name: poc-yaml-h2-database-web-console-unauthorized-access rules: - method: GET path: /h2-console follow_redirects: true expression: > response.status == 200 && response.body.bcontains(b"Welcome to H2") search: | location.href = '(?P<token>.+?)' ...