Re: [mod-security-users] XML @validateSchema
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2008-08-15 23:28:57
|
Nick, I am adding some more debugging output for 2.5.7 that may help debug this. I can send you a preview patch if you want to try it out earlier. thanks, -B Nicola Bianchi wrote: > Hi Brian, > if I validate the XSD with lt-testSchemas all work fine and if I try to > validate "SoapSchema.xsd" I still have the error. > > thx, regards. > Nick > > On Fri, Aug 8, 2008 at 10:17 PM, Brian Rectanus > <Bri...@br... <mailto:Bri...@br...>> wrote: > > Nicola Bianchi wrote: > > Hello Ryan, > thank you for the fast response! > > Here an exctract from the debug log (debuglevel 9) ... and from > the audit log > > ####################################################################### > --e29c0168-A-- > [05/Aug/2008:14:42:49 +0200] SJhKyMIL0IwAABvskH8AAAAF > 192.168.19.31 <http://192.168.19.31> <http://192.168.19.31> > 58003 192.168.168.168 <http://192.168.168.168> > <http://192.168.168.168> 8443 > > --e29c0168-B-- > POST /CardService/services/CardServiceWSSOAPImpl HTTP/1.1 > Host: webservice.mysite.com:8443 > <http://webservice.mysite.com:8443> > <http://webservice.mysite.com:8443> > > Accept: application/soap+xml,multipart/related,text/* > User-Agent: IBM WebServices/1.0 > Cache-Control: no-cache > Pragma: no-cache > SOAPAction: "getBalance" > Connection: Keep-Alive > Content-Type: text/xml; charset=utf-8 > Content-Length: 1213 > Date: Tue, 05 Aug 2008 12:42:35 GMT > > --e29c0168-C-- > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" > xmlns:xsd="http://www.w3.org/2001/XMLSchema" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns:wsa="http://www.w3.org/2005/08/addressing"><soapenv:Header><wsse:Security > soapenv:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken><wsse:Username>00062205</wsse:Username><wsse:Password > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</wsse:Password></wsse:UsernameToken></wsse:Securit > > y><wsa:To>https://webservice.mysite.com:8443/CardService/services/CardServiceWSSOAPImpl</wsa:To><wsa:Action>getBalance</wsa:Action><wsa:MessageID>uuid:92E3EC1C-011B-4000-E000-09F0C0A8011B</wsa:MessageID > > ></soapenv:Header><soapenv:Body><p909:getBalance > xmlns:p909="http://service.card.mysite.com"><cardNumber>0000000000000</cardNumber><referenceRequest>TEST</referenceRequest><timestampRequest>20080805144200</timestampRequest></p909:getBalance></soapenv: > > Body></soapenv:Envelope> > --e29c0168-F-- > HTTP/1.1 200 OK > Content-Length: 1113 > Content-Type: text/xml; charset=utf-8 > Content-Language: en-US > Keep-Alive: timeout=5, max=100 > Connection: Keep-Alive > > --e29c0168-H-- > Message: Rule processing failed. > Apache-Handler: proxy-server > Stopwatch: 1217940168430349 707227 (1033* 39617 706648) > Producer: ModSecurity for Apache/2.5.5 > (http://www.modsecurity.org/); core ruleset/1.6.1. > <http://1.6.1.> <http://1.6.1.> > > Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8a > WebApp-Info: "webservice.mysite.com > <http://webservice.mysite.com> <http://webservice.mysite.com>" > "-" "-" > > > --e29c0168-K-- > SecRule "REQUEST_HEADERS:Content-Type" "@rx text/xml" > "phase:1,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,ctl:requestBodyProcessor=XML" > SecRule "REQUEST_METHOD" "@rx ^POST$" > "phase:2,status:400,t:lowercase,t:replaceNulls,t:compressWhitespace,chain,t:none,deny,log,auditlog,msg:'POST > request must have a Content-Length > header',id:960012,tag:PROTOCOL_VIOLATION/EVASION,severity:4" > SecRule "REQUEST_METHOD" "!@rx ^(?:get|head|propfind|options)$" > "phase:2,status:501,t:lowercase,t:replaceNulls,t:compressWhitespace,chain,t:none,t:lowercase,deny,log,auditlog,msg:'Request > content type is not allowed by > policy',id:960010,tag:POLICY/ENCODING_NOT_ALLOWED,severity:4" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:959009" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:959007" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:959904" > SecRule > "REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" > "@pm insert xp_enumdsn infile openrowset nvarchar > autonomous_transaction print data_type or outfile inner shutdown > tbcreator @@version xp_filelist sp_prepare sql_longvarchar > xp_regenumkeys xp_loginconfig xp_dirtree ifnull > sp_addextendedproc xp_regaddmultistring delete sp_sqlexec and > sp_oacreate sp_execute cast xp_ntsec xp_regdeletekey drop > varchar xp_execresultset having utl_file xp_regenumvalues > xp_terminate xp_availablemedia xp_regdeletevalue dumpfile isnull > sql_variant select 'sa' xp_regremovemultistring xp_makecab > 'msdasql' xp_cmdshell openquery sp_executesql 'sqloledb' > dbms_java 'dbo' utl_http sp_makewebtask benchmark xp_regread > xp_regwrite" > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,nolog,skip:1" > SecRule > "REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" > "@pm insert xp_enumdsn infile openrowset nvarchar > autonomous_transaction print data_type or outfile inner shutdown > tbcreator @@version xp_filelist sp_prepare sql_longvarchar > xp_regenumkeys xp_loginconfig xp_dirtree ifnull > sp_addextendedproc xp_regaddmultistring delete sp_sqlexec and > sp_oacreate sp_execute cast xp_ntsec xp_regdeletekey drop > varchar xp_execresultset having utl_file xp_regenumvalues > xp_terminate xp_availablemedia xp_regdeletevalue dumpfile isnull > sql_variant select 'sa' xp_regremovemultistring xp_makecab > 'msdasql' xp_cmdshell openquery sp_executesql 'sqloledb' > dbms_java 'dbo' utl_http sp_makewebtask benchmark xp_regread > xp_regwrite" > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,nolog,skip:1" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:959906" > SecRule > "REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" > "@pm jscript onsubmit copyparentfolder javascript meta onmove > onkeydown onchange onkeyup activexobject expression onmouseup > ecmascript onmouseover vbscript: <![cdata[ http: settimeout > onabort shell: .innerhtml onmousedown onkeypress asfunction: > onclick .fromcharcode background-image: .cookie ondragdrop > onblur x-javascript mocha: onfocus javascript: getparentfolder > lowsrc onresize @import alert onselect script onmouseout > onmousemove background application .execscript livescript: > getspecialfolder vbscript iframe .addimport onunload > createtextrange onload <input" > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,nolog,skip:1" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:959005" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:950006" > SecRule > "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES" > "@pm uname wguest.exe /perl /nasm rcmd.exe nc tclsh /xterm > finger tftp chown /echo nmap.exe ping /passwd /chsh ps /uname > telnet.exe /ftp ls tclsh8 lsof /ping echo cmd.exe /kill python > traceroute /ps perl passwd wsh.exe /rm /cpp chgrp /telnet > localgroup kill /chgrp /finger nasm /ls nc.exe id /chmod /nc > /g++ /id /chown cmd /nmap chsh /gcc net.exe /python /lsof > ftp.exe ftp xterm mail /mail tracert nmap rm cd chmod cpp telnet > cmd32.exe gcc g++" > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,nolog,skip:1" > SecRule > "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES" > "@pm uname wguest.exe /perl /nasm rcmd.exe nc tclsh /xterm > finger tftp chown /echo nmap.exe ping /passwd /chsh ps /uname > telnet.exe /ftp ls tclsh8 lsof /ping echo cmd.exe /kill python > traceroute /ps perl passwd wsh.exe /rm /cpp chgrp /telnet > localgroup kill /chgrp /finger nasm /ls nc.exe id /chmod /nc > /g++ /id /chown cmd /nmap chsh /gcc net.exe /python /lsof > ftp.exe ftp xterm mail /mail tracert nmap rm cd chmod cpp telnet > cmd32.exe gcc g++" > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,nolog,skip:1" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:959013" > SecAction > "phase:2,auditlog,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,nolog,skipAfter:999011" > SecRule "REQUEST_BASENAME" "!@rx > .*\\.(htm|html|txt|gif|jpg|jpeg|png|css|pdf|xls|swf|do|jsp|php|js|xml|ico|)$" > > "phase:2,log,auditlog,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,id:1,t:urlDecodeUni,chain" > > --e29c0168-Z-- > ####################################################################### > > > ####################################################################### > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4>>] > Recipe: Invoking rule cd0dd40; [file > "/opt/jail/opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.rules"] > [line "10"]. > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][5 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B5> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][5 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B5>>] > Rule cd0dd40: SecRule "XML" "@validateSchema > /opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.xsd" > "phase:2,log,auditlog,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,t:htmlEntityDecode" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > CACHE: Enabled > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > T (1) lowercase: "[xml document tree]" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > T (0) replaceNulls: "[xml document tree]" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > T (0) compressWhitespace: "[xml document tree]" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > T (0) urlDecodeUni: "[xml document tree]" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > T (0) htmlEntityDecode: "[xml document tree]" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4>>] > Transformation completed in 61 usec. > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4>>] > Executing operator "validateSchema" with param > "/opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.xsd" > against XML. > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][9 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B9>>] > Target value: "[xml document tree]" > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4>>] > Operator completed in 439 usec. > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4>>] > Operator error: XML: Failed to load Schema: > /opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.xsd > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][4 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B4>>] > Rule returned -1. > [05/Aug/2008:14:42:48 +0200] > [webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][1 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B1> > <http://webservice.mysite.com/sid#c736b70][rid#e6904c0][/CardService/services/CardServiceWSSOAPImpl][1 > <http://webservice.mysite.com/sid#c736b70%5D%5Brid%23e6904c0%5D%5B/CardService/services/CardServiceWSSOAPImpl%5D%5B1>>] > Rule processing failed. > > ####################################################################### > > The file > "/opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.xsd" > exist and is readable. > > Are this informations enough? > > The test that I do with lt-testSchemas is acceptable? or is not > sufficient for know if the xsd is correct? > > Regards. > Nick > > > Nick, > > This error indicates that ModSecurity failed to parse the schema > (loaded it fine from the file or you would get: XML: Failed to load > Schema from file: %s" > > Make sure the file contains a valid xsd. > > -B > > > > > > On Tue, Aug 5, 2008 at 2:18 PM, Ryan Barnett > <Rya...@br... <mailto:Rya...@br...> > <mailto:Rya...@br... > <mailto:Rya...@br...>>> wrote: > > Hello Nicola, > > A few comments – > > > * You may want to reference this whitepaper we did on > protecting > web services with mod - > > http://www.modsecurity.org/documentation/Securing_Web_Services_with_ModSecurity_2.0.pdf > > > * Can you send a full audit log example? The data provided > below does not include enough information on the actual > request. > > > * I highly recommend that you use the SecDebugLog (at > level 9) > and test your web service. The logs will give more > information as to why the rule processing failed. > > > * You may also want to try pointing the rule at the > SoapSchema.xsd file instead. > > > -- */Ryan C. Barnett > /*ModSecurity Community Manager > > Breach Security: Director of Application Security > > Web Application Security Consortium (WASC) Member > > CIS Apache Benchmark Project Lead > > SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > Author: Preventing Web Attacks with Apache > > > > ------------------------------------------------------------------------ > > *From:* mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > [mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>] *On > Behalf Of *Nicola Bianchi > *Sent:* Tuesday, August 05, 2008 7:45 AM > *To:* Mod Security > *Subject:* [mod-security-users] XML @validateSchema > > > Hi, > I'm trying to protect a webservice with the @validateSchema > directive. > I'm completely ignorant about XML, webservice and modsecurity and > perhaps someone can help me to find the right way... > > For the specific virtualhost I've created this rules: > SecDefaultAction > > phase:2,log,auditlog,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,t:htmlEntityDecode > SecWebAppId webservice.mysite.com > <http://webservice.mysite.com> <http://webservice.mysite.com> > > SecRule REQUEST_HEADERS:Content-Type "text/xml" > "phase:1,pass,nolog,ctl:requestBodyProcessor=XML" > SecRule XML "@validateSchema > > /opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.xsd" > > > In the same directory where there is the > webservice.mysite.com.xsd > file I've the other necessary .xsd (without this files the next > validation test fail): > SoapSchema.xsd > WsaSchema.xsd > WsseSchema.xsd > WsuSchema.xsd > webservice.mysite.com.xsd > > > With this utility the validation "command line" seems to be good: > /opt/waf/bin/libxml2_prep/bin/lt-testSchemas --memory > /opt/waf/mod_security/prep/conf/rules.d/webservice.mysite.com.xsd > /root/req.xml > /root/req.xml validates > > > Now if I try to use the webservice I find this error in the logs: > --12a21f39-H-- > Message: Rule processing failed. > Apache-Handler: proxy-server > Stopwatch: 1217832846563764 467122 (466* 4550 466728) > Producer: ModSecurity for Apache/2.5.5 > (http://www.modsecurity.org/); core ruleset/1.6.1. > <http://1.6.1.> <http://1.6.1.> > > Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8a > WebApp-Info: "webservice.mysite.com > <http://webservice.mysite.com> > <http://webservice.mysite.com>" "-" "-" > > > > If I comment out the line about the xsd validation there are no > error in the logs. > > Have you an idea of where it may be the problem? > > Regards > Nick > > PS: the modsecurity machine (reverse proxy) is not able to > connect > via http to internet (security policy). It can be a problem? > > > > -- > Brian Rectanus > Breach Security > > -- Brian Rectanus Breach Security |