Thread: [mod-security-users] XML Parsing errors causing Auditlog entries
Brought to you by:
victorhora,
zimmerletw
From: Slobodan A. <li...@al...> - 2013-09-26 13:51:11
|
Hello List, I have a problem with particular requests causing XML-parsing errors. So I decided as workaround to whitelist the rule on a specific URL which throws the parsing errors in auditlog. ID 960912 (CRS 2.2.7). So far this entry is no longer in the auditlog. But everytime I get an entry in the auditlog like this : --a17d3957-H-- Message: XML parser error: XML: Failed parsing document. ... .... Stopwatch: 1380201129748650 37189 (- - -) Stopwatch2: 1380201129748650 37189; combined=1880, p1=296, p2=1472, p3=3, p4=79, p5=30, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.7.4 (http://www.modsecurity.org/); OWASP_CRS/2.2.7. Server: Apache Engine-Mode: "DETECTION_ONLY" --a17d3957-Z-- With no ID mentioned, which triggered the log entry. I looked at the sourcecode where I found in the file https://github.com/SpiderLabs/ModSecurity/blob/master/apache2/msc_xml.c writing "XML: Failed parsing document." directly to error-log . But why am I getting an unwanted auditlogentry ? Best Regards |