Description
Currently when an Xpath query is evaluated. All elements detected will be run against the operator. If any of them are true then the chained rule will trigger. However in many situations, we would like to run the chained rule only on the data that triggers the first operator. We should add a keyword that allows this functionality to occur. Example:
false hello true '''If we wanted to detect items of type boolean that were true or false this would be very difficult using a chained rule (although we can use a single xpath query). We might instead want to say
SecRule XML:\bob\items\item@type "@contains boolean" "id:1chain,XPathChainOverride,deny,status:404"
SecRule XML:\bob\items\item\text() "!@rx (true)|(false)" "t:none"
This would not trigger because all booleans are true or false
IF we did this with our current method:
SecRule XML:\bob\items\item@type "@contains boolean" "id:1chain,deny,status:404"
SecRule XML:\bob\items\item\text() "!@rx (true)|(false)" "t:none"
This would return true because there is a boolean and there is also an item that is not true or false.