Re: [mod-security-users] limit get variable length?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Am 30.03.2013 15:44, schrieb Ryan Barnett:
> On Mar 30, 2013, at 10:37 AM, Reindl Harald <h.r...@th...> wrote:
>> has somebody a rule to limit the length of get-values to the
>> same 512 like suhosin to kiss this stupid bingbot goodbye
>> with a 400/403 instead a 200 status-code?
>>
>> Mar 30 13:22:56 [8257] ALERT - configured GET variable value length limit exceeded - dropped variable 'pal_term'
>> (attacker '157.55.36.49', file '*******/index.php')
>> _____________________________
>>
>> ** snip **
> 
> SecRules ARGS_GET "@gt 512" "t:length"

PERFECT - THANK YOU!

[Sat Mar 30 15:52:47.917028 2013] [:error] [pid 6895] [client 192.168.2.2] ModSecurity: Access denied with code 400
(phase 1). Operator GT matched 500 at ARGS_GET:term. [file
"/etc/httpd/modsecurity.d/modsecurity_99_local_rules.conf"] [line "199"] [id "117"] [msg "argument exceeds 500
chars"] [hostname "www.rhsoft.net"] [uri "/show_content.php"] [unique_id "UVb8P8CoAgIAABrv5@AAAAAC"]

# 30.03.2013
SecRule ARGS_GET "@gt 500" "t:length,id:'117',capture,phase:1,block,msg:'argument exceeds 500 chars'"