[mod-security-users] XML Parsing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] XML Parsing
|
From: Pfeiffer, B. <ber...@br...> - 2015-12-03 05:31:08
|
Hey! Found some problem, parsing XML-Documents. The problem is, that modsecurity_crs_10_config.conf Line: ~ 407 SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'900017', \ phase:1, \ t:none,t:lowercase, \ nolog, \ pass, \ chain" SecRule REQBODY_PROCESSOR "!@streq<https://github.com/streq> XML" \ "ctl:requestBodyProcessor=XML" It is parsing every content, which includes "text/xml". I think it would be better, SecRule REQUEST_HEADERS:Content-Type "^text/xml" Do you agree with it?! Hope for an answer. Greets, Bernhard |
