Tests: fix block action to match expected behavior

defanator · zimmerle · commit b9d7d272a3c0 · 2016-12-02T15:54:01.000-03:00
diff --git a/tests/modsecurity-proxy.t b/tests/modsecurity-proxy.t
@@ -47,6 +47,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:1,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:1,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:1,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:1,status:401,block"
@@ -59,6 +60,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:2,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:2,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:2,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:2,status:401,block"
@@ -71,6 +73,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:3,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:3,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:3,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:3,status:401,block"
@@ -83,6 +86,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:4,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:4,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:4,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:4,status:401,block"
@@ -122,15 +126,15 @@ is(http_get('/phase4?what=redirect301'), '', 'redirect 301 - phase 4');
 
 # Block (401)
 like(http_get('/phase1?what=block401'), qr/401 Unauthorized/, 'block 401 - phase 1');
-like(http_get('/phase2?what=block401'), qr/401 Unauthorized/, 'block 401 -  phase 2');
-like(http_get('/phase3?what=block401'), qr/401 Unauthorized/, 'block 401 -  phase 3');
-is(http_get('/phase4?what=block401'), '', 'block 401 -  phase 4');
+like(http_get('/phase2?what=block401'), qr/401 Unauthorized/, 'block 401 - phase 2');
+like(http_get('/phase3?what=block401'), qr/401 Unauthorized/, 'block 401 - phase 3');
+is(http_get('/phase4?what=block401'), '', 'block 401 - phase 4');
 
 # Block (403)
 like(http_get('/phase1?what=block403'), qr/403 Forbidden/, 'block 403 - phase 1');
-like(http_get('/phase2?what=block403'), qr/403 Forbidden/, 'block 403-  phase 2');
-like(http_get('/phase3?what=block403'), qr/403 Forbidden/, 'block 403 -  phase 3');
-is(http_get('/phase4?what=block403'), '', 'block 403 -  phase 4');
+like(http_get('/phase2?what=block403'), qr/403 Forbidden/, 'block 403 - phase 2');
+like(http_get('/phase3?what=block403'), qr/403 Forbidden/, 'block 403 - phase 3');
+is(http_get('/phase4?what=block403'), '', 'block 403 - phase 4');
 
 # Nothing to detect
 like(http_get('/phase1?what=nothing'), qr/phase1\?what=nothing\' not found/, 'nothing phase 1');
diff --git a/tests/modsecurity.t b/tests/modsecurity.t
@@ -64,6 +64,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:1,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:1,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:1,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:1,status:401,block"
@@ -74,6 +75,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:2,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:2,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:2,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:2,status:401,block"
@@ -84,6 +86,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:3,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:3,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:3,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:3,status:401,block"
@@ -94,6 +97,7 @@ http {
             modsecurity on;
             modsecurity_rules '
                 SecRuleEngine On
+                SecDefaultAction "phase:4,log,deny,status:403"
                 SecRule ARGS "@streq redirect301" "id:1,phase:4,status:301,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq redirect302" "id:2,phase:4,status:302,redirect:http://www.modsecurity.org"
                 SecRule ARGS "@streq block401" "id:3,phase:4,status:401,block"
@@ -129,15 +133,15 @@ is(http_get('/phase4?what=redirect301'), '', 'redirect 301 - phase 4');
 
 # Block (401)
 like(http_get('/phase1?what=block401'), qr/401 Unauthorized/, 'block 401 - phase 1');
-like(http_get('/phase2?what=block401'), qr/401 Unauthorized/, 'block 401 -  phase 2');
-like(http_get('/phase3?what=block401'), qr/401 Unauthorized/, 'block 401 -  phase 3');
-is(http_get('/phase4?what=block401'), '', 'block 401 -  phase 4');
+like(http_get('/phase2?what=block401'), qr/401 Unauthorized/, 'block 401 - phase 2');
+like(http_get('/phase3?what=block401'), qr/401 Unauthorized/, 'block 401 - phase 3');
+is(http_get('/phase4?what=block401'), '', 'block 401 - phase 4');
 
 # Block (403)
 like(http_get('/phase1?what=block403'), qr/403 Forbidden/, 'block 403 - phase 1');
-like(http_get('/phase2?what=block403'), qr/403 Forbidden/, 'block 403-  phase 2');
-like(http_get('/phase3?what=block403'), qr/403 Forbidden/, 'block 403 -  phase 3');
-is(http_get('/phase4?what=block403'), '', 'block 403 -  phase 4');
+like(http_get('/phase2?what=block403'), qr/403 Forbidden/, 'block 403 - phase 2');
+like(http_get('/phase3?what=block403'), qr/403 Forbidden/, 'block 403 - phase 3');
+is(http_get('/phase4?what=block403'), '', 'block 403 - phase 4');
 
 # Nothing to detect
 like(http_get('/phase1?what=nothing'), qr/should be moved\/blocked before this./, 'nothing phase 1');
