Re: [mod-security-users] SecArgumentsLimit Equivalent for XML Processing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecArgumentsLimit Equivalent for XML Processing
|
From: Srikanth A. <sri...@go...> - 2021-12-24 13:01:08
|
Hi Christian, Thanks for getting back to me so quickly. Yes, SecArgumentsLimit is a Modsec keyword in V3. This allows to restrict the rule apply to quantity specified in SecArgumentsLimit. We had some performance considerations in the past, when, json payload has high depth cardinality of list. Rule id 942460 (Metacharacter search on non-alphanumberic characters \W) spends lot of time. There has also been some discussions on this SecArgumentsLimit on https://github.com/SpiderLabs/ModSecurity/pull/2234 This woks fantastic for JSON based payload. To be more precise, including a value of SecArgumentsLimit allows to process partial set of payload, rather than the whole file. We couldnt apply the same for the XML payload is the concern I have raised in this forum. Kind Regards Srikanth Arunachalam On Thu, Dec 23, 2021 at 11:01 PM Christian Folini < chr...@ne...> wrote: > Hey Srikanth, > > I'm not familia with SecArgumentsLimit. Is it a v3 directive? > > What do you want it to do exactly with your XML payload? > > Best, > > Christian Folini > > On Thu, Dec 23, 2021 at 04:43:56PM +0000, Srikanth Arunachalam via > mod-security-users wrote: > > Hi > > > > We have a not very large XML payload (3mb) with tags including > > multiple entries separated with comma. > > > > When I remove the comma separation the WAF process takes about 14sec > to > > complete. > > When I include the comma separation lists in XML tag, it complex in 29 > > seconds. > > > > Had this been a json payload, I would have used SecArgumentsLimit. It has > > not been effective in XML. > > > > Any sooner suggestion/response would be appreciated. > > > > Kind Regards > > Srikanth Arunachalam > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
