[Owasp-modsecurity-core-rule-set] "Too many arguments in request in default CRS installation" looks like bug in CRS
Taras
oxdef at oxdef.info
Wed Jul 7 11:41:43 EDT 2010
Hi, all!
Debian 5.0 Lenny, ModSecurity Version: 2.5.11 installed from backports
modsecurity-crs_2.0.7
--------------
In default installation I have follow error in log when try to access /index.php?d=11&dfgdfgdg=g
[Wed Jul 07 19:30:44 2010] [error] [client **.**.**.**] ModSecurity: Warning. Operator GE matched 0 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsecurity_crs/base_rules/modsecurity_crs_60_correlation.conf"] [line "35"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5, SQLi=, XSS=): Too many arguments in request"] [hostname "******.*****.**"] [uri "/index.php"] [unique_id "TDSdpFf69wEAADdkAA4AAAAA"]
After that I commented line
SecAction "phase:1,t:none,nolog,pass,setvar:tx.max_num_args=255"
in modsecurity_crs_10_config.conf and it is ok and there is no error in log.
How can I correctly limit number of arguments and is there bug in CRS?
--
Taras
http://oxdef.info
More information about the Owasp-modsecurity-core-rule-set
mailing list