What does the audit and/or debug log say?

Ryan C. Barnett
Director of Application Security Research
Breach Security, Inc.
Ryan.Barnett@Breach.com <blocked::mailto:Ryan.Barnett@Breach.com>
www.Breach.com <http://www.breach.com/>

From: David Brown
To: mod-security-users@lists.sourceforge.net
Sent: Fri Jun 26 12:53:19 2009
Subject: [mod-security-users] mod_security WSDL issue?


I've been working with mod_security and it's been running fine except when dealing with soap and specifically wsdl.  If I'm just using soap, I don't have an issue, but if wsdl is used, I get 401 Unauthorized errors.   

mod_security's logs all report rules that either "pass" or "SkipAfter" and nothing that appears to outright reject anything.   I've been banging on this for hours and I just can't figure out how to get the wsdl through mod_security.

Does mod_security have issues with wsdl?  Does it mangle part of the request?  I would think it wouldn't alter a request at all.  It would either let it pass, or discard it.

I've had these issues with using a URL in a browser window and also with Ruby's SOAP4R soap library.