Re: [Owasp-modsecurity-core-rule-set] modsecurity-core-rule-set problem

Sat, 29 Jun 2013 09:50:47 -0700 

Hi. I have searched for pcre limits mod_security errors and setting up
those limits through php.ini and mod_security limits didn't work it.I don't
know where I read it but It seems a mod_security bugs in that version. I
hope someone can confirm it.

Kind regards,
El 29/06/2013 16:11, "Mikołaj Milej" <mikola...@gmail.com> escribió:

> Hi all!
>
> I've installed yesterday mod_security on my debian machine:
> libapache2-modsecurity 2.6.6-6+deb7u1
> and rules tagged as 2.2.5
>
> But there are tons of errors in Apache log:
>
> [Sat Jun 29 06:10:04 2013] [error] [client 157.158.66.216] ModSecurity:
> Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file
> "/etc/modsecurity/activated_**rules/modsecurity_crs_21_**protocol_anomalies.conf"]
>
> [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept
> Header"] [severity "CRITICAL"] [tag
> "PROTOCOL_VIOLATION/MISSING_**HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag
> "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "forum.mydomain"] [uri
> "/download/file.php"] [unique_id "Uc5eHJ2eQtgAAHbzG3sAAAFq"]
> (...)
> [Sat Jun 29 08:51:59 2013] [error] [client 83.10.190.85] ModSecurity:
> Rule 7fc4d6aab2b0 [id "950901"][file
> "/etc/modsecurity/activated_**rules/modsecurity_crs_41_sql_**injection_attacks.conf"][line
>
> "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname
> "redmine.mydomain"] [uri
> "/plugin_assets/redmine_**lightbox/images/blank.gif"] [unique_id
> "Uc6ED52eQtgAAHbrGl0AAAD0"]
>
> On google there are suggestions to increase pcre limit so I've set:
> SecPcreMatchLimit 150000
> SecPcreMatchLimitRecursion 150000
>
> but without any result (that logs are with increased limits).
> I want to get rid of this errors.
>
> Regards
> Mikołaj
> ______________________________**_________________
> Owasp-modsecurity-core-rule-**set mailing list
> Owasp-modsecurity-core-rule-**s...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org>
> https://lists.owasp.org/**mailman/listinfo/owasp-**
> modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set>
>

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to