From 4a8fc7a660a651d01f8daa652206e905b9a22587 Mon Sep 17 00:00:00 2001
From: Ryan Barnett <rcbarnett@gmail.com>
Date: Fri, 27 Sep 2013 06:13:40 -0700
Subject: [PATCH] Added details about interdependencies of SecXmlExternalEntity
 directive and @validateSchema operator

---
 Reference-Manual.mediawiki | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki
index ef79216..c6cb18a 100644
--- a/Reference-Manual.mediawiki
+++ b/Reference-Manual.mediawiki
@@ -1718,6 +1718,8 @@ In the two examples configurations shown, SecWebAppId is being used in conjuncti
 
 '''Default:''' default is Off
 
+'''NOTE:''' You must enable this directive if you need to use the <code>@validateSchema</code> or <code>@validateDtd</code> operators.
+
 = Processing Phases =
 ModSecurity 2.x allows rules to be placed in one of the following five phases of the Apache request cycle:
 *Request headers (REQUEST_HEADERS)
@@ -3859,6 +3861,8 @@ SecRule REQUEST_HEADERS:Content-Type ^text/xml$ "phase:1,id:180,nolog,pass,t:low
 SecRule XML "@validateDTD /path/to/xml.dtd" "phase:2,id:181,deny,msg:'Failed DTD validation'"
 </pre>
 
+'''NOTE:''' You must enable the <code>SecXmlExternalEntity</code> directive.
+
 == validateHash ==
 '''Description:''' Validates REQUEST_URI that contains data protected by the hash engine.
 
@@ -3880,6 +3884,8 @@ SecRule REQUEST_HEADERS:Content-Type ^text/xml$ "phase:1,id:190,nolog,pass,t:low
 SecRule XML "@validateSchema /path/to/xml.xsd" "phase:2,id:191,deny,msg:'Failed DTD validation'"
 </pre>
 
+'''NOTE:''' You must enable the <code>SecXmlExternalEntity</code> directive.
+
 == validateUrlEncoding ==
 '''Description''': Validates the URL-encoded characters in the provided input string.