[Owasp-modsecurity-core-rule-set] XML Parsing Question

Jai Harpalani jai.harpalani at mulesoft.com
Mon May 14 16:33:01 UTC 2018


Rules which include "XML:/*" are not evaluated against request bodies if
the bodies are not XML. Is this a deficiency? In the example below,
shouldn't the pattern be searched for in text bodies as well as XML bodies?
Is there a reason the search is limited to XML bodies?

SecRule ARGS_NAMES|ARGS|XML:/* "(?:\n|\r)+(?:get|post|head|op
tions|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+"
\
    "msg:'HTTP Request Smuggling Attack',\
    phase:request,\
    id:921110,\
    rev:'1',\
     . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180514/0519d8e0/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list