mod-security-users

Re: [mod-security-users] Problems with phpMyAdmin and mod_security

[Alex S. <ale...@gm...>]

Hi,

Re your response from 9/1/2006, this also affects ASP.NET when in
proxy mode, as the VIEWSTATE variable can be 4096 characters at times.

can this be made a configurable option?

i understand the need to limit this, to prevent new bof attacks
against web servers etc, but it would be nice to know exactly what
having a 8096 byte buffer does to the rest of the mod_security
internals.


Alex


------------

Gerwin Krist -|- Digitalus Webhosting wrote:
Heya,

Customers of us using phpmyadmin are getting a 406 error, the log file says=
:

Error processing request body: Multipart: part header line over 1024 bytes
long

No clue what this mean, anyone?

  The size of multipart/form-data part headers is limited. These headers
  are normally very simple so I find it very unusual the limit has been
  triggered. You can change this limit yourself by editing the line that
  says:

  #define MULTIPART_BUF_SIZE              1024

  To make sure it is not a bug of some kind, please increase the
  limit to 4096 and record one request using the audit log.

  Thanks!

--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
Tel: +44 20 8141 2161, Fax: +44 87 0762 3934

Re: [mod-security-users] Problems with phpMyAdmin and mod_security

[Ivan R. <iv...@we...>]

Alex Strawman wrote:
> Hi,
> 
> Re your response from 9/1/2006, this also affects ASP.NET when in
> proxy mode, as the VIEWSTATE variable can be 4096 characters at times.

  The size of data is not limited. You could only experience
  problems if the variable name itself is more than 4096
  bytes long. Is this the case?

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com

Re: [mod-security-users] Problems with phpMyAdmin and mod_security

[Alex S. <ale...@gm...>]

Nope, i believe the viewstate is < 4096, however when combined with
the rest of the header it sometimes falls outside that size and gets
truncated, without really telling the user it did so.
having said that i havn't turned the debugging up to max to see if it
informs so in the logfile.

Alex

On 2/3/06, Ivan Ristic <iv...@we...> wrote:
> Alex Strawman wrote:
> > Hi,
> >
> > Re your response from 9/1/2006, this also affects ASP.NET when in
> > proxy mode, as the VIEWSTATE variable can be 4096 characters at times.
>
>   The size of data is not limited. You could only experience
>   problems if the variable name itself is more than 4096
>   bytes long. Is this the case?
>
> --
> Ivan Ristic, Technical Director
> Thinking Stone, http://www.thinkingstone.com
>

Re: [mod-security-users] Problems with phpMyAdmin and mod_security

[Ivan R. <iv...@we...>]

Alex Strawman wrote:
> Nope, i believe the viewstate is < 4096, however when combined with
> the rest of the header it sometimes falls outside that size and gets
> truncated, without really telling the user it did so.
> having said that i havn't turned the debugging up to max to see if it
> informs so in the logfile.

  From I could read about ASP.NET the view state is transported
  via variable "__VIEWSTATE". The multipart header length limit
  should not affect this way of transport.

  Do you have something like "Error processing request body:
  Multipart: part header line over XXXX bytes long" in your
  Apache error log?

  If you don't - then something else is the problem. Get me
  the messages from ModSecurity that you do have and I may
  be able to tell you more.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com