[Owasp-modsecurity-core-rule-set] XML Parsing Question

Jai Harpalani Mon, 14 May 2018 09:33:47 -0700

Rules which include "XML:/*" are not evaluated against request bodies if
the bodies are not XML. Is this a deficiency? In the example below,
shouldn't the pattern be searched for in text bodies as well as XML bodies?
Is there a reason the search is limited to XML bodies?


SecRule ARGS_NAMES|ARGS|XML:/* "(?:\n|\r)+(?:get|post|head|op
tions|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+"
\
    "msg:'HTTP Request Smuggling Attack',\
    phase:request,\
    id:921110,\
    rev:'1',\
     . . .

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

[Owasp-modsecurity-core-rule-set] XML Parsing Question

Reply via email to