Re: [mod-security-users] replace suhosin with mod_security
Brought to you by:
victorhora,
zimmerletw
From: Reindl H. <h.r...@th...> - 2013-07-06 21:26:44
|
limit GET and post works: SecRule ARGS_GET "@gt 512" "t:length,id:'117',capture,phase:1,block,msg:'GET argument exceeds 512 chars'" SecRule ARGS_POST "@gt 250000" "t:length,id:'118',capture,phase:2,block,msg:'POST argument exceeds 250000 chars'" but not for COOKIE :-( SecRule ARGS_COOKIE "@gt 10240" "t:length,id:'119',capture,phase:2,block,msg:'COOKIE argument exceeds 10240 chars'" Am 06.07.2013 23:00, schrieb Reindl Harald: > below two suhosin-warnings and the current settings > since suhosin seems to be a dead project and in the best > case the request should not come to the php-layer at > all are there working rules to get the same as this > suhosin-configuration with mod_security? > > suhosin.get.max_vars = 50 > suhosin.get.max_name_length = 64 > suhosin.get.max_array_depth = 50 > suhosin.get.max_array_index_length = 64 > suhosin.get.max_totalname_length = 256 > suhosin.get.max_value_length = 512 > suhosin.post.max_vars = 1000 > suhosin.post.max_name_length = 64 > suhosin.post.max_array_depth = 50 > suhosin.post.max_array_index_length = 64 > suhosin.post.max_totalname_length = 256 > suhosin.post.max_value_length = 500000 > suhosin.request.max_vars = 1000 > suhosin.request.max_value_length = 500000 > suhosin.cookie.max_array_depth = 50 > suhosin.cookie.max_array_index_length = 64 > suhosin.cookie.max_name_length = 64 > suhosin.cookie.max_totalname_length = 256 > suhosin.cookie.max_value_length = 10000 > suhosin.cookie.max_vars = 100 > _________________________ > > Jul 6 19:58:05 [26273] ALERT - configured COOKIE variable limit exceeded - dropped variable 'PREF' (attacker > '82.227.172.62', file '/www/index.php') > > Jul 6 20:50:07 [23236] ALERT - configured request variable name length limit exceeded - dropped variable > 'testeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee' > (attacker '192.168.2.2', file '/www/index.php') |