Thread: [mod-security-users] Rule execution error - PCRE limits exceeded
Brought to you by:
victorhora,
zimmerletw
From: Michael W. <mwa...@co...> - 2010-05-25 16:47:54
|
I was trying to get a TRACE/TRACK block implemented this morning on a new server and for the life of me could not get it to work properly. Upon looking in the debug log I see thousands of these.. Rule execution error - PCRE limits exceeded What causes this and how can I squelch it. It seems to be breaking my WAF. Thanks Mike |
From: Ryan B. <rya...@br...> - 2010-05-25 16:57:28
|
On Tuesday 25 May 2010 12:47:45 Michael Warchut wrote: > I was trying to get a TRACE/TRACK block implemented this morning on a new > server and for the life of me could not get it to work properly. What is the exact rule you are testing? If you are using the CRS these request methods should already be flagged by rules in the 30 file. My guess is that you are writing a rule in phase:2 in which case comes too late in the Apache request cycle and Apache will handle it. If you place the rule in phase:1 it should work. > Upon > looking in the debug log I see thousands of these.. > > Rule execution error - PCRE limits exceeded > > What causes this and how can I squelch it. It seems to be breaking my WAF. > These are generated by the converted phpids filters and the errors will pop up based on the user input. You can either increase the SecPcreMatchLimit/SecPcreMatchLimitRecursion directive settings or comment out the specific phpids rules that are generating the errors. -Ryan > Thanks > > Mike > > > --------------------------------------------------------------------------- > --- > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html |
From: Michael W. <mwa...@co...> - 2010-05-25 17:20:34
|
I am running the CRS set. Odd that it is not stopping the scan from tagging that issue.. Ill have to do some research and figure it out. thanks Mike On May 25, 2010, at 9:57 AM, Ryan Barnett wrote: > On Tuesday 25 May 2010 12:47:45 Michael Warchut wrote: >> I was trying to get a TRACE/TRACK block implemented this morning on a new >> server and for the life of me could not get it to work properly. > > What is the exact rule you are testing? If you are using the CRS these request methods > should already be flagged by rules in the 30 file. My guess is that you are writing a rule > in phase:2 in which case comes too late in the Apache request cycle and Apache will handle > it. If you place the rule in phase:1 it should work. > >> Upon >> looking in the debug log I see thousands of these.. >> >> Rule execution error - PCRE limits exceeded >> >> What causes this and how can I squelch it. It seems to be breaking my WAF. >> > These are generated by the converted phpids filters and the errors will pop up based on the > user input. You can either increase the SecPcreMatchLimit/SecPcreMatchLimitRecursion > directive settings or comment out the specific phpids rules that are generating the errors. > > -Ryan > >> Thanks >> >> Mike >> >> >> --------------------------------------------------------------------------- >> --- >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Appliances, Rule Sets and Support: >> http://www.modsecurity.org/breach/index.html |