Re: [Mod-security-developers] Question about ARGS Variable

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hey Jai,

I believe ARGS is only filled with the request body with the request is a
urlencoded. Because ARGS and friends are treated as tabular variables,
ModSecurity won't attempt to parse an XML body and at it into the ARGS or
ARGS_POST variables, because there's no sane way to interpolate the
document into key-value paired data.

On Wed, Jan 2, 2019 at 10:21 AM Jai Harpalani via mod-security-developers <
mod...@li...> wrote:

> User-documentation states:
>
> "ARGS is a collection and can be used on its own (means all arguments
> including the POST Payload)..."
>
> Based on my testing, it does not appear that ARGS is including the POST
> payload. I am sending a POST request with the body shown below. I expect it
> to trigger Rule 930120, but it does not.
>
> Request Body:
>
> <?xml version='1.0' encoding='UTF-8'?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/
> ">
>      <soapenv:Body>
>           <ns1:echo xmlns:ns1="http://example1.org/example1">
>                 <Text>hello .bashrc</Text>
>           </ns1:echo>
>      </soapenv:Body>
> </soapenv:Envelope>
>
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php