Skip to content

Commit 9f831cf

Browse files
mlevogiannismlevogiannis
committed
Tests: Add test cases for all phases in custom error page test
1 parent 1c45440 commit 9f831cf

File tree

1 file changed

+51
-31
lines changed

1 file changed

+51
-31
lines changed

tests/modsecurity-config-custom-error-page.t

Lines changed: 51 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -55,15 +55,19 @@ http {
5555
error_page 403 /403.html;
5656
5757
location /403.html {
58-
root %%TESTDIR%%/http;
58+
alias %%TESTDIR%%/403.html;
5959
internal;
6060
}
6161
6262
location / {
6363
modsecurity on;
6464
modsecurity_rules '
6565
SecRuleEngine On
66-
SecRule ARGS "@streq root" "id:10,phase:1,auditlog,status:403,deny"
66+
SecResponseBodyAccess On
67+
SecRule ARGS:phase1 "@streq BAD" "id:10,phase:1,auditlog,status:403,deny"
68+
SecRule ARGS:phase2 "@streq BAD" "id:11,phase:2,auditlog,status:403,deny"
69+
SecRule ARGS:phase3 "@streq BAD" "id:12,phase:3,auditlog,status:403,deny"
70+
SecRule ARGS:phase4 "@streq BAD" "id:13,phase:4,auditlog,status:403,drop"
6771
SecDebugLog %%TESTDIR%%/auditlog-debug-local.txt
6872
SecDebugLogLevel 9
6973
SecAuditEngine RelevantOnly
@@ -82,7 +86,11 @@ http {
8286
modsecurity on;
8387
modsecurity_rules '
8488
SecRuleEngine On
85-
SecRule ARGS "@streq root" "id:10,phase:1,auditlog,status:403,deny"
89+
SecResponseBodyAccess On
90+
SecRule ARGS:phase1 "@streq BAD" "id:10,phase:1,auditlog,status:403,deny"
91+
SecRule ARGS:phase2 "@streq BAD" "id:11,phase:2,auditlog,status:403,deny"
92+
SecRule ARGS:phase3 "@streq BAD" "id:12,phase:3,auditlog,status:403,deny"
93+
SecRule ARGS:phase4 "@streq BAD" "id:13,phase:4,auditlog,status:403,drop"
8694
SecDebugLog %%TESTDIR%%/auditlog-debug-global.txt
8795
SecDebugLogLevel 9
8896
SecAuditEngine RelevantOnly
@@ -96,7 +104,7 @@ http {
96104
97105
location /403.html {
98106
modsecurity off;
99-
root %%TESTDIR%%/http;
107+
alias %%TESTDIR%%/403.html;
100108
internal;
101109
}
102110
@@ -107,31 +115,28 @@ http {
107115
EOF
108116

109117
my $index_txt = "This is the index page.";
110-
my $custom_txt = "This is a custom error page.";
118+
my $error_txt = "This is a custom error page.";
111119

112120
$t->write_file("/index.html", $index_txt);
113-
mkdir($t->testdir() . '/http');
114-
$t->write_file("/http/403.html", $custom_txt);
121+
$t->write_file("/403.html", $error_txt);
115122

123+
$t->todo_alerts();
116124
$t->run();
117-
$t->plan(10);
125+
$t->plan(32);
118126

119127
###############################################################################
120128

121129
my $d = $t->testdir();
122130

123-
my $t1;
124-
my $t2;
125-
my $t3;
126-
my $t4;
127-
128131
# Performing requests to a server with ModSecurity enabled at location context
129-
$t1 = http_get_host('s1', '/index.html?what=root');
130-
$t2 = http_get_host('s1', '/index.html?what=other');
131-
132-
# Performing requests to a server with ModSecurity enabled at server context
133-
$t3 = http_get_host('s2', '/index.html?what=root');
134-
$t4 = http_get_host('s2', '/index.html?what=other');
132+
like(http_get_host('s1', '/?phase1=BAD'), qr/$error_txt/, 'location context, phase 1, error page');
133+
like(http_get_host('s1', '/?phase1=GOOD'), qr/$index_txt/, 'location context, phase 1, index page');
134+
like(http_get_host('s1', '/?phase2=BAD'), qr/$error_txt/, 'location context, phase 2, error page');
135+
like(http_get_host('s1', '/?phase2=GOOD'), qr/$index_txt/, 'location context, phase 2, index page');
136+
like(http_get_host('s1', '/?phase3=BAD'), qr/$error_txt/, 'location context, phase 3, error page');
137+
like(http_get_host('s1', '/?phase3=GOOD'), qr/$index_txt/, 'location context, phase 3, index page');
138+
is(http_get_host('s1', '/?phase4=BAD'), '', 'location context, phase 4, drop');
139+
like(http_get_host('s1', '/?phase4=GOOD'), qr/$index_txt/, 'location context, phase 4, index page');
135140

136141
my $local = do {
137142
local $/ = undef;
@@ -140,25 +145,40 @@ my $local = do {
140145
<$fh>;
141146
};
142147

148+
like($local, qr/phase1=BAD/, 'location context, phase 1, BAD in auditlog');
149+
unlike($local, qr/phase1=GOOD/, 'location context, phase 1, GOOD not in auditlog');
150+
like($local, qr/phase2=BAD/, 'location context, phase 2, BAD in auditlog');
151+
unlike($local, qr/phase2=GOOD/, 'location context, phase 2, GOOD not in auditlog');
152+
like($local, qr/phase3=BAD/, 'location context, phase 3, BAD in auditlog');
153+
unlike($local, qr/phase3=GOOD/, 'location context, phase 3, GOOD not in auditlog');
154+
like($local, qr/phase4=BAD/, 'location context, phase 4, BAD in auditlog');
155+
unlike($local, qr/phase4=GOOD/, 'location context, phase 4, GOOD not in auditlog');
156+
157+
# Performing requests to a server with ModSecurity enabled at server context
158+
like(http_get_host('s2', '/?phase1=BAD'), qr/$error_txt/, 'server context, phase 1, error page');
159+
like(http_get_host('s2', '/?phase1=GOOD'), qr/$index_txt/, 'server context, phase 1, index page');
160+
like(http_get_host('s2', '/?phase2=BAD'), qr/$error_txt/, 'server context, phase 2, error page');
161+
like(http_get_host('s2', '/?phase2=GOOD'), qr/$index_txt/, 'server context, phase 2, index page');
162+
like(http_get_host('s2', '/?phase3=BAD'), qr/$error_txt/, 'server context, phase 3, error page');
163+
like(http_get_host('s2', '/?phase3=GOOD'), qr/$index_txt/, 'server context, phase 3, index page');
164+
is(http_get_host('s2', '/?phase4=BAD'), '', 'server context, phase 4, drop');
165+
like(http_get_host('s2', '/?phase4=GOOD'), qr/$index_txt/, 'server context, phase 4, index page');
166+
143167
my $global = do {
144168
local $/ = undef;
145169
open my $fh, "<", "$d/auditlog-global.txt"
146170
or die "could not open: $!";
147171
<$fh>;
148172
};
149173

150-
like($t1, qr/$custom_txt/, 'ModSecurity at location / root');
151-
like($t2, qr/$index_txt/, 'ModSecurity at location / other');
152-
like($local, qr/what=root/, 'ModSecurity at location / root present in auditlog');
153-
unlike($local, qr/what=other/, 'ModSecurity at location / other not present in auditlog');
154-
155-
like($t3, qr/$custom_txt/, 'ModSecurity at server / root');
156-
like($t4, qr/$index_txt/, 'ModSecurity at server / other');
157-
like($global, qr/what=root/, 'ModSecurity at server / root present in auditlog');
158-
unlike($global, qr/what=other/, 'ModSecurity at server / other not present in auditlog');
159-
160-
like($local, qr/Access denied with code 403/, 'ModSecurity at location / 403 in auditlog');
161-
like($global, qr/Access denied with code 403/, 'ModSecurity at server / 403 in auditlog');
174+
like($global, qr/phase1=BAD/, 'server context, phase 1, BAD in auditlog');
175+
unlike($global, qr/phase1=GOOD/, 'server context, phase 1, GOOD not in auditlog');
176+
like($global, qr/phase2=BAD/, 'server context, phase 2, BAD in auditlog');
177+
unlike($global, qr/phase2=GOOD/, 'server context, phase 2, GOOD not in auditlog');
178+
like($global, qr/phase3=BAD/, 'server context, phase 3, BAD in auditlog');
179+
unlike($global, qr/phase3=GOOD/, 'server context, phase 3, GOOD not in auditlog');
180+
like($global, qr/phase4=BAD/, 'server context, phase 4, BAD in auditlog');
181+
unlike($global, qr/phase4=GOOD/, 'server context, phase 4, GOOD not in auditlog');
162182

163183
###############################################################################
164184

0 commit comments

Comments
 (0)