Hi Folks, I've recently started using the 2.2.3 ruleset with mod_security 2.5.11-1 (Ubuntu 10.04). I'm having an issue with with a standard Joomla 2.5.1 install triggering line 31 or base_rules/modsecurity_crs_23_request_limits.conf "Too many arguments in request". I'm using an unmodified version of modsecurity_crs_10_config.conf. When I adjust max_num_args in modsecurity_crs_10_config.conf, it doesn't seem to have any affect on the above issue. I've tried anywhere from 1 to 400000. I am restarting Apache between each change. But, if I comment out SecAction "phase:1,id:'981211',t:none,nolog,pass,setvar:tx.max_num_args=255" the too many arguments issue is resolved.
It appears as if the numerical changes I am making to max_num_args aren't being loaded. I'm not sure. Any ideas? Thanks in advance! Best, Matt Thomas Founder betweenbrain <http://betweenbrain.com/>™ Lead Developer Construct Template Development Framework<http://construct-framework.com/> Phone: 203.632.9322 Twitter: @betweenbrain Github: https://github.com/betweenbrain
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
