Suppress rule 200002 when editing contacts in Nextcloud #1742
Comments
|
User pyllyukko commented on date 2020-04-21 16:15:59: Just noticed that there should be additional newline here to end the "section" to be consistent with the rest of this file. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue for tracking original pull request created by user pyllyukko on date 2020-04-21 13:35:30.
Link to original PR: SpiderLabs/owasp-modsecurity-crs#1742.
HEAD is: 2f38ef0
BASE is: cf57fd5
Issue
Modifying contacts triggers an XML parsing error (rule 200002 in modsecurity.conf) which can be whitelisted in REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf.
Background
Reproduction
This will trigger a HTTP PUT request into
/remote.php/dav/addressbooks/users/<username>/contacts/<some-uuid>.vcfthat hasContent-Type: application/xmland has the contact vCard (which of course isn't XML) in it's body.Fix
This PR disables 200002 with PUT requests into
addressbooks.The text was updated successfully, but these errors were encountered: