github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Disable XML parsing by default in the included core rules.

Browse Source
This commit is contained in:
brectanus
2007-07-30 15:34:46 +00:00
parent bafe8ad773
commit 5a38dde99b
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rules/modsecurity_crs_10_config.conf
View File

@@ -78,10 +78,12 @@ SecResponseBodyLimit 524288
# Initiate XML Processor in case of xml content-type # Initiate XML Processor in case of xml content-type
# #
# TODO Remove this rule if you don't wish to parse XML request # TODO Uncomment this rule if you wish to parse
# Note that this will disable XML protection # text/xml requests using the XML parser. Note
SecRule REQUEST_HEADERS:Content-Type "text/xml" \ # that this may cause considerable overhead in processing
"phase:1,pass,nolog,ctl:requestBodyProcessor=XML" # text/xml requests.
#SecRule REQUEST_HEADERS:Content-Type "text/xml" \
#"phase:1,pass,nolog,ctl:requestBodyProcessor=XML"
# What to do when an error is encountered. # What to do when an error is encountered.