|
172 | 172 | "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" |
173 | 173 | ] |
174 | 174 | }, |
| 175 | + { |
| 176 | + "enabled": 1, |
| 177 | + "version_min": 300000, |
| 178 | + "version_max": 0, |
| 179 | + "title": "auditlog : basic parser test - JSON", |
| 180 | + "client": { |
| 181 | + "ip": "200.249.12.31", |
| 182 | + "port": 2313 |
| 183 | + }, |
| 184 | + "server": { |
| 185 | + "ip": "200.249.12.31", |
| 186 | + "port": 80 |
| 187 | + }, |
| 188 | + "request": { |
| 189 | + "headers": { |
| 190 | + "Host": "www.modsecurity.org", |
| 191 | + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", |
| 192 | + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", |
| 193 | + "Accept-Language": "en-us,en;q=0.5", |
| 194 | + "Accept-Encoding": "gzip,deflate", |
| 195 | + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", |
| 196 | + "Keep-Alive": "300", |
| 197 | + "Connection": "keep-alive", |
| 198 | + "Pragma": "no-cache", |
| 199 | + "Cache-Control": "no-cache" |
| 200 | + }, |
| 201 | + "uri": "\/test.pl?param1= test ¶m2=test2", |
| 202 | + "method": "GET", |
| 203 | + "http_version": 1.1, |
| 204 | + "body": "" |
| 205 | + }, |
| 206 | + "response": { |
| 207 | + "headers": { |
| 208 | + "Content-Type": "plain\/text\n\r" |
| 209 | + }, |
| 210 | + "body": [ |
| 211 | + "test" |
| 212 | + ] |
| 213 | + }, |
| 214 | + "expected": { |
| 215 | + "audit_log": "{\"transaction\":{\"client_ip\":\"200.249.12.31\",\"time_stamp\":\"\\S{3} \\S{3} \\d{2} \\d{2}:\\d{2}:\\d{2} \\d{4}\"", |
| 216 | + "debug_log": "", |
| 217 | + "error_log": "", |
| 218 | + "http_code": 403 |
| 219 | + }, |
| 220 | + "rules": [ |
| 221 | + "SecRuleEngine On", |
| 222 | + "SecRule ARGS \"@contains test\" \"id:1,t:trim,deny,auditlog\"", |
| 223 | + "SecAuditEngine RelevantOnly", |
| 224 | + "SecAuditLogFormat JSON", |
| 225 | + "SecAuditLogParts ABCFHZ", |
| 226 | + "SecAuditLogStorageDir /tmp/test", |
| 227 | + "SecAuditLog /tmp/audit_test_parallel.log", |
| 228 | + "SecAuditLogDirMode 0766", |
| 229 | + "SecAuditLogFileMode 0600", |
| 230 | + "SecAuditLogType Serial", |
| 231 | + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" |
| 232 | + ] |
| 233 | + }, |
175 | 234 | { |
176 | 235 | "enabled": 1, |
177 | 236 | "version_min": 300000, |
|
0 commit comments