XmlFilter
XmlFilter can be used to validate request bodies containing XML, i.e. to make sure that this xml-content is well-formed.
ch::nevis::nevisproxy::filter::validation::XmlFilter
libValidationFilters.so.1
Configuration
BlockOnError
Type: Enum
Possible values: on, off, log
Usage Constraints: optional, conditional
Default: on
Newline separated list of conditions, defining whether requests containing malformed xml should be blocked (on), or only logged (log). In case of "off", the request body is not inspected at all by this filter.
StatusCode
Type: Integer
Range: min: 100, max: 1000
Usage Constraints: optional
Default: 403
Defines the response status code of a blocked response.
LoadExternalDocuments
Type: Boolean
Usage Constraints: optional
Default: false
Let the XmlFilter load external documents. If this is set to true, the proxy might do out-calls to the internet or intranet. This might or might not be harmful depending on your firewall setup. Furthermore, the proxy might get malicious DTDs from the internet with possible future flaws in it.
SchemaDirectory
Type: String
Usage Constraints: optional
Defines the directory where schemas are located.
SchemaCatalog
Type: Newline separated list of strings
Usage Constraints: required if a SchemaDirectory is configured
Syntax: <systemId>:<filename>
Defines the mapping between a systemId and a file inside the configured schema directory. For example: http://www.w3.org/TR/html4/strict.dtd : strict.dtd
. It is ignored if no SchemaDirectory is configured.
SchemaType
Type: Enum
Possible values: UNKNOWN, DTD, XSD
Default: UNKNOWN
The schema type of the files configured in the SchemaCatalog
depend on the postfix of the file. If the filename ends with .dtd
, then a DTD schema is assumed, if it ends with .xsd
, then an XSD schema is assumed. For all other prefixes, the schema type depends on the configuration of this parameter:
- UNKNOWN: try to find out the schema type via the content. This may not work for complex schema.
- DTD: handle them as DTD schema files
- XSD: handle them as XSD schema files
ValidateSchema
Type: Boolean
Default: true
Secure default: true
If false
, only some basic XML verification will be done. The content will not be validated against XSD schema. If true
, the body will be validated against the configured SchemaCatalog
. If a schema is missing then the request will be blocked.