Re: [mod-security-users] SecRuleEngine DetectionOnly - but stillreceiving HTTP 500
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2008-02-25 18:06:41
|
The SecRuleEngine setting only applies to actual rules (SecRule xxx) and the reason that this is being rejected is not due to a rule but the SecResponseBodyLimit directive setting - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.0/modsec urity2-apache-reference.html#N10871 If you use 2.5, then you can use the SecResponseBodyLimitAction setting to help - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.0/modsec urity2-apache-reference.html#N1089C ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Nathen Harvey Sent: Monday, February 25, 2008 12:15 PM To: mod...@li... Subject: [mod-security-users] SecRuleEngine DetectionOnly - but stillreceiving HTTP 500 I have mod_security set monitoring only: SecRuleEngine DetectionOnly However, I am receiving a 500 error when the content-length of a response is over the limit. Here's the message from the apache log: [Mon Feb 18 15:48:23 2008] [error] [client nnn.nnn.nnn.nnn] ModSecurity: Output filter: Content-Length (524981) over the limit (524288). [hostname "www.example.com"] [uri "/users?letter=J"] [unique_id "twgVMEPkJoIAAHFY2McAAAAL"] Why is mod_security preventing a response when the SecRuleEngine is set to DetectionOnly? -Nathen |