>From the Changelog it looks like this kind of work was done for version 2.2.4. >However, I don’t see that tag in Git – did this use to be in SourceForge or >someplace?
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 From: Chaim Sanders<mailto:csand...@trustwave.com> Sent: Wednesday, April 27, 2016 2:14 PM To: Colin MacAllister<mailto:cmacallis...@probono.net>; OWASP List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> Subject: RE: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits exceeded (-8) That isn’t a bad idea – Do you have a link to the old ticket/work? Additionally, we should very much consider this maybe for 3.1? Chaim Sanders Security Researcher Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of Colin MacAllister Sent: Wednesday, April 27, 2016 12:49 PM To: OWASP List <owasp-modsecurity-core-rule-set@lists.owasp.org> Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits exceeded (-8) It looks like at one point in the past the regular expressions in the ruleset were edited to reduce their greed, which resulted in fewer recursive passes over the input. Might something like this be needed here, given recently added rules? Sent from Mail<http://scanmail.trustwave.com/?c=4062&d=k_qg14s7bHUZdVlLt3BdEb2RvmdZQNJ64vk1i3wVAA&s=5&u=https%3a%2f%2fgo%2emicrosoft%2ecom%2ffwlink%2f%3fLinkId%3d550986> for Windows 10 From: Colin MacAllister<mailto:cmacallis...@probono.net> Sent: Wednesday, April 27, 2016 12:43 PM To: OWASP List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> Subject: Execution error - PCRE limits exceeded (-8) I’ve found references to this via Google searches, and the accepted answer seems to be to increase the PCRE limits to 150000. This seems unwise, since the limits must be there for a reason. Still, I tried it, but it didn’t help. I’m receiving 19 errors of this type, all either concerning XSS or SQL injection, for one URI. The URI in question is in this form: /base.cfm?404;/admin/framework.com.page/area.27D92FDF-4048-6285-EDC3-78593415F962 (which has been heavily edited so as to not give away the farm.) Sent from Mail<http://scanmail.trustwave.com/?c=4062&d=k_qg14s7bHUZdVlLt3BdEb2RvmdZQNJ64vk1i3wVAA&s=5&u=https%3a%2f%2fgo%2emicrosoft%2ecom%2ffwlink%2f%3fLinkId%3d550986> for Windows 10 ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
