4141 server_name localhost;
4242
4343 modsecurity on;
44+ client_header_buffer_size 1024;
4445
4546 location /bodyaccess {
4647 modsecurity_rules '
@@ -82,14 +83,28 @@ http {
8283 ';
8384 proxy_pass http://127.0.0.1:8081;
8485 }
86+
87+ location = /auth {
88+ return 200;
89+ }
90+
91+ location = /useauth {
92+ modsecurity on;
93+ modsecurity_rules '
94+ SecRuleEngine On
95+ SecRequestBodyAccess On
96+ ';
97+ auth_request /auth;
98+ proxy_pass http://127.0.0.1:8081;
99+ }
85100 }
86101}
87102EOF
88103
89104$t -> run_daemon(\&http_daemon);
90105$t -> run()-> waitforsocket(' 127.0.0.1:'
91106
92- $t -> plan(32 );
107+ $t -> plan(36 );
93108
94109# ##############################################################################
95110
@@ -104,6 +119,31 @@ like(http_req_body($method, '/bodylimitprocesspartial', 'BODY' x 32 . 'BAD BODY'
104119like(http_req_body($method , ' /bodylimitprocesspartial' ' BODY' x 30 . ' BAD BODY' x 32 ), qr // " $method request body limit process partial, block"
105120}
106121
122+ like(http_req_body(' POST' ' /useauth' ' BODY' x 16 ), qr // " POST with auth_request (request size < client_header_buffer_size)"
123+ like(http_req_body(' POST' ' /useauth' ' BODY' x 257 ), qr // " POST with auth_request (request size > client_header_buffer_size)"
124+
125+ like(
126+ http(
127+ ' POST /useauth HTTP/1.0'
128+ . ' Content-Length: 1028'
129+ . ' BODY' x 256 ,
130+ sleep => 0.1,
131+ body => ' BODY'
132+ ),
133+ qr //
134+ ' POST with auth_request (request size > client_header_buffer_size), no preread'
135+ );
136+
137+ like(
138+ http(
139+ ' POST /useauth HTTP/1.0'
140+ . ' Content-Length: 64'
141+ . ' BODY' x 16
142+ ),
143+ qr //
144+ ' POST with auth_request (request size < client_header_buffer_size), no preread'
145+ );
146+
107147# ##############################################################################
108148
109149sub http_daemon {
0 commit comments