_config(msr->json->handle, yajl_allow_partial_values, 1);
+}
+
/**
* Feed one chunk of data to the JSON parser.
*/
@@ -380,16 +384,16 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
/* Feed our parser and catch any errors */
msr->json->status = yajl_parse(msr->json->handle, buf, size);
if (msr->json->status != yajl_status_ok) {
- if (msr->json->depth_limit_exceeded) {
- *error_msg = "JSON depth limit exceeded";
- } else {
- if (msr->json->yajl_error) *error_msg = msr->json->yajl_error;
- else {
- char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
- *error_msg = apr_pstrdup(msr->mp, yajl_err);
- yajl_free_error(msr->json->handle, yajl_err);
+ if (msr->json->depth_limit_exceeded) {
+ *error_msg = "JSON depth limit exceeded";
+ } else {
+ if (msr->json->yajl_error) *error_msg = msr->json->yajl_error;
+ else {
+ char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
+ *error_msg = apr_pstrdup(msr->mp, yajl_err);
+ yajl_free_error(msr->json->handle, yajl_err);
+ }
}
- }
return -1;
}
@@ -409,13 +413,13 @@ int json_complete(modsec_rec *msr, char **error_msg) {
/* Wrap up the parsing process */
msr->json->status = yajl_complete_parse(msr->json->handle);
if (msr->json->status != yajl_status_ok) {
- if (msr->json->depth_limit_exceeded) {
- *error_msg = "JSON depth limit exceeded";
- } else {
- char *yajl_err = yajl_get_error(msr->json->handle, 0, NULL, 0);
- *error_msg = apr_pstrdup(msr->mp, yajl_err);
- yajl_free_error(msr->json->handle, yajl_err);
- }
+ if (msr->json->depth_limit_exceeded) {
+ *error_msg = "JSON depth limit exceeded";
+ } else {
+ char *yajl_err = yajl_get_error(msr->json->handle, 0, NULL, 0);
+ *error_msg = apr_pstrdup(msr->mp, yajl_err);
+ yajl_free_error(msr->json->handle, yajl_err);
+ }
return -1;
}
diff --git a/apache2/msc_json.h b/apache2/msc_json.h
index 089dab476..c5fbc80df 100644
--- a/apache2/msc_json.h
+++ b/apache2/msc_json.h
@@ -48,6 +48,8 @@ struct json_data {
int DSOLOCAL json_init(modsec_rec *msr, char **error_msg);
+void DSOLOCAL json_allow_partial_values(modsec_rec *msr);
+
int DSOLOCAL json_process(modsec_rec *msr, const char *buf,
unsigned int size, char **error_msg);
diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index dc24248de..184c5d2c3 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -421,7 +421,7 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) {
if (data == msr->mpd->buf) {
*error_msg = apr_psprintf(msr->mp, "Multipart: Invalid part header (header name missing).");
- return -1;
+ return -1;
}
/* check if multipart header contains any invalid characters */
@@ -1023,38 +1023,94 @@ int multipart_complete(modsec_rec *msr, char **error_msg) {
* processed yet) in the buffer.
*/
if (msr->mpd->buf_contains_line) {
- if ( ((unsigned int)(MULTIPART_BUF_SIZE - msr->mpd->bufleft) == (4 + strlen(msr->mpd->boundary)))
+ /*
+ * Note that the buffer may end with the final boundary followed by only CR,
+ * coming from the [CRLF epilogue], when allow_process_partial == 1 (which is
+ * set when SecRequestBodyLimitAction is ProcessPartial and the request body
+ * length exceeds SecRequestBodyLimit).
+ *
+ * The following definitions are copied from RFC 2046:
+ *
+ * dash-boundary := "--" boundary
+ *
+ * delimiter := CRLF dash-boundary
+ *
+ * close-delimiter := delimiter "--"
+ *
+ * multipart-body := [preamble CRLF]
+ * dash-boundary transport-padding CRLF
+ * body-part *encapsulation
+ * close-delimiter transport-padding
+ * [CRLF epilogue]
+ */
+ unsigned int buf_data_len = (unsigned int)(MULTIPART_BUF_SIZE - msr->mpd->bufleft);
+ size_t boundary_len = strlen(msr->mpd->boundary);
+ if ( (buf_data_len >= 2 + boundary_len)
&& (*(msr->mpd->buf) == '-')
&& (*(msr->mpd->buf + 1) == '-')
- && (strncmp(msr->mpd->buf + 2, msr->mpd->boundary, strlen(msr->mpd->boundary)) == 0)
- && (*(msr->mpd->buf + 2 + strlen(msr->mpd->boundary)) == '-')
- && (*(msr->mpd->buf + 2 + strlen(msr->mpd->boundary) + 1) == '-') )
+ && (strncmp(msr->mpd->buf + 2, msr->mpd->boundary, boundary_len) == 0) )
{
- if ((msr->mpd->crlf_state_buf_end == 2) && (msr->mpd->flag_lf_line != 1)) {
- msr->mpd->flag_lf_line = 1;
- if (msr->mpd->flag_crlf_line) {
- msr_log(msr, 4, "Multipart: Warning: mixed line endings used (CRLF/LF).");
- } else {
- msr_log(msr, 4, "Multipart: Warning: incorrect line endings used (LF).");
+ if ( (buf_data_len >= 2 + boundary_len + 2)
+ && (*(msr->mpd->buf + 2 + boundary_len) == '-')
+ && (*(msr->mpd->buf + 2 + boundary_len + 1) == '-') )
+ {
+ /* If body fits in limit and ends with final boundary plus just CR, reject it. */
+ if ( (msr->mpd->allow_process_partial == 0)
+ && (buf_data_len == 2 + boundary_len + 2 + 1)
+ && (*(msr->mpd->buf + 2 + boundary_len + 2) == '\r') )
+ {
+ *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid epilogue after final boundary.");
+ return -1;
}
+
+ if ((msr->mpd->crlf_state_buf_end == 2) && (msr->mpd->flag_lf_line != 1)) {
+ msr->mpd->flag_lf_line = 1;
+ if (msr->mpd->flag_crlf_line) {
+ msr_log(msr, 4, "Multipart: Warning: mixed line endings used (CRLF/LF).");
+ } else {
+ msr_log(msr, 4, "Multipart: Warning: incorrect line endings used (LF).");
+ }
+ }
+ if (msr->mpd->mpp_substate_part_data_read == 0) {
+ /* it looks like the final boundary, but it's where part data should begin */
+ msr->mpd->flag_invalid_part = 1;
+ msr_log(msr, 4, "Multipart: Warning: Invalid part (data contains final boundary)");
+ }
+ /* Looks like the final boundary - process it. */
+ if (multipart_process_boundary(msr, 1 /* final */, error_msg) < 0) {
+ msr->mpd->flag_error = 1;
+ return -1;
+ }
+
+ /* The payload is complete after all. */
+ msr->mpd->is_complete = 1;
}
- if (msr->mpd->mpp_substate_part_data_read == 0) {
- /* it looks like the final boundary, but it's where part data should begin */
- msr->mpd->flag_invalid_part = 1;
- msr_log(msr, 4, "Multipart: Warning: Invalid part (data contains final boundary)");
- }
- /* Looks like the final boundary - process it. */
- if (multipart_process_boundary(msr, 1 /* final */, error_msg) < 0) {
- msr->mpd->flag_error = 1;
- return -1;
+ else if (msr->mpd->allow_process_partial == 1) {
+ if (buf_data_len >= 2 + boundary_len + 1) {
+ if (*(msr->mpd->buf + 2 + boundary_len) == '-') {
+ if ( (buf_data_len >= 2 + boundary_len + 2)
+ && (*(msr->mpd->buf + 2 + boundary_len + 1) != '-') ) {
+ *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid final boundary.");
+ return -1;
+ }
+ }
+ else if ( (*(msr->mpd->buf + 2 + boundary_len) != '\r')
+ || ((buf_data_len >= 2 + boundary_len + 2)
+ && (*(msr->mpd->buf + 2 + boundary_len + 1) != '\n')) ) {
+ *error_msg = apr_psprintf(msr->mp, "Multipart: Invalid boundary.");
+ return -1;
+ }
+ }
+ /* process it as a non-final boundary to avoid building a new part. */
+ if (multipart_process_boundary(msr, 0, error_msg) < 0) {
+ msr->mpd->flag_error = 1;
+ return -1;
+ }
}
-
- /* The payload is complete after all. */
- msr->mpd->is_complete = 1;
}
}
- if (msr->mpd->is_complete == 0) {
+ if (msr->mpd->is_complete == 0 && msr->mpd->allow_process_partial == 0) {
*error_msg = apr_psprintf(msr->mp, "Multipart: Final boundary missing.");
return -1;
}
@@ -1296,10 +1352,10 @@ int multipart_process_chunk(modsec_rec *msr, const char *buf,
if (c == 0x0a) {
if (msr->mpd->crlf_state == 1) {
msr->mpd->crlf_state = 3;
- } else {
+ } else {
msr->mpd->crlf_state = 2;
- }
- }
+ }
+ }
msr->mpd->crlf_state_buf_end = msr->mpd->crlf_state;
}
diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h
index a9c20b9b1..8dfd47381 100644
--- a/apache2/msc_multipart.h
+++ b/apache2/msc_multipart.h
@@ -124,6 +124,7 @@ struct multipart_data {
int seen_data;
int is_complete;
+ int allow_process_partial;
int flag_error;
int flag_data_before;
diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c
index 793549a5f..bbd4ba0c8 100644
--- a/apache2/msc_parsers.c
+++ b/apache2/msc_parsers.c
@@ -313,7 +313,7 @@ int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
value = &buf[j];
}
}
- else {
+ else if (i < inputlength || msr->reqbody_partial_proessing_enabled == 0) {
arg->value_len = urldecode_nonstrict_inplace_ex((unsigned char *)value, arg->value_origin_len, invalid_count, &changed);
arg->value = apr_pstrmemdup(msr->mp, value, arg->value_len);
@@ -330,7 +330,7 @@ int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
}
/* the last parameter was empty */
- if (status == 1) {
+ if (status == 1 && msr->reqbody_partial_proessing_enabled == 0) {
arg->value_len = 0;
arg->value = "";
diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c
index 0877c8259..4409d2bd0 100644
--- a/apache2/msc_reqbody.c
+++ b/apache2/msc_reqbody.c
@@ -406,19 +406,20 @@ apr_status_t modsecurity_request_body_store(modsec_rec *msr,
}
/* Check that we are not over the request body no files limit. */
- if (msr->msc_reqbody_no_files_length >= (unsigned long) msr->txcfg->reqbody_no_files_limit) {
+ if (msr->msc_reqbody_no_files_length > (unsigned long) msr->txcfg->reqbody_no_files_limit) {
*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
if (msr->txcfg->debuglog_level >= 1) {
msr_log(msr, 1, "%s", *error_msg);
}
- msr->msc_reqbody_error = 1;
+ if (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)
+ msr->msc_reqbody_error = 1;
- if ((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
+ if ((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
return -5;
- } else if (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL) {
- if(msr->txcfg->is_enabled == MODSEC_ENABLED)
+ } else if (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL) {
+ if (msr->txcfg->is_enabled == MODSEC_ENABLED)
return -5;
}
}
@@ -438,6 +439,28 @@ apr_status_t modsecurity_request_body_store(modsec_rec *msr,
return -1;
}
+/**
+ * Enable partial processing of request body data.
+ */
+void modsecurity_request_body_enable_partial_processing(modsec_rec *msr) {
+ msr->reqbody_partial_proessing_enabled = 1;
+ if (strcmp(msr->msc_reqbody_processor, "MULTIPART") == 0) {
+ msr->mpd->allow_process_partial = 1;
+ msr_log(msr, 4, "Multipart: Allow partial processing of request body");
+ }
+ else if (strcmp(msr->msc_reqbody_processor, "XML") == 0) {
+ msr->xml->allow_ill_formed = 1;
+ msr_log(msr, 4, "XML: Allow partial processing of request body");
+ }
+ else if (strcmp(msr->msc_reqbody_processor, "JSON") == 0) {
+ json_allow_partial_values(msr);
+ msr_log(msr, 4, "JSON: Allow partial processing of request body");
+ }
+ else if (strcmp(msr->msc_reqbody_processor, "URLENCODED") == 0) {
+ msr_log(msr, 4, "URLENCODED: Allow partial processing of request body");
+ }
+}
+
apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, const char *buffer, int buflen, char **error_msg) {
assert(msr != NULL);
assert(error_msg != NULL);
@@ -671,7 +694,7 @@ apr_status_t modsecurity_request_body_end(modsec_rec *msr, char **error_msg) {
/* Check that we are not over the request body no files limit. */
- if (msr->msc_reqbody_no_files_length >= (unsigned long)msr->txcfg->reqbody_no_files_limit) {
+ if (msr->msc_reqbody_no_files_length > (unsigned long)msr->txcfg->reqbody_no_files_limit) {
*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
if (msr->txcfg->debuglog_level >= 1) {
diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c
index 4f0e07ca0..9222b0176 100644
--- a/apache2/msc_xml.c
+++ b/apache2/msc_xml.c
@@ -267,7 +267,7 @@ int xml_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
if (msr->xml->parsing_ctx != NULL &&
msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_ONLYARGS) {
xmlParseChunk(msr->xml->parsing_ctx, buf, size, 0);
- if (msr->xml->parsing_ctx->wellFormed != 1) {
+ if (!msr->xml->allow_ill_formed && msr->xml->parsing_ctx->wellFormed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed to parse document.");
return -1;
}
@@ -318,7 +318,7 @@ int xml_complete(modsec_rec *msr, char **error_msg) {
msr->xml->parsing_ctx = NULL;
msr_log(msr, 4, "XML: Parsing complete (well_formed %u).", msr->xml->well_formed);
- if (msr->xml->well_formed != 1) {
+ if (!msr->xml->allow_ill_formed && msr->xml->well_formed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed to parse document.");
return -1;
}
diff --git a/apache2/msc_xml.h b/apache2/msc_xml.h
index 73999443a..b56905dbc 100644
--- a/apache2/msc_xml.h
+++ b/apache2/msc_xml.h
@@ -43,6 +43,7 @@ struct xml_data {
xmlDocPtr doc;
unsigned int well_formed;
+ unsigned int allow_ill_formed;
/* error reporting and XML array flag */
char *xml_error;
diff --git a/tests/regression/config/10-request-directives.t b/tests/regression/config/10-request-directives.t
index d5c6f143b..2019b0f20 100644
--- a/tests/regression/config/10-request-directives.t
+++ b/tests/regression/config/10-request-directives.t
@@ -501,7 +501,7 @@
SecRequestBodyLimit 20
),
match_log => {
- debug => [ qr/Request body is larger than the configured limit \(20\).. Deny with code \(413\)/, 1 ],
+ debug => [ qr/Request body is larger than the configured limit \(20\)./, 1 ],
},
match_response => {
status => qr/^413$/,
@@ -545,7 +545,7 @@
SecRequestBodyLimit 131072
),
match_log => {
- -debug => [ qr/Request body is larger than the configured limit \(131072\).. Deny with code \(413\)/, 1 ],
+ -debug => [ qr/Request body is larger than the configured limit \(131072\)./, 1 ],
},
match_response => {
status => qr/^413$/,
@@ -578,10 +578,10 @@
SecRequestBodyLimit 131072
),
match_log => {
- error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
+ -error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
},
match_response => {
- status => qr/^500$/,
+ status => qr/^200$/,
},
request => normalize_raw_request_data(
qq(
@@ -643,100 +643,338 @@
# ),
#},
+# SecRequestBodyLimitAction ProcessPartial
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/bad_name before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 59
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_NAME "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="bad_name"
+ ),
+ ) . "\r\n" . "a",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/bad_name after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 58
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_NAME "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="bad_name"
+ ),
+ ) . "\r\n",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/bad_filename before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 81
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_FILENAME "bad_filename" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="bad_filename"
+ ),
+ ) . "\r\n" . "a",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/bad_filename after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 80
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_FILENAME "bad_filename" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="bad_filename"
+ ),
+ ) . "\r\n",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/no epilogue)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 176
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ -error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
+ ],
+ normalize_raw_request_data(
+ q(
+ -----------------------------69343412719991675451336310646
+ Content-Disposition: form-data; name="name1"
+ value1
+ -----------------------------69343412719991675451336310646--),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CR after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 176
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ -error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
+ ],
+ normalize_raw_request_data(
+ q(
+ -----------------------------69343412719991675451336310646
+ Content-Disposition: form-data; name="name1"
-
-
-# SecCookieFormat
+ value1
+ -----------------------------69343412719991675451336310646--) . "\r",
+ ),
+ ),
+},
{
type => "config",
- comment => "SecCookieFormat (pos)",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CR just in limit)",
conf => qq(
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
- SecDebugLogLevel 5
- SecCookieFormat 1
- SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500231"
- SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
- SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 177
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
),
match_log => {
- error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ],
- debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
+ -error => [ qr/"Multipart: Invalid epilogue after final boundary."/, 1],
},
match_response => {
- status => qr/^403$/,
+ status => qr/^400$/,
},
request => new HTTP::Request(
- GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
- "Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
+ "Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
],
- undef,
+ normalize_raw_request_data(
+ q(
+ -----------------------------69343412719991675451336310646
+ Content-Disposition: form-data; name="name1"
+
+ value1
+ -----------------------------69343412719991675451336310646--) . "\r",
+ ),
),
},
{
type => "config",
- comment => "SecCookieFormat (neg)",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF across limit)",
conf => qq(
SecRuleEngine On
SecDebugLog $ENV{DEBUG_LOG}
- SecDebugLogLevel 5
- SecCookieFormat 0
- SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500234"
- SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
- SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 177
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
),
match_log => {
- -error => [ qr/Access denied/, 1 ],
- -debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
+ -error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
- GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
- "Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
+ "Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
],
- undef,
+ normalize_raw_request_data(
+ q(
+ -----------------------------69343412719991675451336310646
+ Content-Disposition: form-data; name="name1"
+
+ value1
+ -----------------------------69343412719991675451336310646--
+ ),
+ ),
),
},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CR before limit, non-LF after)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 177
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ -error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
+ ],
+ normalize_raw_request_data(
+ q(
+ -----------------------------69343412719991675451336310646
+ Content-Disposition: form-data; name="name1"
-# SecArgumentsLimit
+ value1
+ -----------------------------69343412719991675451336310646--) . "\rbad epilogue after just CR",
+ ),
+ ),
+},
{
type => "config",
- comment => "SecArgumentsLimit (pos)",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/empty epilogue just in limit)",
conf => qq(
SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
SecRequestBodyAccess On
- SecArgumentsLimit 5
- SecRule REQBODY_ERROR "!\@eq 0" "id:'500232',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 178
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
),
match_log => {
- error => [ qr/Access denied with code 403 /, 1 ],
+ -error => [ qr/Multipart parsing error: Multipart: Final boundary missing./, 1],
},
match_response => {
- status => qr/^403$/,
+ status => qr/^200$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
- "Content-Type" => "application/x-www-form-urlencoded",
+ "Content-Type" => "multipart/form-data; boundary=---------------------------69343412719991675451336310646",
],
- "a=1&b=2&c=3&d=4&e=5&f=6",
+ normalize_raw_request_data(
+ q(
+ -----------------------------69343412719991675451336310646
+ Content-Disposition: form-data; name="name1"
+
+ value1
+ -----------------------------69343412719991675451336310646--
+ ),
+ ),
),
},
{
type => "config",
- comment => "SecArgumentsLimit (neg)",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in part across limit #1)",
conf => qq(
SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
SecRequestBodyAccess On
- SecArgumentsLimit 5
- SecRule REQBODY_ERROR "!\@eq 0" "id:'500233',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 114
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
),
match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 115 bytes./, 1],
},
match_response => {
status => qr/^200$/,
@@ -744,9 +982,1481 @@
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
- "Content-Type" => "application/x-www-form-urlencoded",
+ "Content-Type" => "multipart/form-data; boundary=0000",
],
- "a=1&b=2&c=3&d=4&e=5",
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --000),
+ ) . "X",
),
},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in part before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 115
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 116 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+ value
+ --0000),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/parital/bad-header in part before limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 116
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 117 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --0000),
+ ) . "\rX",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in part before limit #3)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 117
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 118 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --0000
+ )
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in part before limit #4)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 118
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 119 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --0000
+ )
+ ) . q(C) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in part before limit #5)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 160
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 161 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --0000
+ )
+ ) . q(Content-Disposition: form-data; name="name2) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in final part across limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 116
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 117 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --0000-),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in final part before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 117
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 118 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: bad_type
+
+ value
+ --0000--),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in final part across limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 205
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 206 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: text/plain
+
+ value
+ --0000
+ Content-Disposition: form-data; name="name2"
+ Content-Type: bad_type
+
+ value
+ --0000-),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/bad-header in final part before limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 206
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 207 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: text/plain
+
+ value
+ --0000
+ Content-Disposition: form-data; name="name2"
+ Content-Type: bad_type
+
+ value
+ --0000--),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/invalid boundary before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 118
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 119 bytes./, 1],
+ error => [ qr/Multipart parsing error: Multipart: Invalid boundary./, 1],
+ },
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: text/plain
+
+ value
+ --0000!)
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/invalid boundary before limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 119
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 120 bytes./, 1],
+ error => [ qr/Multipart parsing error: Multipart: Invalid boundary./, 1],
+ },
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: text/plain
+
+ value
+ --0000)
+ ) . "\r!" . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/CRLF/partial/invalid final boundary before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 119
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 120 bytes./, 1],
+ error => [ qr/Multipart parsing error: Multipart: Invalid final boundary./, 1],
+ },
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ normalize_raw_request_data(
+ q(
+ --0000
+ Content-Disposition: form-data; name="name1"; filename="name1.txt"
+ Content-Type: text/plain
+
+ value
+ --0000-!),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/bad-header in part across limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 109
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 110 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--000),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/bad-header in part before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 110
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 111 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/parital/bad-header in part before limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 111
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 112 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000),
+ ) . "\n" . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/parital/bad-header in part before limit #3)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 112
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 113 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000),
+ q(C),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/parital/bad-header in part before limit #4)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 154
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS:name1 "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 155 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000),
+ q(Content-Disposition: form-data; name="name2),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/bad-header in final part across limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 111
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 112 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000-),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/bad-header in final part before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 112
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 113 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000--),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/bad-header in final part across limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 195
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 196 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: text/plain),
+ q(),
+ q(value),
+ q(--0000),
+ q(Content-Disposition: form-data; name="name2"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000-),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/bad-header in final part before limit #2)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 196
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_PART_HEADERS "content-type:.*bad_type" "id:'200002',phase:2,t:none,t:lowercase,deny
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 197 bytes./, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: text/plain),
+ q(),
+ q(value),
+ q(--0000),
+ q(Content-Disposition: form-data; name="name2"),
+ q(Content-Type: bad_type),
+ q(),
+ q(value),
+ q(--0000--),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/invalid boundary before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 113
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 114 bytes./, 1],
+ error => [ qr/Multipart parsing error: Multipart: Invalid boundary./, 1],
+ },
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: text/plain),
+ q(),
+ q(value),
+ q(--0000!),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (multipart/LF/partial/invalid final boundary before limit #1)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 114
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ ),
+ match_log => {
+ debug => [ qr/Input filter: Bucket type HEAP contains 115 bytes./, 1],
+ error => [ qr/Multipart parsing error: Multipart: Invalid final boundary./, 1],
+ },
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "multipart/form-data; boundary=0000",
+ ],
+ join("\n",
+ q(--0000),
+ q(Content-Disposition: form-data; name="name1"; filename="name1.txt"),
+ q(Content-Type: text/plain),
+ q(),
+ q(value),
+ q(--0000-!),
+ ) . "X",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/entire/bad_name without value)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 8
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(bad_name),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/partial/bad_name without value without delimeter before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 8
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(bad_nameX),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/partial/bad_name without value with delimiter before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 9
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(bad_name&X),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/entire/bad_name with value)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 10
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(bad_name=1),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/partial/bad_name with value without delimeter before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 10
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(bad_name=1X),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/partial/bad_name with value with delimiter before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 11
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(bad_name=1&X),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/entire/bad_value)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 11
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(a=bad_value),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/partial/bad_value without delimeter before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 11
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(a=bad_valueX),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (url-encoded/partial/bad_value with delimeter before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 12
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ normalize_raw_request_data(
+ q(a=bad_value&X),
+ ),
+ ),
+},{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (json/bad_name after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 12
+ SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ normalize_raw_request_data(
+ q({"bad_name":1}),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (json/bad_name before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 13
+ SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS_NAMES "bad_name" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ normalize_raw_request_data(
+ q({"bad_name":1}),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (json/bad_value after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 15
+ SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ normalize_raw_request_data(
+ q({"a":"bad_value"}),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (json/bad_value before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 16
+ SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ normalize_raw_request_data(
+ q({"a":"bad_value"}),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (json/ill-formed after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 17
+ SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ normalize_raw_request_data(
+ q({"a":"bad_value"}]),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (json/ill-formed before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 18
+ SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ normalize_raw_request_data(
+ q({"a":"bad_value"}]),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (xml/bad_value after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 11
+ SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule XML:/* "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/xml",
+ ],
+ normalize_raw_request_data(
+ q(bad_value),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (xml/bad_value before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 12
+ SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule XML:/* "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/xml",
+ ],
+ normalize_raw_request_data(
+ q(bad_value),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (xml/ill-formed after limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 19
+ SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule XML:/* "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/xml",
+ ],
+ normalize_raw_request_data(
+ q(bad_value),
+ ),
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyLimitAction ProcessPartial (xml/ill-formed before limit)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 20
+ SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule XML:/* "bad_value" "id:'200002',phase:2,t:none,deny
+ ),
+ match_response => {
+ status => qr/^400$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/xml",
+ ],
+ normalize_raw_request_data(
+ q(bad_value),
+ ),
+ ),
+},
+
+# SecCookieFormat
+{
+ type => "config",
+ comment => "SecCookieFormat (pos)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 5
+ SecCookieFormat 1
+ SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500231"
+ SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
+ SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ],
+ debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
+ ],
+ undef,
+ ),
+},
+{
+ type => "config",
+ comment => "SecCookieFormat (neg)",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 5
+ SecCookieFormat 0
+ SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500234"
+ SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
+ SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
+ ),
+ match_log => {
+ -error => [ qr/Access denied/, 1 ],
+ -debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
+ ],
+ undef,
+ ),
+},
+
+# SecArgumentsLimit
+{
+ type => "config",
+ comment => "SecArgumentsLimit (pos)",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecArgumentsLimit 5
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'500232',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 /, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ "a=1&b=2&c=3&d=4&e=5&f=6",
+ ),
+},
+{
+ type => "config",
+ comment => "SecArgumentsLimit (neg)",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecArgumentsLimit 5
+ SecRule REQBODY_ERROR "!\@eq 0" "id:'500233',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+ ),
+ match_log => {
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ "a=1&b=2&c=3&d=4&e=5",
+ ),
+},
+
+# SecRequestBodyNoFilesLimit
+{
+ type => "config",
+ comment => "SecRequestBodyNoFilesLimit - length is equal to limit",
+ conf => q(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyNoFilesLimit 16
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ "a=0123456789ABCD",
+ ),
+},
+{
+ type => "config",
+ comment => "SecRequestBodyNoFilesLimit - length is larger than limit",
+ conf => q(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyNoFilesLimit 16
+ ),
+ match_response => {
+ status => qr/^413$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/x-www-form-urlencoded",
+ ],
+ "a=0123456789ABCDE",
+ ),
+},
diff --git a/tests/regression/rule/10-xml.t b/tests/regression/rule/10-xml.t
index ad1ed9194..0a5e35eb2 100644
--- a/tests/regression/rule/10-xml.t
+++ b/tests/regression/rule/10-xml.t
@@ -428,3 +428,96 @@
),
),
},
+{
+ type => "rule",
+ comment => "xml ProcessPartial, bad value and whole body before limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 61
+ SecXmlExternalEntity Off
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500005, \\
+ phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500006
+ SecRule XML:/* "bad_value" "id:'500007',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 \(phase 2\). Pattern match "bad_value" at XML\./, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "text/xml",
+ ],
+ normalize_raw_request_data(
+ q(bad_value),
+ ),
+ ),
+},
+{
+ type => "rule",
+ comment => "xml ProcessPartial, bad value before limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 61
+ SecXmlExternalEntity Off
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500005, \\
+ phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500006
+ SecRule XML:/* "bad_value" "id:'500007',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 \(phase 2\). Pattern match "bad_value" at XML\./, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "text/xml",
+ ],
+ normalize_raw_request_data(
+ q(bad_valueok_value),
+ ),
+ ),
+},
+{
+ type => "rule",
+ comment => "xml ProcessPartial, bad value after limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyLimit 61
+ SecXmlExternalEntity Off
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500005, \\
+ phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
+ SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500006
+ SecRule XML:/* "bad_value" "id:'500007',phase:2,t:none,deny"
+ ),
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "text/xml",
+ ],
+ normalize_raw_request_data(
+ q(12bad_value),
+ ),
+ ),
+},
diff --git a/tests/regression/rule/15-json.t b/tests/regression/rule/15-json.t
index 9c1781750..1e1c93804 100644
--- a/tests/regression/rule/15-json.t
+++ b/tests/regression/rule/15-json.t
@@ -258,6 +258,195 @@
),
),
),
-}
-
-
+},
+{
+ type => "rule",
+ comment => "LimitAction ProcessPartial, bad value and whole body before limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyNoFilesLimit 26
+ SecRequestBodyLimit 26
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" \\
+ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200003',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 \(phase 2\)\. Pattern match "bad_value" at ARGS:b\./, 1 ],
+ debug => [ qr/Adding JSON argument 'b' with value 'bad_value'|JSON support was not enabled/, 1 ],
+ -debug => [ qr/JSON: Allow partial processing of request body|JSON support was not enabled/, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ q({"a":1234,"b":"bad_value"}),
+ ),
+},
+{
+ type => "rule",
+ comment => "LimitAction ProcessPartial, bad value before limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyNoFilesLimit 26
+ SecRequestBodyLimit 26
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" \\
+ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200003',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 \(phase 2\)\. Pattern match "bad_value" at ARGS:b\./, 1 ],
+ debug => [ qr/JSON: Allow partial processing of request body|JSON support was not enabled/, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ q({"a":12345,"b":"bad_value"}),
+ ),
+},
+{
+ type => "rule",
+ comment => "LimitAction ProcessPartial, bad value after limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction ProcessPartial
+ SecRequestBodyNoFilesLimit 26
+ SecRequestBodyLimit 26
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" \\
+ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200003',phase:2,t:none,deny"
+ ),
+ match_log => {
+ debug => [ qr/JSON: Allow partial processing of request body|JSON support was not enabled/, 1 ],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ q({"a":123456,"b":"bad_value"}),
+ ),
+},
+{
+ type => "rule",
+ comment => "LimitAction Reject, bad value and whole body before limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction Reject
+ SecRequestBodyNoFilesLimit 26
+ SecRequestBodyLimit 26
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" \\
+ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200003',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Access denied with code 403 \(phase 2\)\. Pattern match "bad_value" at ARGS:b\./, 1 ],
+ debug => [ qr/Adding JSON argument 'b' with value 'bad_value'|JSON support was not enabled/, 1 ],
+ -debug => [ qr/JSON: Allow partial processing of request body|JSON support was not enabled/, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ q({"a":1234,"b":"bad_value"}),
+ ),
+},
+{
+ type => "rule",
+ comment => "LimitAction Reject, bad value before limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction Reject
+ SecRequestBodyNoFilesLimit 26
+ SecRequestBodyLimit 26
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" \\
+ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200003',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(26\)\./, 1 ],
+ },
+ match_response => {
+ status => qr/^413$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ q({"a":12345,"b":"bad_value"}),
+ ),
+},
+{
+ type => "rule",
+ comment => "LimitAction Reject, bad value after limit",
+ conf => qq(
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRequestBodyLimitAction Reject
+ SecRequestBodyNoFilesLimit 26
+ SecRequestBodyLimit 26
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRule REQUEST_HEADERS:Content-Type "application/json" \\
+ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+ SecRule REQBODY_ERROR "!\@eq 0" \\
+ "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule ARGS "bad_value" "id:'200003',phase:2,t:none,deny"
+ ),
+ match_log => {
+ error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(26\)\./, 1 ],
+ },
+ match_response => {
+ status => qr/^413$/,
+ },
+ request => new HTTP::Request(
+ POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ [
+ "Content-Type" => "application/json",
+ ],
+ q({"a":123456,"b":"bad_value"}),
+ ),
+},