575 lines
16 KiB
Perl
Vendored
575 lines
16 KiB
Perl
Vendored
use lib 'lib';
|
|
use Test::Nginx::Socket;
|
|
|
|
plan tests => repeat_each(2) * blocks();
|
|
no_root_location();
|
|
no_long_string();
|
|
$ENV{TEST_NGINX_SERVROOT} = server_root();
|
|
run_tests();
|
|
__DATA__
|
|
=== RXWL TEST 1.0: simple wide regex ($args_var)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?bla=1999
|
|
--- error_code: 200
|
|
=== RXWL TEST 1.1: simple wide regex ($args_var)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?bra=1999
|
|
--- error_code: 412
|
|
=== RXWL TEST 1.2: simple wide regex ($args_var)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?aablaaa=1999
|
|
--- error_code: 200
|
|
=== RXWL TEST 1.3: simple end-restrictive regex ($args_var_x:..$)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla$";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?aabla=1999
|
|
--- error_code: 200
|
|
=== RXWL TEST 1.3: simple end-restrictive regex ($args_var_x:..$)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla$";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?aabla=1999
|
|
--- error_code: 200
|
|
=== RXWL TEST 1.4: simple end-restrictive regex ($args_var_x:..$)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla$";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?aablaa=1999
|
|
--- error_code: 412
|
|
=== RXWL TEST 1.5: simple begin-restrictive regex ($args_var_x:^..)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^bla";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?blaa=1999
|
|
--- error_code: 200
|
|
=== RXWL TEST 1.6: simple begin-restrictive regex ($args_var_x:^..)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^bla";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?blaa=1999
|
|
--- error_code: 200
|
|
=== RXWL TEST 1.7: simple begin-restrictive regex ($args_var_x:^..)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^bla";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?ablaa=1999
|
|
--- error_code: 412
|
|
=== RXWL TEST 1.8: simple full-restrictive regex ($args_var_x:^..$)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^bla$";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?abla=1999
|
|
--- error_code: 412
|
|
=== RXWL TEST 1.9: simple full-restrictive regex ($args_var_x:^..$)
|
|
--- user_files
|
|
>>> buixor
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^bla$";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /buixor?bla=1999
|
|
--- error_code: 200
|
|
|
|
=== RXWL TEST 2.0: simple wide regex ($args_var|$url)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla|$URL_X:/foo";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /foo?bla=1999
|
|
--- error_code: 200
|
|
|
|
=== RXWL TEST 2.1: simple wide regex ($args_var|$url)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:bla|$URL_X:/foo";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /foz?bla=1999
|
|
--- error_code: 412
|
|
=== RXWL TEST 2.2: simple half-restrictive regex ($args_var|$url)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^bla$|$URL_X:/foo";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /foo?blaz=1999
|
|
--- error_code: 412
|
|
=== RXWL TEST 3.0: simple wide regex (url|args|name)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$URL_X:/foo|ARGS|NAME";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /foo?19991999=foo
|
|
--- error_code: 200
|
|
|
|
=== RXWL TEST 3.1: simple wide regex (url|args|name)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$URL_X:/foo|ARGS|NAME";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /foo?foo=1999
|
|
--- error_code: 412
|
|
|
|
=== RXWL TEST 4.0: simple restrictive+complex regex ($URL_X|URL)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS|URL" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$URL_X:^/foo_[0-9]+_$|URL";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /foo_1999_?x=x
|
|
--- error_code: 404
|
|
=== RXWL TEST 4.1: simple restrictive+complex regex ($ARGS_VAR_X|NAME)
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS|URL" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^foo_[0-9]+_$|NAME";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /?foo_1999_inject=x
|
|
--- error_code: 412
|
|
=== RXWL TEST 5.0: file ext ($URL|NAME) XXX
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:1999" "msg:foobar test pattern #1" "mz:ARGS|URL" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^foo_[0-9]+_$|NAME";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /?foo_1999_inject=x
|
|
--- error_code: 412
|
|
|
|
=== RXWL TEST 6.0: case sensitiveness
|
|
--- user_files
|
|
>>> foo
|
|
eh yo
|
|
--- main_config
|
|
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
|
--- http_config
|
|
include /tmp/naxsi_ut/naxsi_core.rules;
|
|
MainRule "str:abcd" "msg:foobar test pattern #1" "mz:ARGS|URL" "s:$SQL:42" id:1999;
|
|
--- config
|
|
location / {
|
|
#LearningMode;
|
|
SecRulesEnabled;
|
|
DeniedUrl "/RequestDenied";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
root $TEST_NGINX_SERVROOT/html/;
|
|
index index.html index.htm;
|
|
BasicRule wl:1999 "mz:$ARGS_VAR_X:^foo_[0-9]+_$";
|
|
}
|
|
location /RequestDenied {
|
|
return 412;
|
|
}
|
|
--- request
|
|
GET /?foo_1999_=ABCD
|
|
--- error_code: 200
|