[mod-security-users] Problem using directive SecRequestBodyLimit
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Problem using directive SecRequestBodyLimit
|
From: Schäfer, M. <Mar...@un...> - 2017-02-28 16:23:46
|
Hi I have a problem using directive SecRequestBodyLimit with SecRequestBodyLimitAction ProcessPartial". I set SecRequestBodyLimit on server scope and use ProcessPartial as follows: SecRequestBodyLimit 65536 SecRequestBodyLimitAction ProcessPartial Now I would expect that for requests > 65536 only the first 64k are inspected but still processed normally. But when I do an upload > 65536 I see the following log message: ModSecurity: Request body (Content-Length) is larger than the configured limit (65536) And it seems that the variable REQBODY_ERROR is set to signal a parse error. This then triggers rule 920130 of CRS3 which reports it as a critical error: ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/var/lib/usp/hsp/hts/modsecurity-rules/owasp-crs/3.0.0/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "145"] [id "920130"] [rev "1"] [msg "Failed to parse request body."] I would have expected this behavior when using "SecRequestBodyLimitAction Reject", but not with "SecRequestBodyLimitAction ProcessPartial" Is this a bug or did I misunderstand the behavior of "SecRequestBodyLimitAction ProcessPartial"? How can I define a SecRequestBodyLimit without causing a score/block? Any help is appreciated. Cheers Martin |
