Re: [Owasp-modsecurity-core-rule-set] tx.max_num_args issue

Fri, 17 Feb 2012 07:20:16 -0800 

Hey Matt,
You need to be running at least mod_security v2.5.12 to get the macro support 
for numeric operators.

--
Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

From: Matt Thomas <m...@betweenbrain.com<mailto:m...@betweenbrain.com>>
Date: Fri, 17 Feb 2012 09:08:06 -0600
To: 
"owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>"
 
<owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>>
Subject: [Owasp-modsecurity-core-rule-set] tx.max_num_args issue

Hi Folks,

I've recently started using the 2.2.3 ruleset with mod_security 2.5.11-1 
(Ubuntu 10.04). I'm having an issue with with a standard Joomla 2.5.1 install 
triggering line 31 or base_rules/modsecurity_crs_23_request_limits.conf "Too 
many arguments in request". I'm using an unmodified version of 
modsecurity_crs_10_config.conf. When I adjust max_num_args in 
modsecurity_crs_10_config.conf, it doesn't seem to have any affect on the above 
issue. I've tried anywhere from 1 to 400000. I am restarting Apache between 
each change. But, if I comment out SecAction 
"phase:1,id:'981211',t:none,nolog,pass,setvar:tx.max_num_args=255" the too many 
arguments issue is resolved.

It appears as if the numerical changes I am making to max_num_args aren't being 
loaded. I'm not sure. Any ideas?

Thanks in advance!

Best,

Matt Thomas
Founder betweenbrain<http://betweenbrain.com/>™
Lead Developer Construct Template Development 
Framework<http://construct-framework.com/>
Phone: 203.632.9322<tel:203.632.9322>
Twitter: @betweenbrain
Github: https://github.com/betweenbrain


________________________________
This transmission may contain information that is privileged, confidential, 
and/or exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
STRICTLY PROHIBITED. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, 
whether in electronic or hard copy format.

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to