[Owasp-modsecurity-core-rule-set] XML Parsing Question

Jai Harpalani jai.harpalani at mulesoft.com
Mon May 14 16:33:01 UTC 2018

Rules which include "XML:/*" are not evaluated against request bodies if
the bodies are not XML. Is this a deficiency? In the example below,
shouldn't the pattern be searched for in text bodies as well as XML bodies?
Is there a reason the search is limited to XML bodies?

SecRule ARGS_NAMES|ARGS|XML:/* "(?:\n|\r)+(?:get|post|head|op
    "msg:'HTTP Request Smuggling Attack',\
     . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180514/0519d8e0/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list