diff options
author | Stig Palmquist <stig@stig.io> | 2022-02-15 00:10:37 +0100 |
---|---|---|
committer | Stig Palmquist <stig@stig.io> | 2022-02-23 08:54:52 +0100 |
commit | 21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925 (patch) | |
tree | 6ced63827fa3d62eee2935f90b9b3be764af3c04 /nixos/tests/nginx-modsecurity.nix | |
parent | c8fce94f429a8638c8147ccef07cf89f15c8e29a (diff) | |
download | nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.tar nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.tar.gz nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.tar.bz2 nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.tar.lz nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.tar.xz nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.tar.zst nixpkgs-21f5ce0bd9a1503fc41f09bcbfb4770ab37c3925.zip |
nixos/tests/nginx-modsecurity: init
Diffstat (limited to 'nixos/tests/nginx-modsecurity.nix')
-rw-r--r-- | nixos/tests/nginx-modsecurity.nix | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/nixos/tests/nginx-modsecurity.nix b/nixos/tests/nginx-modsecurity.nix new file mode 100644 index 00000000000..8c53c0196d4 --- /dev/null +++ b/nixos/tests/nginx-modsecurity.nix @@ -0,0 +1,39 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "nginx-modsecurity"; + + machine = { config, lib, pkgs, ... }: { + services.nginx = { + enable = true; + additionalModules = [ pkgs.nginxModules.modsecurity-nginx ]; + virtualHosts.localhost = + let modsecurity_conf = pkgs.writeText "modsecurity.conf" '' + SecRuleEngine On + SecDefaultAction "phase:1,log,auditlog,deny,status:403" + SecDefaultAction "phase:2,log,auditlog,deny,status:403" + SecRule REQUEST_METHOD "HEAD" "id:100, phase:1, block" + SecRule REQUEST_FILENAME "secret.html" "id:101, phase:2, block" + ''; + testroot = pkgs.runCommand "testroot" {} '' + mkdir -p $out + echo "<html><body>Hello World!</body></html>" > $out/index.html + echo "s3cret" > $out/secret.html + ''; + in { + root = testroot; + extraConfig = '' + modsecurity on; + modsecurity_rules_file ${modsecurity_conf}; + ''; + }; + }; + }; + testScript = '' + machine.wait_for_unit("nginx") + + response = machine.wait_until_succeeds("curl -fvvv -s http://127.0.0.1/") + assert "Hello World!" in response + + machine.fail("curl -fvvv -X HEAD -s http://127.0.0.1/") + machine.fail("curl -fvvv -s http://127.0.0.1/secret.html") + ''; +}) |