[mod-security-users] question about PCRE limits exceeded
Brought to you by:
victorhora,
zimmerletw
From: Ed G. <Ed....@mr...> - 2021-02-17 13:32:11
|
So I've read about PCRE limits exceeded and understand what causes it, but my question is a followon... If my system is not in Detection Only mode, what sort of result should I get for one of these? IN rule violations, each rule has it's own status: specification. This is not a rule violation, so where would I find a specification for the error it gets. I have a few sample violations that show a 200 return. (See Below) So I'm not sure if modsec is actually interrupting the submission or if they are succeeding with less (or no) inspection. In the sample below, it also references a rule 218601 which ruby on rails related, but that's something I should ask about the ruleset, I guess. (this is not a ruby site.) Thanks, Ed --bec61605-F-- HTTP/1.1 200 OK Cache-Control: no-cache, private ... X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN WebNode: ip-172-31-75-176 Keep-Alive: timeout=4, max=50 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: application/json --bec61605-H-- Message: Rule 55af32f5a1d0 [id "218601"][file "/etc/httpd/cwafrules/25_ROR_RORGen.conf"][line "17"] - Execution error - PCRE limits exceeded (-8): (null). Message: Rule 55af32f63be0 [id "218602"][file "/etc/httpd/cwafrules/25_ROR_RORGen.conf"][line "20"] - Execution error - PCRE limits exceeded (-8): (null). Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client xx.xx.xx.xx] ModSecurity: Rule 55af32f5a1d0 [id "218601"][file "/etc/httpd/cwafrules/25_ROR_RORGen.conf"][line "17"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "xxxxx.xxxxx.com"] [uri "/application-collection"] [unique_id "YCQ6RSCbkGR@Nn7yBu3EpQAAAA0"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client xx.xx.xx.xx] ModSecurity: Rule 55af32f63be0 [id "218602"][file "/etc/httpd/cwafrules/25_ROR_RORGen.conf"][line "20"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "xxxxx.xxxxx.com"] [uri "/application-collection"] [unique_id "YCQ6RSCbkGR@Nn7yBu3EpQAAAA0"] Apache-Handler: proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost Stopwatch: 1612986949727839 337602 (- - -) Stopwatch2: 1612986949727839 337602; combined=10395, p1=502, p2=9645, p3=0, p4=0, p5=188, sr=82, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" This electronic message transmission contains information from MRI Software LLC which is (i) confidential; or (ii) otherwise the exclusive property of the intended recipient or MRI Software LLC (neither of which is waived nor lost by mistaken delivery). This information is intended for the use of the individual or entity that is the intended recipient. If you are not the designated recipient, please be aware that any dissemination, distribution or copying of this communication is strictly prohibited. Please notify us if you have received this message in error, and remove both emails from your system. Any unauthorized use is expressly prohibited. Thank you for your assistance. |