Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
From: Ryan Barnett <Ryan.B<arnett@br...> - 2009-02-19 20:55:10
The SecRuleEngine controls the disruptive action capability of SecRule entries. The error message you received was from the SecResponseBodyLimit directive setting. This is enforcing an upperlimit threshold on the size of the response body (also factorung in the Mime-Types).
You should add in SecResponseBodlyLimitAction ProcessPartial if you don't want to block on this directive setting. It will instead only copy part of the data into memory for inspection.
Ryan C. Barnett
Director of Application Security Research
Breach Security, Inc.
----- Original Message -----
From: Walt Williams <walt.williams@...>
To: mod-security-users@... <mod-security-users@...>
Sent: Thu Feb 19 15:22:32 2009
Subject: [mod-security-users] Odd behavior in mod_security2 when secruleengine=off
We turned the SecRuleEngine on detect only for a apache directory.
Recently, when a user was downloading a 7.5 MB file from that
directory, we got the following apache error message:
[Thu Feb 19 14:43:26 2009] [error] [client 220.127.116.11]
ModSecurity: Output filter: Content-Length (20616730) over the limit
(1572864). [hostname "host"] [uri "/jbosslogs/server.log"] [unique_id
Why would modsecurity still be filtering on content length?
This is how we turned off the SecRuleEngine in apache's httpd.conf:
Walt Williams, CISSP, SSCP
Ergo inimicus vobis factus sum, verum dicens vobis?
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
mod-security-users mailing list
Commercial ModSecurity Appliances, Rule Sets and Support: