[Owasp-modsecurity-core-rule-set] "Too many arguments in request in default CRS installation" looks like bug in CRS
ryan.barnett at breach.com
Wed Jul 7 11:47:58 EDT 2010
On Wednesday 07 July 2010 11:41:43 Taras wrote:
> Hi, all!
> Debian 5.0 Lenny, ModSecurity Version: 2.5.11 installed from backports
> In default installation I have follow error in log when try to access
> [Wed Jul 07 19:30:44 2010] [error] [client **.**.**.**] ModSecurity:
> Warning. Operator GE matched 0 at TX:inbound_anomaly_score. [file
> tion.conf"] [line "35"] [msg "Inbound Anomaly Score Exceeded (Total Inbound
> Score: 5, SQLi=, XSS=): Too many arguments in request"] [hostname
> "******.*****.**"] [uri "/index.php"] [unique_id
> After that I commented line
> SecAction "phase:1,t:none,nolog,pass,setvar:tx.max_num_args=255"
> in modsecurity_crs_10_config.conf and it is ok and there is no error in
> How can I correctly limit number of arguments and is there bug in CRS?
First issue is to actually confirm that your application legitimately uses more then 255
arguments/parameters in a request. If so, what you should do is to update the
tx.max_num_args setting in that line to accommodate the appropriate number.
More information about the Owasp-modsecurity-core-rule-set