ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

V3/reqbodyproc

Open airween opened this issue 6 years ago • 0 comments

In the v2 reference, the REQUEST_BODY variable info contains:

Holds the raw request body. This variable is available only if the URLENCODED request body processor was used, which will occur by default when the application/x-www-form-urlencoded content type is detected, or if the use of the URLENCODED request body parser was forced.

Now the REQUEST_BODY in libmodsec3 always evaluated, no matter what is the content-type. Eg. the CT is application/xml, and the SecRule operator is @rx, then it checked with the regex pattern.

CRS regression tests showed that in case of XML, JSON and Multipart CT's don't allows the REQUEST_BODY variable. See the attached regression test json file.

Note, that this modification needs to disable the REQUEST_BODY check in the offset_variable.json, when the CT is Multipart.

airween avatar Mar 11 '19 21:03 airween