github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-20 19:16:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Revert 758eaf543bd79269642a7081fad170f3c1dc9d1a...f05011dc4f3614cdfc9310391b1275243b398639 on Reference Manual

Victor Hora
2017-07-24 15:20:58 -04:00
parent f05011dc4f
commit f28112c38c
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Reference-Manual.mediawiki

@@ -2462,8 +2462,6 @@ Contains the status of the request body processor used for request body parsing.
; Note : Your policies must have a rule to check for request body processor errors at the very beginning of phase 2. Failure to do so will leave the door open for impedance mismatch attacks. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by more tolerant parser operating in the application. If your policy dictates blocking, then you should reject the request if error is detected. When operating in detection-only mode, your rule should alert with high severity when request body processing fails.
; Related issues: #1475
== REQBODY_ERROR_MSG ==
If theres been an error during request body parsing, the variable will contain the following error message: