Re: [mod-security-users] Problem using directive SecRequestBodyLimit
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem using directive SecRequestBodyLimit
|
From: Reindl H. <h.r...@th...> - 2017-02-28 17:00:06
|
Am 28.02.2017 um 17:08 schrieb Schäfer, Martin <Mar...@un...>: > I have a problem using directive SecRequestBodyLimit with SecRequestBodyLimitAction ProcessPartial". I set SecRequestBodyLimit on server scope and use ProcessPartial as follows: > > SecRequestBodyLimit 65536 > SecRequestBodyLimitAction ProcessPartial > > Now I would expect that for requests > 65536 only the first 64k are inspected but still processed normally. But when I do an upload > 65536 I see the following log message: > > ModSecurity: Request body (Content-Length) is larger than the configured limit (65536) > > And it seems that the variable REQBODY_ERROR is set to signal a parse error. This then triggers rule 920130 of CRS3 which reports it as a critical error: > > ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/var/lib/usp/hsp/hts/modsecurity-rules/owasp-crs/3.0.0/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "145"] [id "920130"] [rev "1"] [msg "Failed to parse request body."] > > I would have expected this behavior when using "SecRequestBodyLimitAction Reject", but not with "SecRequestBodyLimitAction ProcessPartial" > > Is this a bug or did I misunderstand the behavior of "SecRequestBodyLimitAction ProcessPartial"? How can I define a SecRequestBodyLimit without causing a score/block? typing "modsecurity ProcessPartial" in Google leads to https://github.com/SpiderLabs/ModSecurity/issues/589 as first hit and also https://github.com/SpiderLabs/ModSecurity/issues/705 as many people you don't mention your software versions |
