From 1068da464c4fd7a91e7cf25adb8e028cfd650d53 Mon Sep 17 00:00:00 2001 From: Chaim Sanders Date: Mon, 11 Jan 2016 10:43:05 -0500 Subject: [PATCH] Updated recommended conf to enter XML processor when content-type is application/xml --- modsecurity.conf-recommended | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index 9ee17f2f..42a6f6c8 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -19,7 +19,7 @@ SecRequestBodyAccess On # Enable XML request body parser. # Initiate XML Processor in case of xml content-type # -SecRule REQUEST_HEADERS:Content-Type "text/xml" \ +SecRule REQUEST_HEADERS:Content-Type "(?:text|application)/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" # Enable JSON request body parser.