diff --git a/CHANGES b/CHANGES index cd139638e6..c3bc7fcc24 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ v3.0.3 - YYYY-MMM-DD (to be released) ------------------------------------- + - Checks if response body inspection is enabled before process it + [Issue #1643 - @zoltan-fedor, @dennus, @defanator, @zimmerle] - processContentOffset Cleanup [Issue #1757 - @p0pr0ck5] - Fix setvar parsing of quoted data diff --git a/src/transaction.cc b/src/transaction.cc index 98714a6a05..d1f9352675 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1093,6 +1093,13 @@ int Transaction::processResponseBody() { return true; } + if (m_rules->m_secResponseBodyAccess != RulesProperties::TrueConfigBoolean) { +#ifndef NO_LOGS + debug(4, "Response body is disabled, returning... " + std::to_string(m_rules->m_secResponseBodyAccess)); +#endif + return true; + } + std::set &bi = \ m_rules->m_responseBodyTypeToBeInspected.m_value; auto t = bi.find(m_variableResponseContentType.m_value); diff --git a/test/test-cases/regression/actions.json b/test/test-cases/regression/actions.json index 2baea223c9..2c07d3ca3d 100644 --- a/test/test-cases/regression/actions.json +++ b/test/test-cases/regression/actions.json @@ -55,6 +55,7 @@ }, "rules": [ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecRule ARGS \"@contains test\" \"id:1,t:trim,deny\"" ] }, @@ -352,6 +353,7 @@ }, "rules": [ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecRule ARGS \"@contains test\" \"id:1,phase:4,t:trim,status:500,deny\"" ] } diff --git a/test/test-cases/regression/config-calling_phases_by_name.json b/test/test-cases/regression/config-calling_phases_by_name.json index 56f10b9042..39bd6f46d2 100644 --- a/test/test-cases/regression/config-calling_phases_by_name.json +++ b/test/test-cases/regression/config-calling_phases_by_name.json @@ -77,6 +77,7 @@ "SecRuleEngine On", "SecRule ARGS:key \"@contains other_value\" \"chain,pass,phase:response,id:28\"", "SecRule MATCHED_VAR \"@contains Aasdf\" \"\"", + "SecResponseBodyAccess On", "SecRule MATCHED_VAR \"@contains other_value\" \"id:29,phase:response,pass\"", "SecRule MATCHED_VAR \"@contains other_value\" \"id:30,phase:response,pass\"" ] diff --git a/test/test-cases/regression/config-response_type.json b/test/test-cases/regression/config-response_type.json index 752e62e94e..621ab38a20 100644 --- a/test/test-cases/regression/config-response_type.json +++ b/test/test-cases/regression/config-response_type.json @@ -35,6 +35,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecResponseBodyMimeType text\/plain text\/html text\/xml", "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\"" ] @@ -75,6 +76,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecResponseBodyMimeType application\/something", "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\"" ] @@ -115,6 +117,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecResponseBodyMimeType text\/plain text\/tml text\/xml", "SecResponseBodyMimeTypesClear", "SecRule RESPONSE_BODY \"@contains RESPONSE_CONTENT_TYPE\" \"id:9,pass,t:trim,phase:4\"" diff --git a/test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json b/test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json index 6b06c5ddc8..93651239e7 100644 --- a/test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json +++ b/test/test-cases/regression/variable-OUTBOUND_DATA_ERROR.json @@ -35,6 +35,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecRule OUTBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:4,pass,t:trim\"" ] }, @@ -108,6 +109,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecResponseBodyLimit 2", "SecRule OUTBOUND_DATA_ERROR \"@eq 1\" \"id:1,phase:4,pass,t:trim\"" ] diff --git a/test/test-cases/regression/variable-RESPONSE_BODY.json b/test/test-cases/regression/variable-RESPONSE_BODY.json index 8857e09009..6dac3ce758 100644 --- a/test/test-cases/regression/variable-RESPONSE_BODY.json +++ b/test/test-cases/regression/variable-RESPONSE_BODY.json @@ -28,6 +28,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecRule RESPONSE_BODY \"@contains denystring\" \"id:1,phase:4,deny\"" ] } diff --git a/test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json b/test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json index ce6b54f679..f71bc707c7 100644 --- a/test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json +++ b/test/test-cases/regression/variable-RESPONSE_CONTENT_LENGTH.json @@ -36,6 +36,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecRule RESPONSE_CONTENT_LENGTH \"@contains test \" \"id:1,phase:4,pass,t:trim\"" ] } diff --git a/test/test-cases/regression/variable-TX.json b/test/test-cases/regression/variable-TX.json index e181393bdb..0cd45381b4 100644 --- a/test/test-cases/regression/variable-TX.json +++ b/test/test-cases/regression/variable-TX.json @@ -37,6 +37,7 @@ }, "rules":[ "SecRuleEngine On", + "SecResponseBodyAccess On", "SecRequestBodyAccess On", "SecRule RESPONSE_BODY \"@rx ([0-9]+)\" \"id:1,phase:4,capture,id:105\"", "SecRule TX \"@rx ([A-z]+)\" \"phase:4,id:106\""