Re: [mod-security-users] SecRuleEngine DetectionOnly - but stillreceiving HTTP 500
Brought to you by:
victorhora,
zimmerletw
From: Nathen H. <na...@vi...> - 2008-02-25 18:26:43
|
But are there other directives that I'd also need to set to ProcessPartial or will this plus SecRuleEngine prevent mod_security from actually blocking any requests? I want mod_security to log exceptions but never block a request. Ryan Barnett wrote: > > Yes, if you are using 2.5, you can update the > SecResponseBodyLimitAction setting to ProcessPartial to only log the > portion of the response body up to the limit you specified in the > SecResponseBodyLimit directive and it will then let the response go > through. > > > > If you can't use 2.5, then you need to increase the > SecResponseBodyLimit directive to a larger value. If you look at the > error_log message you provided below, you can see the actual response > body size (524981) was slightly over the limit set (524228). > > > > ------------------------------------------------------------------------ > > *From:* Nathen Harvey [mailto:na...@vi...] > *Sent:* Monday, February 25, 2008 1:17 PM > *To:* Ryan Barnett > *Cc:* mod...@li... > *Subject:* Re: [mod-security-users] SecRuleEngine DetectionOnly - but > stillreceiving HTTP 500 > > > > So it's a directive not a rule...is there anyway to tell mod_security > to detect and log only ...don't ever stop a request from being processed? > > I'd like to run with mod_security and figure out what it would prevent > before enabling it in my application. > > -Nathen > > Ryan Barnett wrote: > > The SecRuleEngine setting only applies to actual rules (SecRule xxx) > and the reason that this is being rejected is not due to a rule but > the SecResponseBodyLimit directive setting - > http://www.modsecurity.org/documentation/modsecurity-apache/2.5.0/modsecurity2-apache-reference.html#N10871 > > > > If you use 2.5, then you can use the SecResponseBodyLimitAction > setting to help - > http://www.modsecurity.org/documentation/modsecurity-apache/2.5.0/modsecurity2-apache-reference.html#N1089C > > > > > > ------------------------------------------------------------------------ > > *From:* mod...@li... > <mailto:mod...@li...> > [mailto:mod...@li...] *On Behalf > Of *Nathen Harvey > *Sent:* Monday, February 25, 2008 12:15 PM > *To:* mod...@li... > <mailto:mod...@li...> > *Subject:* [mod-security-users] SecRuleEngine DetectionOnly - but > stillreceiving HTTP 500 > > > > I have mod_security set monitoring only: > > SecRuleEngine DetectionOnly > > However, I am receiving a 500 error when the content-length of a > response is over the limit. > > Here's the message from the apache log: > > [Mon Feb 18 15:48:23 2008] [error] [client nnn.nnn.nnn.nnn] > ModSecurity: Output filter: Content-Length (524981) over the limit > (524288). [hostname "www.example.com <http://www.example.com>"] [uri > "/users?letter=J"] [unique_id "twgVMEPkJoIAAHFY2McAAAAL"] > > Why is mod_security preventing a response when the SecRuleEngine is > set to DetectionOnly? > > > -Nathen > > > > > > -- > > *Nathen Harvey* > Senior Director, Customer Support > > Check Out My VisualCV <http://www.visualcv.com/nathenharvey> > > > *VisualCV* > 11951 Freedom Drive > Suite 1300 > Reston, VA 20190 > > M: 202.368.7264 > O: 703.251.4481 > F: 703.251.4440 > na...@vi... <mailto:na...@vi...> > > *www.VisualCV.com* <http://www.visualcv.com> > -- Nathen Harvey Senior Director, Customer Support Check Out My VisualCV <http://www.visualcv.com/nathenharvey> VisualCV 11951 Freedom Drive Suite 1300 Reston, VA 20190 M: 202.368.7264 O: 703.251.4481 F: 703.251.4440 na...@vi... <mailto:na...@vi...> www.VisualCV.com <http://www.visualcv.com> |