From dd8f34013ea55eb8e6f4e3e4de9c9dc16e02eb9c Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Tue, 11 Jan 2022 19:58:46 +0100
Subject: make xxe protection conditional in default rules

---
 config/default.rules | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index 2de703b..7cb18b5 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -6,8 +6,10 @@
 # Harden the PRNG
 sp.harden_random.enable();
 
-# Disabled XXE
+# Enable XXE protection
+@condition extension_loaded("xml");
 sp.xxe_protection.enable();
+@end_condition;
 
 # Global configuration variables
 # sp.global.secret_key("YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.");
-- 
cgit v1.3