github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-20 19:16:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Revert f05011dc4f3614cdfc9310391b1275243b398639...f28112c38c487f1d241f2109d3b4c29d6d8f8280 on Reference Manual

Victor Hora
2017-07-27 20:16:44 -07:00
parent f28112c38c
commit 71df07c404
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Reference-Manual.mediawiki

@@ -2462,6 +2462,8 @@ Contains the status of the request body processor used for request body parsing.
; Note : Your policies must have a rule to check for request body processor errors at the very beginning of phase 2. Failure to do so will leave the door open for impedance mismatch attacks. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by more tolerant parser operating in the application. If your policy dictates blocking, then you should reject the request if error is detected. When operating in detection-only mode, your rule should alert with high severity when request body processing fails.
; Related issues: #1475
== REQBODY_ERROR_MSG ==
If theres been an error during request body parsing, the variable will contain the following error message: