Add test

tomsommer · web-flow · commit e1d46118fb40 · 2025-09-22T19:07:37.000+02:00
diff --git a/tests/modsecurity-limits.t b/tests/modsecurity-limits.t
@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+
+# (C) Test for ModSecurity-nginx connector (limit_req ordering).
+
+###############################################################################
+
+use warnings;
+use strict;
+
+use Test::More;
+
+BEGIN { use FindBin; chdir($FindBin::Bin); }
+
+use lib 'lib';
+use Test::Nginx;
+
+###############################################################################
+
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+
+my $t = Test::Nginx->new()->has(qw/http/);
+
+$t->write_file_expand('nginx.conf', <<'EOF');
+
+%%TEST_GLOBALS%%
+
+daemon off;
+
+events {
+}
+
+http {
+    %%TEST_GLOBALS_HTTP%%
+
+    limit_req_zone $binary_remote_addr zone=limitzone:10m rate=2r/s;
+
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        modsecurity on;
+
+        location /limit {
+            limit_req zone=limitzone burst=2 nodelay;
+            modsecurity_rules '
+                SecRuleEngine On
+                SecRule REQUEST_URI "@rx .*" "id:1001,phase:1,log,deny,status:403,msg:\'Request reached ModSecurity\'"
+            ';
+        }
+    }
+}
+EOF
+
+$t->write_file("/limit", "limit test endpoint");
+$t->run();
+$t->plan(4);
+
+###############################################################################
+
+# First two requests should pass (200 OK), next two should be limited (429 Too Many Requests) and not reach ModSecurity
+my $uri = '/limit';
+
+my $res1 = http_get($uri);
+my $res2 = http_get($uri);
+my $res3 = http_get($uri);
+my $res4 = http_get($uri);
+
+like($res1, qr/limit test endpoint/, 'limitreq scoring 1 (pass)');
+like($res2, qr/limit test endpoint/, 'limitreq scoring 2 (pass)');
+like($res3, qr/^HTTP.*429/, 'limitreq scoring 3 (limited)');
+like($res4, qr/^HTTP.*429/, 'limitreq scoring 4 (limited)');
