Hi all!
I've installed yesterday mod_security on my debian machine:
libapache2-modsecurity 2.6.6-6+deb7u1
and rules tagged as 2.2.5
But there are tons of errors in Apache log:
[Sat Jun 29 06:10:04 2013] [error] [client 157.158.66.216] ModSecurity:
Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file
"/etc/modsecurity/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept
Header"] [severity "CRITICAL"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "forum.mydomain"] [uri
"/download/file.php"] [unique_id "Uc5eHJ2eQtgAAHbzG3sAAAFq"]
(...)
[Sat Jun 29 08:51:59 2013] [error] [client 83.10.190.85] ModSecurity:
Rule 7fc4d6aab2b0 [id "950901"][file
"/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line
"77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname
"redmine.mydomain"] [uri
"/plugin_assets/redmine_lightbox/images/blank.gif"] [unique_id
"Uc6ED52eQtgAAHbrGl0AAAD0"]
On google there are suggestions to increase pcre limit so I've set:
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
but without any result (that logs are with increased limits).
I want to get rid of this errors.
Regards
Mikołaj
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set