Re: [mod-security-users] PCRE limits exceeded
Brought to you by:
victorhora,
zimmerletw
From: Breno S. <bre...@gm...> - 2012-01-16 15:46:33
|
Are you still setting SecPcreMatchLimit ? What is the value ? Thanks Breno On Mon, Jan 16, 2012 at 9:26 AM, Sean O'Sullivan <dit...@ho...>wrote: > Hi Breno > > Thanks for the explanation. I did the compile with the pcre options, make > && make install but its still happening. I have a log excerpt below. Once > I put the server back inline I got hundreds of the errors, all relating to > line 58 in the sqli rules, rule 950901. Is there something I'm missing? > Is this error disruptive, i.e. is the session killed when the error > happens? Thanks Breno. > > Message: Rule 7f70d2b9db20 [id "950901"][file > "/etc/apache2/modsecurity_crs/modsecurity_crs_41_sql_injection_attacks.conf"][line > "58"] - Execution error - PCRE limits exceeded (-8): (null). > > Sean > > ------------------------------ > Date: Mon, 16 Jan 2012 08:38:35 -0600 > Subject: Re: [mod-security-users] PCRE limits exceeded > From: bre...@gm... > To: dit...@ho... > CC: mod...@li... > > > Hi Sean, > > In modsec 2.6 we do not enable it by default. > > Try to compile : ./configure --enable-pcre-match-limit=10000 > --enable-pcre-match-limit-recursion=10000 > > Breno > > On Mon, Jan 16, 2012 at 8:21 AM, Sean O'Sullivan <dit...@ho...>wrote: > > Hi all, > > Sorry to bring this topic up again, its all over google, but I upgraded > modsec from 2.6 to 2.6.3 this morning and have been getting a lot of PCRE > limits exceeded errors with modsecurity_crs_41_sql_injection_attacks.conf > line 58. These were not happening before the upgrade. I am using the > 2.2.3 ruleset. I created a new file which contains the SecPcreMatchLimit > and SecPcreMatchLimitRecursion settings and no matter how large I create > the limits I am still see the errors. I have increased them from 5000 to > 1500000 (just for testing) and still see the errors. Am I missing > something else? Thanks in advance all. > > Sean > > > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Mar 27 - Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev2 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Mar 27 - Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev2 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |