Hi Jim,

Currently, validate schema (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#validateSchema) is using the libxml2's  xmlChemaValidateDoc (http://xmlsoft.org/html/libxml-xmlschemas.html#xmlSchemaValidateDoc) it is implemented here: https://github.com/SpiderLabs/ModSecurity/blob/master/apache2/re_operators.c#L2499-L2571

On May 9, 2014, at 4:28 AM, Jim Talbut <Jim.Talbut@groupgti.com> wrote:

I have a number of SOAP endpoints that I want to protect using ModSecurity.
All the examples Iíve found use validateSchema to validate the SOAP envelope (sometimes followed up with a bunch of XPath checks on individual elements).
I want to go further than this and validate the SOAP headers and body against the schema specified in the WSDL file.
Would this be likely to happen if I submitted a feature request?
Or if I provided a patch would it be accepted?
Or is there a reason why this is a terribly bad idea?

You can suggest/create new features request as patches using GitHub. Even if you want to implement i suggest you to create the issue there first, so that others can help you testing and following the progress. Take care of the amount of memory that you need to make those in-memory verification and avoid to add new dependencies do ModSecurity, only if it really needed.

Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.