On Wed, Apr 27, 2016 at 04:43:41PM +0000, Colin MacAllister wrote: > I’ve found references to this via Google searches, and the accepted > answer seems to be to increase the PCRE limits to 150000. This seems > unwise, since the limits must be there for a reason. Still, I tried > it, but it didn’t help. I’m receiving 19 errors of this type, all > either concerning XSS or SQL injection, for one URI. The URI in > question is in this form: > /base.cfm?404;/admin/framework.com.page/area.27D92FDF-4048-6285-EDC3-78593415F962 > (which has been heavily edited so as to not give away the farm.)
There are production services where we had to push the limit to 500K (and it still happens occasionally). I ran some performance tests last year and I really could not see any significant difference in the behaviour. So I assumed it is safe to push this really high. Ahoj, Christian -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
