From: Premen <pre...@vox.com.my<mailto:pre...@vox.com.my>> Date: Monday, April 29, 2013 10:50 PM To: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: [Owasp-modsecurity-core-rule-set] ModSecurity Error persist at /var/log/httpd/error_log
Hi, I have reported to ModSecurity Team. They ask me to relate the issue to your side. I having issues in for the ModSecurity 2.6.6 and modsecurity-crs.2.2.5. I getting this error at /var/log/httpd/error_log [Mon Apr 29 11:53:07 2013] [error] [client x.x.x.x] ModSecurity: Rule 1cd7c28 [id "950901"][file "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.test.com<http://www.test.com>"] [unique_id "UX3uo9rQFyUAAGmGCT4AAAAD"] [Mon Apr 29 11:53:07 2013] [error] [client x.x.x.x] ModSecurity: Access denied with code 403 (phase 2). Match of "streq 0" against "TX:MSC_PCRE_LIMITS_EXCEEDED" required. [file "/etc/httpd/conf.d/modsecurity.conf"] [line "93"] [msg "ModSecurity internal error flagged: I have already added SecPcreMatchLimit 150000 SecPcreMatchLimitRecursion 150000 and restart the httpd Still the same. Please help. Googling around doesn't really solve the problem Its running Centos 6.3. Do assist me thank you Premen, We have updated many regexes for greediness (which is what is typically triggering the PCRE recussion alerts). I would suggest you upgrade your CRS to the latest version 2.2.7. Do keep in mind, however, that 2.2.7 requires ModSecurity 2.7.x. -Ryan ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
