Rules which include "XML:/*" are not evaluated against request bodies if the bodies are not XML. Is this a deficiency? In the example below, shouldn't the pattern be searched for in text bodies as well as XML bodies? Is there a reason the search is limited to XML bodies?
SecRule ARGS_NAMES|ARGS|XML:/* "(?:\n|\r)+(?:get|post|head|op tions|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+" \ "msg:'HTTP Request Smuggling Attack',\ phase:request,\ id:921110,\ rev:'1',\ . . .
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set