github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added more documentation for pcre limits.

Browse Source
This commit is contained in:
b1v1r
2010-02-11 17:44:10 +00:00
parent 5769afbef3
commit b5392b2f7f
1 changed files with 40 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
doc/modsecurity2-apache-reference.xml
View File

@@ -1484,12 +1484,27 @@ SecMarker 99</emphasis></programlisting></para>
<para><emphasis>Version:</emphasis> 2.5.12</para> <para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile <para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
(1500 by default)</para> (1500 by default). See also
<literal>SecPcreMatchLimitRecursion</literal></para>
<para>The <literal>--enable-pcre-match-limit=val</literal> configure <para>If the limits are exceeded this will be logged at level 3 in the
option will set a custom default and the debug log, added as a Message line in the audit log and the <literal
<literal>--disable-pcre-match-limit</literal> option will resort to the moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag will be set
compiled PCRE library default.</para> to a non-zero value. To prevent bypass, you should write a rule to check
for the existance of the <literal
moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag.</para>
<programlisting>SecPcreMatchLimit 100
SecPcreMatchLimitRecursion 100
...
SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</programlisting>
<note>
<para>The <literal>--enable-pcre-match-limit=val</literal> configure
option will set a custom default and the
<literal>--disable-pcre-match-limit</literal> option will resort to
the compiled PCRE library default.</para>
</note>
</section> </section>
<section> <section>
@@ -1512,12 +1527,26 @@ SecMarker 99</emphasis></programlisting></para>
<para><emphasis>Version:</emphasis> 2.5.12</para> <para><emphasis>Version:</emphasis> 2.5.12</para>
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile <para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
(1500 by default)</para> (1500 by default). See also <literal>SecPcreMatchLimit</literal></para>
<para>The <literal>--enable-pcre-match-limit-recursion=val</literal> <para>If the limits are exceeded this will be logged at level 3 in the
configure option will set a custom default and the debug log, added as a Message line in the audit log and the <literal
<literal>--disable-pcre-match-limit-recursion</literal> option will moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag will be set
resort to the compiled PCRE library default.</para> to a non-zero value. To prevent bypass, you should write a rule to check
for the existance of the <literal
moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag.</para>
<programlisting>SecPcreMatchLimit 100
SecPcreMatchLimitRecursion 100
...
SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</programlisting>
<note>
<para>The <literal>--enable-pcre-match-limit-recursion=val</literal>
configure option will set a custom default and the
<literal>--disable-pcre-match-limit-recursion</literal> option will
resort to the compiled PCRE library default.</para>
</note>
</section> </section>
<section> <section>
@@ -3930,7 +3959,7 @@ SecAction setsid:%{REQUEST_COOKIES.PHPSESSID}</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para><literal moreinfo="none">TX:MSC_.*</literal> - ModSecurity <para><literal moreinfo="none">TX:MSC_*</literal> - ModSecurity
processing flags.</para> processing flags.</para>
<itemizedlist> <itemizedlist>