[Owasp-modsecurity-core-rule-set] PCRE limits error

Ryan Barnett RBarnett at trustwave.com
Wed Nov 21 16:16:11 UTC 2012


If you are using ModSecurity v2.7.x then I suggest you use the latest OWASP CRS as I fixed many of the greedy regexs - http://spiderlabs.github.com/owasp-modsecurity-crs/

--
Ryan Barnett
Lead Security Researcher
Trustwave - SpiderLabs


On Nov 21, 2012, at 11:11 AM, "Avi Rosenblatt" <avi at greensmoke.net> wrote:

> Hi,
> I'm getting a lot of 'PCRE limits exceeded' specifically with modsecurity_crs_41_sql_injection_attacks.conf line 77 (owasp crs v2.2.5)
> Some of the hits are legitimate and some are attacks. If the attack gets this error, does that mean it's not blocked(I'm currently running in DetectionOnly mode)? I'm playing with the PCRE limits config params and at 50,000 I'm still getting this message.
> Thanx in advance for the help.
>
> Avi Rosenblatt
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.



More information about the Owasp-modsecurity-core-rule-set mailing list