Hi Ryan and Christian, We can't forget the wrongly defined mime type configured on backend, that can put a extra load on ModSecurity (ie. .pdf defined as text/plain). This can kill modsec "image". Really the SecResponseBodyLimit and SecResponseBodyLimitAction can help very much on this.
On the wiki, can be good to write how to disable the SecResponseBodyAccess on static content, once that it is not subject to processing (ie. .txt, .html files), on specific locations. best regards, Klaubert On Mon, Apr 11, 2011 at 3:48 AM, <[email protected]> wrote: > Hi Ryan, > > You are right that SecResponseBodyAccess invites for a debate. > > In the discussion about the SecRuleEngine setting you took the hat of the > business people who do not want the WAF to interfere with the legit traffic. > However, this can happen here when you have large downloads on the website. A > lot of corporate websites have a few presentations, pdf reports, > way too large images or even a video or two. This is all slowed down very > much and if you have a lot of these, then the whole > webserver / reverse proxy can be affected. It gets a lot worse when you have > a B2B application with legitimate queries, that return > 80MB responses... I have seen a surprisingly big number of these applications. > > If you have some experience, then you know how to deal with this. But as this > is the default setting, you need to think hard. > > I guess one can come to a reasonable compromise with SecResponseBodyLimit and > SecResponseBodyLimitAction, but I worry > if users will understand the level of protection they get: You would set the > BodyAccess to on but then limit the effect afterwards. > > Best, > > Christian > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
