github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-09 17:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Disable XML parsing by default in included core rules.

Browse Source
This commit is contained in:
brectanus
2007-07-30 15:29:00 +00:00
parent c9c1cf1264
commit a4196561e7
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rules/modsecurity_crs_10_config.conf
View File

@@ -78,10 +78,12 @@ SecResponseBodyLimit 524288
# Initiate XML Processor in case of xml content-type
#
# TODO Remove this rule if you don't wish to parse XML request
# Note that this will disable XML protection
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"phase:1,pass,nolog,ctl:requestBodyProcessor=XML"
# TODO Uncomment this rule if you wish to parse
# text/xml requests using the XML parser. Note
# that this may cause considerable overhead in processing
# text/xml requests.
#SecRule REQUEST_HEADERS:Content-Type "text/xml" \
#"phase:1,pass,nolog,ctl:requestBodyProcessor=XML"
# What to do when an error is encountered.