These payloads are dumbed down versions of a real request I saw and I have taken out all the soap headers, xmlns namespacing reference declarations and such to just get the meat of the block.
Your Environment
CRS version (e.g., v3.2.0): 3.2/master
Paranoia level setting: 1
ModSecurity version (e.g., 2.9.3): 3.0.4
Web Server and version (e.g., apache 2.4.41): Nginx
Operating System and version: Alpine Linux
Confirmation
[X] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
Description
Rule 941160 blocking XML in CDATA, its not a fan of the text
<pr:form
Audit Logs / Triggered Rule Numbers
Interestingly if you take the valid XML out of the CDATA you don't get blocked, request payload example like so:
These payloads are dumbed down versions of a real request I saw and I have taken out all the soap headers, xmlns namespacing reference declarations and such to just get the meat of the block.
Your Environment
Confirmation
[X] I have removed any personal data (email addresses, IP addresses, passwords, domain names) from any logs posted.