[Owasp-modsecurity-core-rule-set] XML Parsing

Jai Harpalani Tue, 24 Apr 2018 11:57:14 -0700

I would like to disable XML parsing. If I do so, will rules such as the one
below not get evaluated against the body of the request?


SecRule ARGS_NAMES|ARGS|XML:/* "(?:\n|\r)+(?:get|post|head|op
tions|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+"
\
    "msg:'HTTP Request Smuggling Attack',\
    phase:request,\
    id:921110,\
    rev:'1',\
     . . .

Is this rule only valid for ARGS_NAMES, ARGS, and parsed XML? Seems like it
should also be applied to request bodies even if they are not XML bodies.
Please clarify.

Thanks.

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

[Owasp-modsecurity-core-rule-set] XML Parsing

Reply via email to