Hi, I get an error (XML parsing error: XML: Failed parsing document) when mod_security is checking a multipart/related request.
----------------------- POST /ws/services/ServiceHttpSoap11Endpoint/? HTTP/1.0 Content-Type: multipart/related; type="text/xml"; start="<BC681B2A92FBD6F218D4FAE416142A33>"; boundary="----=_Part_543_922960639.1363199273019" Accept: application/soap+xml, application/dime, multipart/related, text/* ... ------=_Part_543_922960639.1363199273019 Content-Type: text/xml; charset=UTF-8 Content-Transfer-Encoding: binary Content-Id: <BC681B2A92FBD6F218D4FAE416142A33> <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd=" http://www.w3.org/2001/XMLSchema"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "><soapenv:Body>...</soapenv:Body></soapenv:Envelope> ------=_Part_543_922960639.1363199273019 Content-Type: text/plain Content-Transfer-Encoding: binary Content-Id: <D0A3A1A7FED986556394EFA1A63EB597> <binary content> ---------------------- To me, the problem is that rule 900017 is matching any "text/xml" doesnt matter where in the Content-Type value. I think that change it to match "^text/xml" will be better. Like: SecRule REQUEST_HEADERS:Content-Type "^text/xml" \ "id:'900017', \ phase:1, \ t:none,t:lowercase, \ nolog, \ pass, \ chain" SecRule REQBODY_PROCESSOR "!@streq XML" \ "ctl:requestBodyProcessor=XML" This sounds correct to you? best regards, Klaubert Herr
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
