@@ -119,4 +119,62 @@ SecRule REQBODY_ERROR \"!\@eq 0\" \
119119),
120120},
121121
122+ {
123+ type => " misc"
124+ comment => " fuzzy hash with FILES_TMP_CONTENT"
125+ conf => qq(
126+ SecRuleEngine On
127+ SecDebugLog$ ENV {DEBUG_LOG}
128+ SecDebugLogLevel9
129+ SecRequestBodyAccess On
130+ SecUploadKeepFiles On
131+
132+ SecRule FILES_TMP_CONTENT" \@fuzzyHash$ ENV{ CONF_DIR} /ssdeep.txt 1" " id:192372,log,deny"
133+ ),
134+ match_log => {
135+ debug => [ qr/ operator \" fuzzyHash\" with param\" .*ssdeep.txt 1\" against FILES_TMP_CONTENT:image1/s, 1 ],
136+ },
137+ match_response =>{
138+ status => qr/^ 200 $/ ,
139+ } ,
140+ request => new HTTP::Request(
141+ POST =>" http: // $ ENV {SERVER_NAME}: $ ENV {SERVER_PORT}/ test. txt" ,
142+ [
143+ " " => q(multipart/form-data; boundary=0000),
144+ ],
145+ normalize_raw_request_data(
146+ q(
147+ --0000
148+ Content-Disposition: form-data; name=" name "
149+
150+ Brian Rectanus
151+ --0000
152+ Content-Disposition: form-data; name=" email"
153+
154+ brian.rectanus@ breach
155+ --0000
156+ Content-Disposition: form-data; name=" image1" ; filename=" . jpg"
157+ Content-Type: image/jpeg
158+
159+ BINARYDATA1
160+ --0000
161+ Content-Disposition: form-data; name=" image2" ; filename=" . jpg"
162+ Content-Type: image/jpeg
163+
164+ BINARYDATA2
165+ --0000
166+ Content-Disposition: form-data; name=" image3" ; filename=" . jpg"
167+ Content-Type: image/jpeg
168+
169+ BINARYDATA3
170+ --0000
171+ Content-Disposition: form-data; name=" test"
172+
173+ This is test data.
174+ --0000--
175+ ),
176+ ),
177+ ),
178+ },
179+
122180
