[mod-security-users] XML Parsing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] XML Parsing
|
From: Jai H. <jai...@mu...> - 2018-04-24 14:53:15
|
As expected, parsing an XML request takes a significant amount of time. I
am trying to determine if there is any benefit to parsing XML requests if
the only rules I am using are from OWASP CRS. Are there any OWASP CRS rules
which require XML requests to be parsed?
I see many rules with the following pattern:
SecRule ARGS_NAMES|ARGS|XML:/*
"(?:\n|\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+"
\
"msg:'HTTP Request Smuggling Attack',\
phase:request,\
id:921110,\
rev:'1',\
. . .
These rules are not doing anything "XML-specific". For the rule above, the
operator can be applied to a plain text request. So, why pay the penalty of
parsing XML?
|
