github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Disable XML parsing by default in the included core rules.

Browse Source
This commit is contained in:
brectanus 2007-07-30 15:34:46 +00:00
parent bafe8ad773
commit 5a38dde99b
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rules/modsecurity_crs_10_config.conf
View File

@ -78,10 +78,12 @@ SecResponseBodyLimit 524288
# Initiate XML Processor in case of xml content-type
#
# TODO Remove this rule if you don't wish to parse XML request
# Note that this will disable XML protection
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"phase:1,pass,nolog,ctl:requestBodyProcessor=XML"
# TODO Uncomment this rule if you wish to parse
# text/xml requests using the XML parser. Note
# that this may cause considerable overhead in processing
# text/xml requests.
#SecRule REQUEST_HEADERS:Content-Type "text/xml" \
#"phase:1,pass,nolog,ctl:requestBodyProcessor=XML"
# What to do when an error is encountered.