From b58f713fe98cec4cb693722b908895af7e0eb45b Mon Sep 17 00:00:00 2001
From: Chaim Sanders <csanders@sparsa.org>
Date: Mon, 3 Apr 2017 19:52:14 -0400
Subject: [PATCH] add support for soap+xml

As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
---
 modsecurity.conf-recommended | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
index 42a6f6c8..728afc1a 100644
--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@@ -19,7 +19,7 @@ SecRequestBodyAccess On
 # Enable XML request body parser.
 # Initiate XML Processor in case of xml content-type
 #
-SecRule REQUEST_HEADERS:Content-Type "(?:text|application)/xml" \
+SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
      "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
 
 # Enable JSON request body parser.