What does the audit and/or debug log say?
Ryan C. Barnett
Director of Application Security Research
Breach Security, Inc.
I've been working with mod_security and it's been running fine except when dealing with soap and specifically wsdl. If I'm just using soap, I don't have an issue, but if wsdl is used, I get 401 Unauthorized errors.
mod_security's logs all report rules that either "pass" or "SkipAfter" and nothing that appears to outright reject anything. I've been banging on this for hours and I just can't figure out how to get the wsdl through mod_security.
Does mod_security have issues with wsdl? Does it mangle part of the request? I would think it wouldn't alter a request at all. It would either let it pass, or discard it.
I've had these issues with using a URL in a browser window and also with Ruby's SOAP4R soap library.