Skip to main content
Version: 8.2411.x.x RR

XmlFilter

XmlFilter can be used to validate request bodies containing XML, i.e. to make sure that this xml-content is well-formed.

Classname
ch::nevis::nevisproxy::filter::validation::XmlFilter
Library
libValidationFilters.so.1

Configuration

BlockOnError

Type: Enum
Possible values: on, off, log
Usage Constraints: optional, conditional
Default: on

Newline separated list of conditions, defining whether requests containing malformed xml should be blocked (on), or only logged (log). In case of "off", the request body is not inspected at all by this filter.

StatusCode

Type: Integer
Range: min: 100, max: 1000
Usage Constraints: optional
Default: 403

Defines the response status code of a blocked response.

LoadExternalDocuments

Type: Boolean
Usage Constraints: optional
Default: false

Let the XmlFilter load external documents. If this is set to true, the proxy might do out-calls to the internet or intranet. This might or might not be harmful depending on your firewall setup. Furthermore, the proxy might get malicious DTDs from the internet with possible future flaws in it.

SchemaDirectory

Type: String
Usage Constraints: optional

Defines the directory where schemas are located.

SchemaCatalog

Type: Newline separated list of strings
Usage Constraints: required if a SchemaDirectory is configured
Syntax: <systemId>:<filename>

Defines the mapping between a systemId and a file inside the configured schema directory. For example: http://www.w3.org/TR/html4/strict.dtd : strict.dtd. It is ignored if no SchemaDirectory is configured.

SchemaType

Type: Enum
Possible values: UNKNOWN, DTD, XSD
Default: UNKNOWN

The schema type of the files configured in the SchemaCatalog depend on the postfix of the file. If the filename ends with .dtd, then a DTD schema is assumed, if it ends with .xsd, then an XSD schema is assumed. For all other prefixes, the schema type depends on the configuration of this parameter:

  • UNKNOWN: try to find out the schema type via the content. This may not work for complex schema.
  • DTD: handle them as DTD schema files
  • XSD: handle them as XSD schema files

ValidateSchema

Type: Boolean
Default: true
Secure default: true

If false, only some basic XML verification will be done. The content will not be validated against XSD schema. If true, the body will be validated against the configured SchemaCatalog. If a schema is missing then the request will be blocked.