XML
About
General View of XML
When a new path is added on the XML tab, the view is as follows. By clicking the Add Common Rule for XML button, XML control is enabled for the relevant path. Now, when a request with XML content is made to this path, it will be subject to WAF rules based on the added rules. Before clicking the Add Common Rule for XML button, it appears as Rule Source > All Paths. The reason for this is that no XML control has been performed on the relevant path, so XML control has been inherited from All Paths. If it had been inherited from a Glob Path it would have appeared as Rule Source > Relevant Glob Path (/admin/login.*).
Example XML Variable Name and Variable Value
Interface
Add Common Rule for XML Screen
- Virtual Host Group
Displays the information about which Virtual Host Group the relevant path belongs to.
- Path
Displays the information about the modified path.
- Area
Displays information about the modified control field.
- Argument Name
Yapılan değişikliklerin tüm XML değişkenlerinde ve değerlerinde geçerli olacağının bilgisi görüntülenir.
- XML Key Length
Filters the length of each variable in XML content by character count.
- XML Key Count
Filtered by the total number of variables that can appear in XML.
- Block All XML Content
No XML content can be sent to the relevant path; it will be blocked.
- Block Invalid XML Content
"Unparseable" XML content cannot be sent to the relevant path; it will be blocked.
- XML Depth
Filters XML depth.
- XML Allowed Arguments
Allowed XML variables are used to determine the variables that can be sent to the relevant path. No request can be made to the relevant path with any variable other than the entered allowed variables; it will be blocked.
- Value Length
Filters the value length of each variable in XML content by character count.
- OWASP Check
Specifies whether each variable and value in XML content will be subject to OWASP controls.
- OWASP Exclusions
If subject to OWASP controls, OWASP Rules can be added as exceptions based on the structure of the incoming request.
- Detailed Log
Determines whether the variable or value where an attack is detected in the WAF log will be written to the description section.
- Value Regex Pattern
Used in cases where it is desired to restrict the value of each variable in XML with RegEx.
- Add
Clicking the Add button adds the XML general setting.
- Interface Representation in TR7 ASP After Adding the Check Field
After adding the XML check field, the interface representation in TR7 ASP when clicked on the relevant path is as follows.
Interface
Add Argument Rule for XML Screen
By clicking the Add Argument Rule for XML button, new definitions can be added specifically for a XML variable, except for the definitions made in the general settings.
- Virtual Host Group
Displays the information about which Virtual Host Group the relevant path belongs to.
- Path
Displays the information about the modified path.
- Area
Displays information about the modified control field.
- Argument name (XML)
The name of the relevant XML variable is entered because the changes will be specifically defined for a single XML variable.
- Value Length
Filters the value length of the specified XML variable by character count.
- OWASP Check
Specifies whether the specified XML variable, variable, and value will be subject to OWASP controls.
- OWASP Exclusions
If subject to OWASP controls, OWASP Rules can be added as exceptions based on the structure of the incoming request.
- Detailed Log
Determines whether the variable or value where an attack is detected in the WAF log will be written to the description section.
- Value Regex Pattern
Used in cases where it is desired to restrict the value of the specified XML variable with RegEx.
- Add
Clicking the Add button adds the XML variable setting.
- Interface Representation of XML Variable Setting in TR7 ASP
After adding the XML variable setting, the interface representation in TR7 ASP when clicked on the relevant path is as follows.
