github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adjust parser activation rules in modsecurity.conf-recommended

Browse Source
This commit is contained in:
Martin Vierula
2022-09-07 11:43:54 -07:00
parent 51a30d7b40
commit bb372850ac
4 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/regression/rule/10-xml.t
View File

@@ -394,7 +394,7 @@
SecXmlExternalEntity On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500029, \\
SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" "id:500029, \\
phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500030
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" "id:500031 \\

2
tests/regression/rule/15-json.t
View File

@@ -236,7 +236,7 @@
SecAuditLog "$ENV{AUDIT_LOG}"
SecDebugLogLevel 9
SecRequestBodyJsonDepthLimit 3
SecRule REQUEST_HEADERS:Content-Type "application/json" \\
SecRule REQUEST_HEADERS:Content-Type "^application/json" \\
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
SecRule REQBODY_ERROR "!\@eq 0" "id:'200444',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
SecRule ARGS "\@streq 25" "id:'200445',phase:2,log,deny,status:403"