V3/issue 1960

src/transaction.cc

@@ -1327,7 +1327,12 @@ bool Transaction::intervention(ModSecurityIntervention *it) {
             it->url = strdup(m_it.url);
         }
         it->disruptive = m_it.disruptive;
-        it->status = m_it.status;
+        if (getRuleEngineState() != RulesProperties::DetectionOnlyRuleEngine) {
+            it->status = m_it.status;
+        }
+        else {
+            it->status = 200;
+        }
 
         if (m_it.log != NULL) {
             std::string log("");

test/test-cases/regression/issue-1960.json

@@ -0,0 +1,120 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setvar :: SecRuleEngine DetectionOnly test",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"/?a=exec(/bin/bash);",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine DetectionOnly",
+      "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"",
+      "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
+      "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setvar :: SecRuleEngine DetectionOnly against test",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"/?a=exec(/bin/bash);",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":403
+    },
+    "rules":[
+      "SecRuleEngine on",
+      "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"",
+      "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
+      "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setvar :: SecRuleEngine off test",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host": "localhost"
+      },
+      "uri":"/?a=exec(/bin/bash);",
+      "method":"GET"
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine off",
+      "SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"",
+      "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
+      "SecRule ARGS \"@rx exec(?:\\s|)\\(\" \"id:1,phase:1,log,t:none,t:lowercase,t:cmdLine,block,msg:'PHP exec function call'\""
+    ]
+  }
+]
+

test/test-cases/regression/secruleengine.json

@@ -34,7 +34,7 @@
     "version_min":300000,
     "title":"Testing Disruptive actions (3/n)",
     "expected":{
-      "http_code":404
+      "http_code":200
     },
     "rules":[
       "SecRuleEngine On",