|
From: Robert P. <rpa...@fe...> - 2019-01-02 18:47:34
|
Hey Jai, I believe ARGS is only filled with the request body with the request is a urlencoded. Because ARGS and friends are treated as tabular variables, ModSecurity won't attempt to parse an XML body and at it into the ARGS or ARGS_POST variables, because there's no sane way to interpolate the document into key-value paired data. On Wed, Jan 2, 2019 at 10:21 AM Jai Harpalani via mod-security-developers < mod...@li...> wrote: > User-documentation states: > > "ARGS is a collection and can be used on its own (means all arguments > including the POST Payload)..." > > Based on my testing, it does not appear that ARGS is including the POST > payload. I am sending a POST request with the body shown below. I expect it > to trigger Rule 930120, but it does not. > > Request Body: > > <?xml version='1.0' encoding='UTF-8'?> > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > "> > <soapenv:Body> > <ns1:echo xmlns:ns1="http://example1.org/example1"> > <Text>hello .bashrc</Text> > </ns1:echo> > </soapenv:Body> > </soapenv:Envelope> > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
