Re: [mod-security-users] Question about ARGS Variable
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Question about ARGS Variable
|
From: Reindl H. <h.r...@th...> - 2019-01-02 18:58:15
|
Am 02.01.19 um 19:54 schrieb Jai Harpalani via mod-security-users: > Isn't the "POST Payload" equivalent to the body? If not, what exactly is > the "POST Payload"? hell how can any random XML stuff be a ARGUMENT and how do you imagine this to handeled performance wise? is it a post-param like <input type="text" anme"=arg" value"=whatever"> no, it is not > On Wed, Jan 2, 2019 at 12:29 PM Reindl Harald <h.r...@th... > <mailto:h.r...@th...>> wrote: > > > > Am 02.01.19 um 18:55 schrieb Jai Harpalani via mod-security-users: > > User-documentation states: > > > > "ARGS is a collection and can be used on its own (means all arguments > > including the POST Payload)..." > > > > Based on my testing, it does not appear that ARGS is including the > POST > > payload. I am sending a POST request with the body shown below. I > expect > > it to trigger Rule 930120, but it does not. > > args and body are different worlds by definition > > > > Request Body: > > > > <?xml version='1.0' encoding='UTF-8'?> > > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> > > <soapenv:Body> > > <ns1:echo xmlns:ns1="http://example1.org/example1"> > > <Text>hello .bashrc</Text> > > </ns1:echo> > > </soapenv:Body> > > </soapenv:Envelope> |
