ModSecurity rule chaining is not working (I'm using Coraza). For the following rules:
SecRule REQUEST_HEADERS:X-Forwarded-For "@ipMatch 3.4.5.6" "id:9,phase:1,chain"
SecRule REQUEST_HEADERS:Host "@eq bar.com" "id:10,phase:1,deny"
When I send the following request:
curl -v -H 'Host: bar.com' -H 'X-Forwarded-For: 3.4.5.6' localhost
The two rules match, but the action in the second rule is not applied and the request is not denied.
I verified the rules are matching by seeing the following in the log:
2023/11/06 19:33:20 [DEBUG] Evaluating operator: MATCH tx_id="bqZkxImuTflWlGYCGVG" rule_id=9 operator_function="@ipMatch" operator_data="3.4.5.6" arg="3.4.5.6"
2023/11/06 19:33:20 [DEBUG] Evaluating operator: MATCH tx_id="bqZkxImuTflWlGYCGVG" rule_id=10 operator_function="@eq" operator_data="bar.com" arg="bar.com"
The action has to be in the first rule that begins the chain:
SecRule REQUEST_HEADERS:X-Forwarded-For "@ipMatch 3.4.5.6" "id:9,phase:1,deny,chain"
SecRule REQUEST_HEADERS:Host "@eq bar.com" "id:10,phase:1"