Came through just fine. Thank you very much. Christian
On Fri, Apr 29, 2016 at 06:53:58PM +0000, Colin MacAllister wrote: > I cleaned 'em up a little so as not to give away the farm. > > Testing to see if these text conf files come through the listserv as > attachments. > > -----Original Message----- > From: Christian Folini [mailto:christian.fol...@netnea.com] > Sent: Friday, April 29, 2016 2:28 PM > To: Colin MacAllister <cmacallis...@probono.net> > Cc: Christian Folini <christian.fol...@netnea.com>; OWASP List > <owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits > exceeded (-8) > > Colin, > > Would you mind sharing your complete ModSec configuration and ruleset with > us? Together with some payloads. This could be very interesting for testing > purposes. And debugging that annoying limit problem. > > Ahoj, > > Christian > > On Fri, Apr 29, 2016 at 04:13:38PM +0000, Colin MacAllister wrote: > > I played around some more with it and was able to get it to the point where > > it was no longer giving me GUID_0.00 errors. I weeded out all rules on that > > XML carrying field to avoid the PCRE limit problem (as well as obvious XSS > > rules). And now everything is working, and I'm able to keep my recursion > > limits to 1000. In this case it's okay, I believe, because the XML field is > > only viewable by admins. So the problem wasn't really solved, but I can > > proceed. > > > > -----Original Message----- > > From: Christian Folini [mailto:christian.fol...@netnea.com] > > Sent: Wednesday, April 27, 2016 11:47 PM > > To: Colin MacAllister <cmacallis...@probono.net> > > Cc: OWASP List <owasp-modsecurity-core-rule-set@lists.owasp.org> > > Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - PCRE > > limits exceeded (-8) > > > > Hi Colin, > > > > Yes, that was when the move from sourceforge to github was done. When I > > asked Ryan for the old history files, I never got a reply. > > > > Ahoj, > > > > Christian > > > > On Wed, Apr 27, 2016 at 07:32:08PM +0000, Colin MacAllister wrote: > > > >From the Changelog it looks like this kind of work was done for version > > > >2.2.4. However, I don’t see that tag in Git – did this use to be in > > > >SourceForge or someplace? > > > > > > Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for > > > Windows 10 > > > > > > From: Chaim Sanders<mailto:csand...@trustwave.com> > > > Sent: Wednesday, April 27, 2016 2:14 PM > > > To: Colin MacAllister<mailto:cmacallis...@probono.net>; OWASP > > > List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> > > > Subject: RE: [Owasp-modsecurity-core-rule-set] Execution error - > > > PCRE limits exceeded (-8) > > > > > > That isn’t a bad idea – Do you have a link to the old ticket/work? > > > Additionally, we should very much consider this maybe for 3.1? > > > > > > Chaim Sanders > > > Security Researcher > > > Trustwave | SMART SECURITY ON DEMAND > > > www.trustwave.com<http://www.trustwave.com/> > > > > > > From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org > > > [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On > > > Behalf Of Colin MacAllister > > > Sent: Wednesday, April 27, 2016 12:49 PM > > > To: OWASP List <owasp-modsecurity-core-rule-set@lists.owasp.org> > > > Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - > > > PCRE limits exceeded (-8) > > > > > > It looks like at one point in the past the regular expressions in the > > > ruleset were edited to reduce their greed, which resulted in fewer > > > recursive passes over the input. Might something like this be needed > > > here, given recently added rules? > > > > > > Sent from > > > Mail<http://scanmail.trustwave.com/?c=4062&d=k_qg14s7bHUZdVlLt3BdEb2 > > > Rv > > > mdZQNJ64vk1i3wVAA&s=5&u=https%3a%2f%2fgo%2emicrosoft%2ecom%2ffwlink% > > > 2f > > > %3fLinkId%3d550986> for Windows 10 > > > > > > From: Colin MacAllister<mailto:cmacallis...@probono.net> > > > Sent: Wednesday, April 27, 2016 12:43 PM > > > To: OWASP > > > List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> > > > Subject: Execution error - PCRE limits exceeded (-8) > > > > > > I’ve found references to this via Google searches, and the accepted > > > answer seems to be to increase the PCRE limits to 150000. This seems > > > unwise, since the limits must be there for a reason. Still, I tried > > > it, but it didn’t help. I’m receiving 19 errors of this type, all > > > either concerning XSS or SQL injection, for one URI. The URI in > > > question is in this form: > > > /base.cfm?404;/admin/framework.com.page/area.27D92FDF-4048-6285-EDC3 > > > -7 > > > 8593415F962 (which has been heavily edited so as to not give away > > > the > > > farm.) > > > > > > Sent from > > > Mail<http://scanmail.trustwave.com/?c=4062&d=k_qg14s7bHUZdVlLt3BdEb2 > > > Rv > > > mdZQNJ64vk1i3wVAA&s=5&u=https%3a%2f%2fgo%2emicrosoft%2ecom%2ffwlink% > > > 2f > > > %3fLinkId%3d550986> for Windows 10 > > > > > > > > > ________________________________ > > > > > > This transmission may contain information that is privileged, > > > confidential, and/or exempt from disclosure under applicable law. If you > > > are not the intended recipient, you are hereby notified that any > > > disclosure, copying, distribution, or use of the information contained > > > herein (including any reliance thereon) is strictly prohibited. If you > > > received this transmission in error, please immediately contact the > > > sender and destroy the material in its entirety, whether in electronic or > > > hard copy format. > > > > > _______________________________________________ > > > Owasp-modsecurity-core-rule-set mailing list > > > Owasp-modsecurity-core-rule-set@lists.owasp.org > > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule > > > -s > > > et > > > > > > -- > > mailto:christian.fol...@netnea.com > > http://www.christian-folini.ch > > twitter: @ChrFolini > > _______________________________________________ > > Owasp-modsecurity-core-rule-set mailing list > > Owasp-modsecurity-core-rule-set@lists.owasp.org > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set