From 5a38dde99bb5663099da7e8e7e2c1c092ae37963 Mon Sep 17 00:00:00 2001 From: brectanus Date: Mon, 30 Jul 2007 15:34:46 +0000 Subject: [PATCH] Disable XML parsing by default in the included core rules. --- rules/modsecurity_crs_10_config.conf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/rules/modsecurity_crs_10_config.conf b/rules/modsecurity_crs_10_config.conf index 69db2257..113f315b 100644 --- a/rules/modsecurity_crs_10_config.conf +++ b/rules/modsecurity_crs_10_config.conf @@ -78,10 +78,12 @@ SecResponseBodyLimit 524288 # Initiate XML Processor in case of xml content-type # -# TODO Remove this rule if you don't wish to parse XML request -# Note that this will disable XML protection -SecRule REQUEST_HEADERS:Content-Type "text/xml" \ -"phase:1,pass,nolog,ctl:requestBodyProcessor=XML" +# TODO Uncomment this rule if you wish to parse +# text/xml requests using the XML parser. Note +# that this may cause considerable overhead in processing +# text/xml requests. +#SecRule REQUEST_HEADERS:Content-Type "text/xml" \ +#"phase:1,pass,nolog,ctl:requestBodyProcessor=XML" # What to do when an error is encountered.