[Owasp-modsecurity-core-rule-set] "Too many arguments in request in default CRS installation" looks like bug in CRS
oxdef at oxdef.info
Wed Jul 7 14:33:35 EDT 2010
> On Wednesday 07 July 2010 11:41:43 Taras wrote:
>> Hi, all!
>> Debian 5.0 Lenny, ModSecurity Version: 2.5.11 installed from backports
>> In default installation I have follow error in log when try to access
>> [Wed Jul 07 19:30:44 2010] [error] [client **.**.**.**] ModSecurity:
>> Warning. Operator GE matched 0 at TX:inbound_anomaly_score. [file
>> tion.conf"] [line "35"] [msg "Inbound Anomaly Score Exceeded (Total Inbound
>> Score: 5, SQLi=, XSS=): Too many arguments in request"] [hostname
>> "******.*****.**"] [uri "/index.php"] [unique_id
>> After that I commented line
>> SecAction "phase:1,t:none,nolog,pass,setvar:tx.max_num_args=255"
>> in modsecurity_crs_10_config.conf and it is ok and there is no error in
>> How can I correctly limit number of arguments and is there bug in CRS?
> First issue is to actually confirm that your application legitimately uses more then 255
> arguments/parameters in a request. If so, what you should do is to update the
> tx.max_num_args setting in that line to accommodate the appropriate number.
My webapp in this case is simple *empty* script /index.php.
Problem is if such line is not commented there is error message in log
when I try to get /index.php with *some* params.
"Software is like sex: it's better when it's free." - Linus Torvalds
More information about the Owasp-modsecurity-core-rule-set