Hi Ryan,
Is it a suitable fix to hard code a value in place of this numeric
operator. For example:
sed -i "s/%{tx.max_num_args}/255/g"
> /base_rules/modsecurity_crs_23_request_limits.conf
/base_rules/modsecurity_crs_23_request_limits.conf is the only place I see
it being used.
Thanks!
Best,
Matt Thomas
Founder betweenbrain <http://betweenbrain.com/>™
Lead Developer Construct Template Development
Framework<http://construct-framework.com/>
Phone: 203.632.9322
Twitter: @betweenbrain
Github: https://github.com/betweenbrain
On Fri, Feb 17, 2012 at 3:03 PM, Matt Thomas <m...@betweenbrain.com> wrote:
> Hi Ryan,
>
> Thanks! I was afraid that might be the root cause, but great to know where
> to focus my efforts.
>
> Best,
>
> Matt Thomas
> Founder betweenbrain <http://betweenbrain.com/>™
> Lead Developer Construct Template Development
> Framework<http://construct-framework.com/>
> Phone: 203.632.9322
> Twitter: @betweenbrain
> Github: https://github.com/betweenbrain
>
>
>
> On Fri, Feb 17, 2012 at 10:16 AM, Ryan Barnett <rbarn...@trustwave.com>wrote:
>
>> Hey Matt,
>> You need to be running at least mod_security v2.5.12 to get the macro
>> support for numeric operators.
>>
>> --
>> Ryan Barnett
>> Trustwave SpiderLabs
>> ModSecurity Project Leader
>> OWASP ModSecurity CRS Project Leader
>>
>> From: Matt Thomas <m...@betweenbrain.com<mailto:m...@betweenbrain.com>>
>> Date: Fri, 17 Feb 2012 09:08:06 -0600
>> To: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:
>> owasp-modsecurity-core-rule-set@lists.owasp.org>" <
>> owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:
>> owasp-modsecurity-core-rule-set@lists.owasp.org>>
>> Subject: [Owasp-modsecurity-core-rule-set] tx.max_num_args issue
>>
>> Hi Folks,
>>
>> I've recently started using the 2.2.3 ruleset with mod_security 2.5.11-1
>> (Ubuntu 10.04). I'm having an issue with with a standard Joomla 2.5.1
>> install triggering line 31 or
>> base_rules/modsecurity_crs_23_request_limits.conf "Too many arguments in
>> request". I'm using an unmodified version of
>> modsecurity_crs_10_config.conf. When I adjust max_num_args in
>> modsecurity_crs_10_config.conf, it doesn't seem to have any affect on the
>> above issue. I've tried anywhere from 1 to 400000. I am restarting Apache
>> between each change. But, if I comment out SecAction
>> "phase:1,id:'981211',t:none,nolog,pass,setvar:tx.max_num_args=255" the too
>> many arguments issue is resolved.
>>
>> It appears as if the numerical changes I am making to max_num_args aren't
>> being loaded. I'm not sure. Any ideas?
>>
>> Thanks in advance!
>>
>> Best,
>>
>> Matt Thomas
>> Founder betweenbrain<http://betweenbrain.com/>™
>> Lead Developer Construct Template Development Framework<
>> http://construct-framework.com/>
>> Phone: 203.632.9322<tel:203.632.9322>
>> Twitter: @betweenbrain
>> Github: https://github.com/betweenbrain
>>
>>
>> ________________________________
>> This transmission may contain information that is privileged,
>> confidential, and/or exempt from disclosure under applicable law. If you
>> are not the intended recipient, you are hereby notified that any
>> disclosure, copying, distribution, or use of the information contained
>> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
>> received this transmission in error, please immediately contact the sender
>> and destroy the material in its entirety, whether in electronic or hard
>> copy format.
>>
>>
>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
