ARGS should be working on PUT. I wasn’t able to reproduce this problem myself. Would it be possible for you to post the request headers to the mailinglist?
I’m thinking maybe the client is not sending a "Content-Type: application/x-www-form-urlencoded” header, so ModSecurity might not be parsing the request body for arguments. But this is just a guess. Cheers! WH > On 05 Mar 2016, at 23:44, Brian Davis (bridavis) <brida...@cisco.com> wrote: > > We’re testing ModSecurity against some easy XSS tests. We have a PUT REST > Call in which we embed <script>alert(document.cookie)</script> into a text > dialog box, which should be easily picked up by RuleID:973336, but for some > reason it’s not. debug_cache log says no match. > > Does ARGS work on PUTs in addition to POST? Reference documentation only > seems to mention POST. > > Additionally, I tried to use the FULL_REQUEST target to see if that would > help, but I’m getting an error: Error creating rule: Unknown variable: > FULL_REQUEST, but SecRequestBodyAccess On is in mod_security.conf. > > This seems to be a very simple test in which mod_security should catch this, > but not such luck. > > Any thoughts? > > Thanks, > Brian > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- Walter Hop | PGP key: https://lifeforms.nl/pgp
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
