Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

WAF rule triggered with the following error message- ModSecurity: XML parser error: XML: Failed parsing document

 

Information

 

Summary:

WAF rule is been triggered with the following WAF error message- ModSecurity: XML parser error: XML: Failed parsing document

Environment:

Product: LoadMaster, ECS Connection Manager

Version: 7.2.57

Platform: Any

Application: Web Based Application

Question/Problem Description:

The Web application is not functioning correctly. WAF rule is been triggered with the following WAF error message- ModSecurity: XML parser error: XML: Failed parsing document

Steps to Reproduce:  
Error Message: [client 10.1.1.1] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "192.168.68.10 (API)"] [uri "/Home/backend/Sales/values/Createdlink.xml"] [unique_id "T80snd95b1-2hkf8-hh7d-a890-119763hnfi904"]
Defect Number:  
Enhancement Number:  
Cause: Rule ID 20003 that is hardcoded into the modsecurity engine is being triggered. 
Resolution:

There is two options to resolved this issue:-

Disable the Inspect HTTP POST Request Bodies-

  1. WUI -> Virtual Services -> View/Modify Services -> WAF Options -> Web Application Firewall -> WAF Advanced Configuration -> Inspect HTTP POST Request Bodies -> Disable
  2. Once disabled, all xml requests will pass through and application will start function correctly

Create a custom rule to bypass this function-

  1. Open a notepad and ensert the following values
  2. SecRule REMOTE_ADDR "@ipMatch 192.1.1.101" \ id:101,phase:1,t:none,nolog,pass,ctl:ruleEngine=off
  3. IP Address 192.1.1.101 is the source IP address of the Client
  4. Save file as a .conf extension
  5. Once created, upload rule WUI -> Web Application Firewall -> Custom Rules -> Legacy Custom Rules -> Add Custom Ruleset
  6. Once Added, add WAF rue to Virtual Service, Virtual Services -> View/Modify Services -> WAF Options -> Web Application Firewall -> Manage Rules -> Custom Rules -> Select Custom Rule -> Apply
  7. Once rule is applied, all xml requests will pass through and application will start function correctly.
Workaround:

https://support.kemptechnologies.com/hc/en-us/articles/210399183-WAF-Rule-Writing-Guide

https://support.kemptechnologies.com/hc/en-us/articles/203128369-Web-Application-Firewall-WAF-

https://support.kemptechnologies.com/hc/en-us/articles/207523516-How-to-disable-or-remove-a-Specific-WAF-Rule 

Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments