Ah. I read in the ModSecurity Handbook that I needed to add the PCRE limit 
lines, while they were actually already included farther down in the document 
all along, and set to 1000. But when I made that higher (according to the PCRE 
documentation the internal limit is 1 mil), I got another error (not the PCRE 
limit error) that I cannot find documented: “GUID_0.00”. Does anyone know what 
that means? Could it be an out of memory error or something?



Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10



From: Christian Folini<mailto:christian.fol...@netnea.com>
Sent: Wednesday, April 27, 2016 11:50 PM
To: Colin MacAllister<mailto:cmacallis...@probono.net>
Cc: OWASP List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>
Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits 
exceeded (-8)



On Wed, Apr 27, 2016 at 04:43:41PM +0000, Colin MacAllister wrote:
> I’ve found references to this via Google searches, and the accepted
> answer seems to be to increase the PCRE limits to 150000. This seems
> unwise, since the limits must be there for a reason. Still, I tried
> it, but it didn’t help. I’m receiving 19 errors of this type, all
> either concerning XSS or SQL injection, for one URI. The URI in
> question is in this form:
> /base.cfm?404;/admin/framework.com.page/area.27D92FDF-4048-6285-EDC3-78593415F962
> (which has been heavily edited so as to not give away the farm.)


There are production services where we had to push the limit to
500K (and it still happens occasionally). I ran some performance tests
last year and I really could not see any significant difference
in the behaviour. So I assumed it is safe to push this really high.

Ahoj,

Christian



--
mailto:christian.fol...@netnea.com
http://www.christian-folini.ch
twitter: @ChrFolini
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to