Ah. I read in the ModSecurity Handbook that I needed to add the PCRE limit lines, while they were actually already included farther down in the document all along, and set to 1000. But when I made that higher (according to the PCRE documentation the internal limit is 1 mil), I got another error (not the PCRE limit error) that I cannot find documented: “GUID_0.00”. Does anyone know what that means? Could it be an out of memory error or something?
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 From: Christian Folini<mailto:christian.fol...@netnea.com> Sent: Wednesday, April 27, 2016 11:50 PM To: Colin MacAllister<mailto:cmacallis...@probono.net> Cc: OWASP List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits exceeded (-8) On Wed, Apr 27, 2016 at 04:43:41PM +0000, Colin MacAllister wrote: > I’ve found references to this via Google searches, and the accepted > answer seems to be to increase the PCRE limits to 150000. This seems > unwise, since the limits must be there for a reason. Still, I tried > it, but it didn’t help. I’m receiving 19 errors of this type, all > either concerning XSS or SQL injection, for one URI. The URI in > question is in this form: > /base.cfm?404;/admin/framework.com.page/area.27D92FDF-4048-6285-EDC3-78593415F962 > (which has been heavily edited so as to not give away the farm.) There are production services where we had to push the limit to 500K (and it still happens occasionally). I ran some performance tests last year and I really could not see any significant difference in the behaviour. So I assumed it is safe to push this really high. Ahoj, Christian -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set