Re: [mod-security-users] replace suhosin with mod_security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

limit GET and post works:
SecRule ARGS_GET "@gt 512" "t:length,id:'117',capture,phase:1,block,msg:'GET argument exceeds 512 chars'"
SecRule ARGS_POST "@gt 250000" "t:length,id:'118',capture,phase:2,block,msg:'POST argument exceeds 250000 chars'"

but not for COOKIE :-(
SecRule ARGS_COOKIE "@gt 10240" "t:length,id:'119',capture,phase:2,block,msg:'COOKIE argument exceeds 10240 chars'"

Am 06.07.2013 23:00, schrieb Reindl Harald:
> below two suhosin-warnings and the current settings
> since suhosin seems to be a dead project and in the best
> case the request should not come to the php-layer at
> all are there working rules to get the same as this
> suhosin-configuration with mod_security?
> 
> suhosin.get.max_vars                      = 50
> suhosin.get.max_name_length               = 64
> suhosin.get.max_array_depth               = 50
> suhosin.get.max_array_index_length        = 64
> suhosin.get.max_totalname_length          = 256
> suhosin.get.max_value_length              = 512
> suhosin.post.max_vars                     = 1000
> suhosin.post.max_name_length              = 64
> suhosin.post.max_array_depth              = 50
> suhosin.post.max_array_index_length       = 64
> suhosin.post.max_totalname_length         = 256
> suhosin.post.max_value_length             = 500000
> suhosin.request.max_vars                  = 1000
> suhosin.request.max_value_length          = 500000
> suhosin.cookie.max_array_depth            = 50
> suhosin.cookie.max_array_index_length     = 64
> suhosin.cookie.max_name_length            = 64
> suhosin.cookie.max_totalname_length       = 256
> suhosin.cookie.max_value_length           = 10000
> suhosin.cookie.max_vars                   = 100
> _________________________
> 
> Jul  6 19:58:05 [26273] ALERT - configured COOKIE variable limit exceeded - dropped variable 'PREF' (attacker
> '82.227.172.62', file '/www/index.php')
> 
> Jul  6 20:50:07 [23236] ALERT - configured request variable name length limit exceeded - dropped variable
> 'testeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee'
> (attacker '192.168.2.2', file '/www/index.php')