From 56e868ba32f8d7dc8141ffa47bf1f4272ec94f02 Mon Sep 17 00:00:00 2001
From: franbuehler <franbuehler@gmail.com>
Date: Mon, 6 Apr 2020 18:16:55 +0000
Subject: [PATCH 1/2] Resolve issue 1722 and fix content-type whitelisting

---
 rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf   |  2 +-
 .../920470.yaml                               | 31 ++++++++++++++++++-
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
index 9ae2db96b..6a0cb4dd9 100644
--- a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
+++ b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
@@ -918,7 +918,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \
 # - text/plain; charset="UTF-8"
 # - multipart/form-data; boundary=----WebKitFormBoundary12345
 #
-SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+-]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['\"\w.()+,/:=?-]+)?$" \
+SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w\/.+-]+(?:\s?;\s?(?:action|boundary|charset|type|start(?:-info)?)\s?=\s?['\"\w.()+,/:=?<>@-]+)*$" \
     "id:920470,\
     phase:1,\
     block,\
diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml
index cc238347b..e1ed055e1 100644
--- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml
+++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml
@@ -1,6 +1,6 @@
 ---
   meta:
-    author: "lifeforms"
+    author: "lifeforms, Franziska Bühler"
     enabled: true
     name: "920470.yaml"
     description: "Content-Type header format checks"
@@ -169,3 +169,32 @@
                   Content-Length: 0
             output:
               log_contains: "id \"920470\""
+    - test_title: 920470-13
+      stages:
+        - stage:
+            input:
+              dest_addr: 127.0.0.1
+              port: 80
+              method: POST
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: 'multipart/related; type="application/xop+xml"; boundary="uuid:a111aaa1-aa11-1a11-a11a-11a1111aa11a"; start="<root.message@cxf.apache.org>"; start-info="application/soap+xml'
+                  Content-Length: 0
+            output:
+              no_log_contains: "id \"920470\""
+    - test_title: 920470-14
+      stages:
+        - stage:
+            input:
+              dest_addr: 127.0.0.1
+              port: 80
+              method: POST
+              headers:
+                  User-Agent: "ModSecurity CRS 3 Tests"
+                  Host: "localhost"
+                  Content-Type: 'application/soap+xml; action="urn:hl7-org:v3:PRPA_IN201305UV02"; charset=UTF-8'
+                  Content-Length: 0
+            output:
+              no_log_contains: "id \"920470\""
+

From c3912a69442dfc4059006d91f489e624481d8803 Mon Sep 17 00:00:00 2001
From: franbuehler <franbuehler@gmail.com>
Date: Mon, 6 Apr 2020 18:21:43 +0000
Subject: [PATCH 2/2] Resolve issue 1722 and fix content-type whitelisting

---
 rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
index 6a0cb4dd9..9de5b4f63 100644
--- a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
+++ b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
@@ -918,7 +918,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \
 # - text/plain; charset="UTF-8"
 # - multipart/form-data; boundary=----WebKitFormBoundary12345
 #
-SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w\/.+-]+(?:\s?;\s?(?:action|boundary|charset|type|start(?:-info)?)\s?=\s?['\"\w.()+,/:=?<>@-]+)*$" \
+SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+-]+(?:\s?;\s?(?:action|boundary|charset|type|start(?:-info)?)\s?=\s?['\"\w.()+,/:=?<>@-]+)*$" \
     "id:920470,\
     phase:1,\
     block,\