diff --git a/src/transaction.cc b/src/transaction.cc index 693bed6b90..b4e668c3e1 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1327,7 +1327,12 @@ bool Transaction::intervention(ModSecurityIntervention *it) { it->url = strdup(m_it.url); } it->disruptive = m_it.disruptive; - it->status = m_it.status; + if (getRuleEngineState() != RulesProperties::DetectionOnlyRuleEngine) { + it->status = m_it.status; + } + else { + it->status = 200; + } if (m_it.log != NULL) { std::string log(""); diff --git a/test/test-cases/regression/issue-1960.json b/test/test-cases/regression/issue-1960.json new file mode 100644 index 0000000000..1fd4db0f8c --- /dev/null +++ b/test/test-cases/regression/issue-1960.json @@ -0,0 +1,120 @@ +[ + { + "enabled":1, + "version_min":300000, + "title":"Testing setvar :: SecRuleEngine DetectionOnly test", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host": "localhost" + }, + "uri":"/?a=exec(/bin/bash);", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code":200 + }, + "rules":[ + "SecRuleEngine DetectionOnly", + "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"", + "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"", + "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing setvar :: SecRuleEngine DetectionOnly against test", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host": "localhost" + }, + "uri":"/?a=exec(/bin/bash);", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code":403 + }, + "rules":[ + "SecRuleEngine on", + "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"", + "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"", + "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing setvar :: SecRuleEngine off test", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host": "localhost" + }, + "uri":"/?a=exec(/bin/bash);", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code":200 + }, + "rules":[ + "SecRuleEngine off", + "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"", + "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"", + "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\"" + ] + } +] + diff --git a/test/test-cases/regression/secruleengine.json b/test/test-cases/regression/secruleengine.json index 7ecf2caa79..da69a914e9 100644 --- a/test/test-cases/regression/secruleengine.json +++ b/test/test-cases/regression/secruleengine.json @@ -34,7 +34,7 @@ "version_min":300000, "title":"Testing Disruptive actions (3/n)", "expected":{ - "http_code":404 + "http_code":200 }, "rules":[ "SecRuleEngine On",