[Modsecurity]
SecRequestBodyInMemoryLimit does not respond on changes and diff
to find a rule based on regexp
Lezgin Bakircioglu
lerra82 at gmail.com
Tue Aug 14 10:01:12 EDT 2007
I have difficulties to locate the rule that generates this
false-positive (no "id" and did not get any hits by searching rule file
for the pattern match) for my php application:
[13/Aug/2007:20:45:58 +0200]
[www.xxx.xxx/sid#691d20][rid#8f25f8][/xxxxxx.php][2] Warning. Pattern
match "\\%(?!$|\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:xxxx.
Another wierd problem i have is this false-positive that i get when i
upload one specific file.
[Fri Aug 10 21:56:32 2007] [error] [client 127.0.0.1] ModSecurity:
Request body is larger than the configured limit (134217728). [hostname
"www.xxxx.xxx"] [uri "/xxxxxx.php"] [unique_id "xY87X1hQBsUAACf7hcwAAAAA"]
I have locate the problem to the variable "SecRequestBodyInMemoryLimit"
that was set to 131072 (134217728/1024) but when i raise the value
nothing happends (restarted apache2), even the same error with the same
number with in (). Anybody that have had the same problem?
I am using Mod security 2.1.1, apache 2 on Debian etch and core rules
from mod security. Any help to get? I tried to solv this for 2 days now
and i cant do anything more then ask for help because I'm out of ideas
(or i may be blind)..
--
MVH
Lezgin Bakircioglu
More information about the Modsecurity
mailing list