|
489 | 489 | 1024 |
490 | 490 | ), |
491 | 491 | }, |
| 492 | +{ |
| 493 | +type=>"config", |
| 494 | +comment=>"SecRequestBodyLimitAction Reject (multipart/greater - chunked)", |
| 495 | +conf=> qq( |
| 496 | +SecRuleEngine On |
| 497 | +SecDebugLog$ENV{DEBUG_LOG} |
| 498 | +SecDebugLogLevel9 |
| 499 | +SecRequestBodyAccess On |
| 500 | +SecRequestBodyLimitAction Reject |
| 501 | +SecRequestBodyLimit20 |
| 502 | +), |
| 503 | +match_log=> { |
| 504 | +debug=> [ qr/Requestbodyis larger than the configured limit \(20\).. Denywith code \(413\)/,1 ], |
| 505 | +}, |
| 506 | +match_response=> { |
| 507 | +status=> qr/^413$/, |
| 508 | +}, |
| 509 | +request=> normalize_raw_request_data( |
| 510 | +qq( |
| 511 | +POST/test.txt HTTP/1.1 |
| 512 | +Host:$ENV{SERVER_NAME}:$ENV{SERVER_PORT} |
| 513 | +User-Agent:$ENV{USER_AGENT} |
| 514 | +Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646 |
| 515 | +Transfer-Encoding: chunked |
| 516 | + |
| 517 | +), |
| 518 | +) |
| 519 | +.encode_chunked( |
| 520 | +normalize_raw_request_data( |
| 521 | +q( |
| 522 | +-----------------------------69343412719991675451336310646 |
| 523 | +Content-Disposition: form-data;name="a" |
| 524 | + |
| 525 | +1 |
| 526 | +-----------------------------69343412719991675451336310646 |
| 527 | +Content-Disposition: form-data;name="b" |
| 528 | + |
| 529 | +2 |
| 530 | +-----------------------------69343412719991675451336310646-- |
| 531 | +) |
| 532 | +), |
| 533 | +1024 |
| 534 | +), |
| 535 | +}, |
| 536 | +{ |
| 537 | +type=>"config", |
| 538 | +comment=>"SecRequestBodyLimitAction Reject (plain/greater)", |
| 539 | +conf=> qq( |
| 540 | +SecRuleEngine On |
| 541 | +SecDebugLog$ENV{DEBUG_LOG} |
| 542 | +SecDebugLogLevel9 |
| 543 | +SecRequestBodyAccess On |
| 544 | +SecRequestBodyLimitAction Reject |
| 545 | +SecRequestBodyLimit131072 |
| 546 | +), |
| 547 | +match_log=> { |
| 548 | +-debug=> [ qr/Requestbodyis larger than the configured limit \(131072\).. Denywith code \(413\)/,1 ], |
| 549 | +}, |
| 550 | +match_response=> { |
| 551 | +status=> qr/^413$/, |
| 552 | +}, |
| 553 | +request=>new HTTP::Request( |
| 554 | +POST=>"http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", |
| 555 | +[ |
| 556 | +"Content-Type"=>"application/json", |
| 557 | +], |
| 558 | +normalize_raw_request_data( |
| 559 | +q( |
| 560 | +{ |
| 561 | +)."'abcdefghijlmnopq'='abcdefghijlmnopqrstuvxz',\\n"x99000. q( |
| 562 | +}, |
| 563 | +), |
| 564 | +), |
| 565 | +), |
| 566 | +}, |
| 567 | + |
| 568 | + |
| 569 | +{ |
| 570 | +type=>"config", |
| 571 | +comment=>"SecRequestBodyLimitAction ProcessPartial (multipart/greater - chunked)", |
| 572 | +conf=> qq( |
| 573 | +SecRuleEngine On |
| 574 | +SecDebugLog$ENV{DEBUG_LOG} |
| 575 | +SecDebugLogLevel9 |
| 576 | +SecRequestBodyAccess On |
| 577 | +SecRequestBodyLimitAction ProcessPartial |
| 578 | +SecRequestBodyLimit131072 |
| 579 | +), |
| 580 | +match_log=> { |
| 581 | +-debug=> [ qr/Requestbodyis larger than the configured limit/,1], |
| 582 | +}, |
| 583 | +match_response=> { |
| 584 | +status=> qr/^200$/, |
| 585 | +}, |
| 586 | +request=> normalize_raw_request_data( |
| 587 | +qq( |
| 588 | +POST/test.txt HTTP/1.1 |
| 589 | +Host:$ENV{SERVER_NAME}:$ENV{SERVER_PORT} |
| 590 | +User-Agent:$ENV{USER_AGENT} |
| 591 | +Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646 |
| 592 | +Transfer-Encoding: chunked |
| 593 | + |
| 594 | +), |
| 595 | +) |
| 596 | +.encode_chunked( |
| 597 | +normalize_raw_request_data( |
| 598 | +q( |
| 599 | +-----------------------------69343412719991675451336310646 |
| 600 | +Content-Disposition: form-data;name="a" |
| 601 | + |
| 602 | +1)."a"x131072. q( |
| 603 | +-----------------------------69343412719991675451336310646 |
| 604 | +Content-Disposition: form-data;name="b" |
| 605 | + |
| 606 | +2)."b"x131072. q( |
| 607 | +-----------------------------69343412719991675451336310646-- |
| 608 | +) |
| 609 | +), |
| 610 | +131072*3 |
| 611 | +), |
| 612 | +}, |
| 613 | +{ |
| 614 | +type=>"config", |
| 615 | +comment=>"SecRequestBodyLimitAction ProcessPartial (plain/greater)", |
| 616 | +conf=> qq( |
| 617 | +SecRuleEngine On |
| 618 | +SecDebugLog$ENV{DEBUG_LOG} |
| 619 | +SecDebugLogLevel9 |
| 620 | +SecRequestBodyAccess On |
| 621 | +SecRequestBodyLimitAction ProcessPartial |
| 622 | +SecRequestBodyLimit131072 |
| 623 | +), |
| 624 | +match_log=> { |
| 625 | +-debug=> [ qr/Requestbodyis larger than the configured limit/,1], |
| 626 | +}, |
| 627 | +match_response=> { |
| 628 | +status=> qr/^200$/, |
| 629 | +}, |
| 630 | +request=>new HTTP::Request( |
| 631 | +POST=>"http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt", |
| 632 | +[ |
| 633 | +"Content-Type"=>"application/json", |
| 634 | +], |
| 635 | +normalize_raw_request_data( |
| 636 | +q( |
| 637 | +{ |
| 638 | +)."'abcdefghijlmnopq'='abcdefghijlmnopqrstuvxz',\\n"x99000. q( |
| 639 | +}, |
| 640 | +), |
| 641 | +), |
| 642 | +), |
| 643 | +}, |
| 644 | + |
| 645 | + |
| 646 | + |
| 647 | + |
492 | 648 |
|
493 | 649 | # SecCookieFormat |
494 | 650 | { |
|
