XML Attack Signatures

Hi,

 

 

I am new to this forum and am hoping to get some assistance on XML attack signatures.

 

 

We have a standard HTTP POST request that contains an XML message in the body.

 

The content type is set as application/xml; charset="utf-8".

 

 

The attack signature "xml tag (Parameter)" is being triggered on the following XML prolog:

 

 

xml version="1.0" encoding="UTF-8" (The opening/closing angle brackets and question mark are omitted)

 

 

This looks like pretty standard XML to me. Anyone help with why this is being triggered?

 

Do I need to specify an XML profile for the URL?

 

 

Any help would be greatly appreciated.

 

 

Ken