Add separated config for internal redirect tests

airween · airween · commit 7f6782099a26 · 2025-02-05T17:35:11.000+01:00
diff --git a/.github/nginx/docs/403.html b/.github/nginx/docs/403.html
@@ -0,0 +1,10 @@
+<html>
+<head>
+<title>403</title>
+</head>
+
+<body>
+Forbidden 403 - custom error page.
+</body>
+</html>
+
diff --git a/.github/nginx/nginx.conf.redir b/.github/nginx/nginx.conf.redir
@@ -0,0 +1,90 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+worker_cpu_affinity auto;
+
+#working_directory /tmp/cores/;
+worker_rlimit_core 2000M;
+debug_points abort;
+
+#load_module /usr/local/nginx/modules/ngx_http_modsecurity_module.so;
+
+events {
+    worker_connections 768;
+#    multi_accept on;
+#    use epoll;
+}
+
+worker_rlimit_nofile 33268;
+
+#daemon off;
+#master_process off;
+
+http {
+
+    ##
+    # Basic Settings
+    ##
+
+    types_hash_max_size 2048;
+
+    server_names_hash_bucket_size 64;
+
+    include mime.types;
+    default_type application/octet-stream;
+
+    ##
+    # Logging Settings
+    ##
+
+    #access_log /dev/stdout;
+    #error_log /dev/stdout info;
+    access_log /usr/local/nginx/logs/access.log;
+    error_log /usr/local/nginx/logs/error.log info;
+
+    server_tokens off;
+
+    proxy_hide_header X-Powered-By;
+
+    modsecurity on;
+
+    server {
+        listen          80;
+        server_name     modsectest1;
+
+        modsecurity on;
+        modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/modsecurity.conf;
+        root  /usr/local/nginx/html/;
+
+        error_page 403 /403.html;
+
+        location /403.html {
+            internal;
+        }
+
+        location / {
+            try_files $uri /index.html;
+        }
+    }
+
+    server {
+        listen          80;
+        server_name     modsectest2;
+
+        modsecurity on;
+        modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/modsecurity.conf;
+        root /usr/local/nginx/html/;
+
+        error_page 403 /403.html;
+
+        location /403.html {
+            internal;
+        }
+
+        location / {
+            try_files $uri /index.html;
+        }
+    }
+
+}
+
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -142,6 +142,79 @@ jobs:
             echo "FAIL"
             exit 1
           fi
+      - name: Start Nginx with redir
+        run: |
+          sudo killall nginx
+          sudo /usr/local/nginx/sbin/nginx -c /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/nginx.conf.redir
+      - name: Run attack test vhost 1
+        run: |
+          status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest1" "http://localhost/?q=attack")
+          if [ "${status}" == "403" ]; then
+            echo "OK"
+          else
+            echo "FAIL"
+            exit 1
+          fi
+      - name: Run non-attack test vhost 1 (redir config)
+        run: |
+          status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest1" "http://localhost/?q=1")
+          if [ "${status}" == "200" ]; then
+            echo "OK"
+          else
+            echo "FAIL"
+            exit 1
+          fi
+      - name: Run attack test vhost 2 (redir config)
+        run: |
+          status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest2" "http://localhost/?q=attack")
+          if [ "${status}" == "403" ]; then
+            echo "OK"
+          else
+            echo "FAIL"
+            exit 1
+          fi
+      - name: Run non-attack test vhost 2 (redir config)
+        run: |
+          status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest2" "http://localhost/?q=1")
+          if [ "${status}" == "200" ]; then
+            echo "OK"
+          else
+            echo "FAIL"
+            exit 1
+          fi
+      - name: Run file consistency check 1 (redir config)
+        run: |
+          curl -sS "http://localhost/data50k.json" --output data50k.json
+          if [ -f data50k.json ]; then
+            diff data50k.json /usr/local/nginx/html/data50k.json > /dev/null
+            if [ $? -eq 0 ]; then
+                ls -l data50k.json /usr/local/nginx/html/data50k.json
+                echo "OK"
+            else
+                echo "FAIL"
+                exit 2
+            fi
+          else
+            echo "FAIL"
+            exit 1
+          fi
+      - name: Run file consistency check 2 (redir config)
+        run: |
+          curl -sS "http://localhost/plugged.png" --output plugged.png
+          if [ -f plugged.png ]; then
+            diff plugged.png /usr/local/nginx/html/plugged.png > /dev/null
+            if [ $? -eq 0 ]; then
+                ls -l plugged.png /usr/local/nginx/html/plugged.png
+                echo "OK"
+            else
+                echo "FAIL"
+                exit 2
+            fi
+          else
+            echo "FAIL"
+            exit 1
+          fi
+
 
 
   build-windows:

-Original file line number
+Diff line change
@@ @@ -0,0 +1,10 @@ @@
 +<html>
 +<head>
 +<title>403</title>
 +</head>
++
 +<body>
 +Forbidden 403 - custom error page.
 +</body>
 +</html>
++