[Modsecurity] SecRequestBodyInMemoryLimit does not respond on
changes and diff to find a rule based on regexp
Lezgin Bakircioglu
lerra82 at gmail.com
Tue Aug 14 14:51:21 EDT 2007
Sorry, the breach core rules. I got an private mail that i was told that
gotroot and breach is not the same mailinglist. I did not know that they
where separated and thought that gotroot mailinglist was the only way to
communicate with modsecurity developer.
MVH
Lezgin Bakircioglu
Michael Shinn skrev:
> Are you using the gotroot rules, or the breach core rules?
>
> On Tue, 2007-08-14 at 16:01 +0200, Lezgin Bakircioglu wrote:
>> I have difficulties to locate the rule that generates this
>> false-positive (no "id" and did not get any hits by searching rule file
>> for the pattern match) for my php application:
>> [13/Aug/2007:20:45:58 +0200]
>> [www.xxx.xxx/sid#691d20][rid#8f25f8][/xxxxxx.php][2] Warning. Pattern
>> match "\\%(?!$|\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:xxxx.
>>
>>
>> Another wierd problem i have is this false-positive that i get when i
>> upload one specific file.
>> [Fri Aug 10 21:56:32 2007] [error] [client 127.0.0.1] ModSecurity:
>> Request body is larger than the configured limit (134217728). [hostname
>> "www.xxxx.xxx"] [uri "/xxxxxx.php"] [unique_id "xY87X1hQBsUAACf7hcwAAAAA"]
>>
>> I have locate the problem to the variable "SecRequestBodyInMemoryLimit"
>> that was set to 131072 (134217728/1024) but when i raise the value
>> nothing happends (restarted apache2), even the same error with the same
>> number with in (). Anybody that have had the same problem?
>>
>> I am using Mod security 2.1.1, apache 2 on Debian etch and core rules
>> from mod security. Any help to get? I tried to solv this for 2 days now
>> and i cant do anything more then ask for help because I'm out of ideas
>> (or i may be blind)..
>>
More information about the Modsecurity
mailing list