Thread: [mod-security-users] XML-Tags in HTTP GET

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi List,

the next question, xml tags are matched by

SecFilter "<(.|\n)+>"

is there a solution to allow xml in GET and POST,
by hold the security?

Thanks.

-Thomas

Thomas B=F6rnert wrote:
> Hi List,
>=20
> the next question, xml tags are matched by
>=20
> SecFilter "<(.|\n)+>"
>=20
> is there a solution to allow xml in GET and POST,
> by hold the security?

   That depends on whether your application is vulnerable. What
   exactly are you trying to prevent with SecFilter "<(.|\n)+>"?

--=20
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org