Add Content-Type: multipart/related as allowed default

[jeremyjpj0916]

Add multipart/related, got hit with a Content-Type block today:

ModSecurity: Warning. Matched "Operator `Rx' with parameter `^[\w/.+-]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['\"\w.()+,/:=?-]+)?$' against variable `REQUEST_HEADERS:Content-Type' (Value: `multipart/related; type="text/xml"; start="<[email protected]>"; boundary="----=_Part_0_859212417. (14 characters omitted)' ) [file "/usr/local/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "873"] [id "920470"] [rev ""] [msg "Illegal Content-Type header"] [data "multipart/related; type="text/xml"; start="<[email protected]>"; boundary="----=_part_0_859212417.1584040458654""] [severity "2"] [ver "OWASP_CRS/3.2.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/CONTENT_TYPE"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "xxxxx"] [uri "/api/dev/ext/cimdev/service/v1"] [unique_id "158404046346.696874"] [ref "v98,114t:lowercase"]

So I did what most do and googled a bit, seems multipart/form-data isn't appropriate for what these folks sent and multipart/related is a real non-deprecated thing? Any issues adding it?

https://stackoverflow.com/questions/39960417/whats-the-difference-between-multipart-related-and-multipart-form-data-and

https://tools.ietf.org/html/rfc2387

[franbuehler]

This is a very welcome PR. I already had the same False Positive with Content-Type multipart/related and rule 920420.
This PR can be merged in my opinion.

[dune73]

Thank you for the PR. Merging now.