HEX
Server: Apache
System: Linux dinesh8189 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: cgmgerenciamento1 (814285)
PHP: 8.1.26
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /usr/local/modsecurity-crs/tests/regression/
Upload Files
File: //usr/local/modsecurity-crs/tests/regression/nginx-overrides.yaml
version: "v0.0.0"
meta:
  engine: "libmodsecurity3"
  platform: "nginx"
  annotations:
    - os: "Debian Bullseye"
    - purpose: "CRS test suite"
test_overrides:
  - rule_id: 920100
    test_ids: [4]
    reason: "Nginx returns a 400 bad request"
    output:
      status: 400
  - rule_id: 920100
    test_ids: [8]
    reason: |
      On Apache is not allowed to put a colon in the path.
      Nginx, on the other hand, allows it, in this case, returns a 200. /index.html:80?I=Like&Apples=Today#tag.
      Note that the colon is a legal character in a regular path segment, according to the RFC.
    output:
      status: 200
      log:
        no_expect_ids: [920100]
  - rule_id: 920100
    test_ids: [14]
    reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules."
    output:
      status: 400
  - rule_id: 920100
    test_ids: [16]
    reason: "Seems like Nginx does a normalization of the request line, and if <schema>://<hostname> is sent (without a path) the request path becomes / by default"
    output:
      log:
        no_expect_ids: [920100]
  - rule_id: 920181
    test_ids: [1]
    reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present"
    output:
      status: 400
  - rule_id: 920270
    test_ids: [4]
    reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule"
    output:
      status: 200
      log:
        expect_ids: [920270]
  - rule_id: 920274
    test_ids: [1]
    reason: "Nginx will accept the value for the Host header, the rule should trigger"
    output:
      status: 200
      log:
        expect_ids: [920274]
  - rule_id: 920290
    test_ids: [4]
    reason: "Nginx returns 400 if Host header is missing"
    output:
      status: 400
  - rule_id: 920360
    test_ids: [1]
    reason: Requires ARG_NAME_LENGTH to be set to an appropriately low value
    output:
      status: 200
      log:
        no_expect_ids: [920360]
  - rule_id: 920380
    test_ids: [1]
    reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value
    output:
      status: 200
      log:
        no_expect_ids: [920280]
  - rule_id: 920430
    test_ids: [8]
    reason: "If the HTTP Protocol Version is invalid, Nginx take action before modsecurity sending a 505 response code."
    output:
      status: 505
  - rule_id: 920610
    test_ids: [2]
    reason: "nginx happily accepts fragments"
    output:
      status: 200
      log:
        expect_ids: [920610]
  - rule_id: 920620
    test_ids: [1]
    reason: "nginx retains multiple separate Content-Type headers, which is what this rule is looking for"
    output:
     log:
      expect_ids: [920620]
  - rule_id: 933110
    test_ids: [3, 13, 14, 20, 21, 22, 24, 25, 26, 27]
    reason: "Nginx ignore by default request header with invalid characters (like X_Filename)"
    output:
      log:
        no_expect_ids: [9331110]
  - rule_id: 934131
    test_ids: [5]
    reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376"
    output:
      expect_error: true
  - rule_id: 934131
    test_ids: [7]
    reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376"
    output:
      expect_error: true
  - rule_id: 942131
    test_ids: [3, 5, 7]
    reason: "v3 log bug, the first part of the chain always produces a log"
    output:
      log:
        expect_ids: [942131]
  - rule_id: 944100
    test_ids: [11, 12, 15, 16]
    reason: "`REQUEST_BODY` is always present, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this"
    output:
      log:
        expect_ids: [944100]
  - rule_id: 944110
    test_ids: [11, 12, 15, 16]
    reason: "`REQUEST_BODY` is always present, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this"
    output:
      log:
        expect_ids: [944110]
  - rule_id: 944120
    test_ids: [6, 7, 23, 24, 40, 41, 57, 58, 74, 75, 91, 92, 108, 109, 125, 126]
    reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this"
    output:
      log:
        expect_ids: [944120]
  - rule_id: 944140
    test_ids: [3, 8]
    reason: "The header name `X_Filename` is considered invalid and is removed by nginx"
    output:
      status: 200
      log:
        no_expect_ids: [944140]
  - rule_id: 944210
    test_ids: [6, 7, 23, 24, 40, 41]
    reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this"
    output:
      log:
        expect_ids: [944210]
  - rule_id: 980170
    test_ids: [1, 2]
    reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170"
    output:
      log:
        no_expect_ids: [980170]
@ Telegram