Thread: [mod-security-users] SecArgumentsLimit Equivalent for XML Processing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Srikanth A. <sri...@go...> - 2021-12-23 16:51:51
|
Hi
We have a not very large XML payload (3mb) with tags including
multiple entries separated with comma.
When I remove the comma separation the WAF process takes about 14sec to
complete.
When I include the comma separation lists in XML tag, it complex in 29
seconds.
Had this been a json payload, I would have used SecArgumentsLimit. It has
not been effective in XML.
Any sooner suggestion/response would be appreciated.
Kind Regards
Srikanth Arunachalam
|
|
From: Christian F. <chr...@ne...> - 2021-12-23 22:58:03
|
Hey Srikanth, I'm not familia with SecArgumentsLimit. Is it a v3 directive? What do you want it to do exactly with your XML payload? Best, Christian Folini On Thu, Dec 23, 2021 at 04:43:56PM +0000, Srikanth Arunachalam via mod-security-users wrote: > Hi > > We have a not very large XML payload (3mb) with tags including > multiple entries separated with comma. > > When I remove the comma separation the WAF process takes about 14sec to > complete. > When I include the comma separation lists in XML tag, it complex in 29 > seconds. > > Had this been a json payload, I would have used SecArgumentsLimit. It has > not been effective in XML. > > Any sooner suggestion/response would be appreciated. > > Kind Regards > Srikanth Arunachalam > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Srikanth A. <sri...@go...> - 2021-12-24 13:01:08
|
Hi Christian, Thanks for getting back to me so quickly. Yes, SecArgumentsLimit is a Modsec keyword in V3. This allows to restrict the rule apply to quantity specified in SecArgumentsLimit. We had some performance considerations in the past, when, json payload has high depth cardinality of list. Rule id 942460 (Metacharacter search on non-alphanumberic characters \W) spends lot of time. There has also been some discussions on this SecArgumentsLimit on https://github.com/SpiderLabs/ModSecurity/pull/2234 This woks fantastic for JSON based payload. To be more precise, including a value of SecArgumentsLimit allows to process partial set of payload, rather than the whole file. We couldnt apply the same for the XML payload is the concern I have raised in this forum. Kind Regards Srikanth Arunachalam On Thu, Dec 23, 2021 at 11:01 PM Christian Folini < chr...@ne...> wrote: > Hey Srikanth, > > I'm not familia with SecArgumentsLimit. Is it a v3 directive? > > What do you want it to do exactly with your XML payload? > > Best, > > Christian Folini > > On Thu, Dec 23, 2021 at 04:43:56PM +0000, Srikanth Arunachalam via > mod-security-users wrote: > > Hi > > > > We have a not very large XML payload (3mb) with tags including > > multiple entries separated with comma. > > > > When I remove the comma separation the WAF process takes about 14sec > to > > complete. > > When I include the comma separation lists in XML tag, it complex in 29 > > seconds. > > > > Had this been a json payload, I would have used SecArgumentsLimit. It has > > not been effective in XML. > > > > Any sooner suggestion/response would be appreciated. > > > > Kind Regards > > Srikanth Arunachalam > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2021-12-24 13:22:37
|
I remember that discussion now, thanks. I am not sure if the developers are actively following the mailing list. So it's probably best to ask this question on github. Best, Christian On Fri, Dec 24, 2021 at 12:53:47PM +0000, Srikanth Arunachalam via mod-security-users wrote: > Hi Christian, > > Thanks for getting back to me so quickly. Yes, SecArgumentsLimit is a > Modsec keyword in V3. > This allows to restrict the rule apply to quantity specified in > SecArgumentsLimit. > > We had some performance considerations in the past, when, json payload has > high depth cardinality of list. > Rule id 942460 (Metacharacter search on non-alphanumberic characters \W) > spends lot of time. > > There has also been some discussions on this SecArgumentsLimit on > https://github.com/SpiderLabs/ModSecurity/pull/2234 > > This woks fantastic for JSON based payload. To be more precise, including a > value of SecArgumentsLimit allows to process partial set of payload, rather > than the whole file. > > We couldnt apply the same for the XML payload is the concern I have raised > in this forum. > > Kind Regards > Srikanth Arunachalam > > On Thu, Dec 23, 2021 at 11:01 PM Christian Folini < > chr...@ne...> wrote: > > > Hey Srikanth, > > > > I'm not familia with SecArgumentsLimit. Is it a v3 directive? > > > > What do you want it to do exactly with your XML payload? > > > > Best, > > > > Christian Folini > > > > On Thu, Dec 23, 2021 at 04:43:56PM +0000, Srikanth Arunachalam via > > mod-security-users wrote: > > > Hi > > > > > > We have a not very large XML payload (3mb) with tags including > > > multiple entries separated with comma. > > > > > > When I remove the comma separation the WAF process takes about 14sec > > to > > > complete. > > > When I include the comma separation lists in XML tag, it complex in 29 > > > seconds. > > > > > > Had this been a json payload, I would have used SecArgumentsLimit. It has > > > not been effective in XML. > > > > > > Any sooner suggestion/response would be appreciated. > > > > > > Kind Regards > > > Srikanth Arunachalam > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
Thanks for helping keep SourceForge clean.
X