add support for soap+xml

Chaim Sanders · Felipe Zimmerle · commit b58f713fe98c · 2017-04-06T09:49:45.000-03:00
As was talked about by @emphazer in SpiderLabs/owasp-modsecurity-crs#721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
@@ -19,7 +19,7 @@ SecRequestBodyAccess On
 # Enable XML request body parser.
 # Initiate XML Processor in case of xml content-type
 #
-SecRule REQUEST_HEADERS:Content-Type "(?:text|application)/xml" \
+SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
      "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
 
 # Enable JSON request body parser.

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ SecRequestBodyAccess On`
`19`	`19`	`# Enable XML request body parser.`
`20`	`20`	`# Initiate XML Processor in case of xml content-type`
`21`	`21`	`#`
`22`		`-SecRule REQUEST_HEADERS:Content-Type "(?:text\|application)/xml" \`
	`22`	`+SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+\|/)\|text/)xml" \`
`23`	`23`	`"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"`
`24`	`24`
`25`	`25`	`# Enable JSON request body parser.`