mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2026-01-13 15:07:10 +03:00
Added more documentation for pcre limits.
This commit is contained in:
b1v1r
@@ -1484,12 +1484,27 @@ SecMarker 99</emphasis></programlisting></para>
|
||||
<para><emphasis>Version:</emphasis> 2.5.12</para>
|
||||
|
||||
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
|
||||
(1500 by default)</para>
|
||||
(1500 by default). See also
|
||||
<literal>SecPcreMatchLimitRecursion</literal></para>
|
||||
|
||||
<para>If the limits are exceeded this will be logged at level 3 in the
|
||||
debug log, added as a Message line in the audit log and the <literal
|
||||
moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag will be set
|
||||
to a non-zero value. To prevent bypass, you should write a rule to check
|
||||
for the existance of the <literal
|
||||
moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag.</para>
|
||||
|
||||
<programlisting>SecPcreMatchLimit 100
|
||||
SecPcreMatchLimitRecursion 100
|
||||
...
|
||||
SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</programlisting>
|
||||
|
||||
<note>
|
||||
<para>The <literal>--enable-pcre-match-limit=val</literal> configure
|
||||
option will set a custom default and the
|
||||
<literal>--disable-pcre-match-limit</literal> option will resort to the
|
||||
compiled PCRE library default.</para>
|
||||
<literal>--disable-pcre-match-limit</literal> option will resort to
|
||||
the compiled PCRE library default.</para>
|
||||
</note>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
@@ -1512,12 +1527,26 @@ SecMarker 99</emphasis></programlisting></para>
|
||||
<para><emphasis>Version:</emphasis> 2.5.12</para>
|
||||
|
||||
<para><emphasis>Dependencies/Notes:</emphasis> Default is set at compile
|
||||
(1500 by default)</para>
|
||||
(1500 by default). See also <literal>SecPcreMatchLimit</literal></para>
|
||||
|
||||
<para>If the limits are exceeded this will be logged at level 3 in the
|
||||
debug log, added as a Message line in the audit log and the <literal
|
||||
moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag will be set
|
||||
to a non-zero value. To prevent bypass, you should write a rule to check
|
||||
for the existance of the <literal
|
||||
moreinfo="none">TX:MSC_PCRE_LIMITS_EXCEEDED</literal> flag.</para>
|
||||
|
||||
<programlisting>SecPcreMatchLimit 100
|
||||
SecPcreMatchLimitRecursion 100
|
||||
...
|
||||
SecRule TX:/^MSC_/ "!@eq 0" "phase:5,pass,log,auditlog,msg:'Potential REDoS'"</programlisting>
|
||||
|
||||
<note>
|
||||
<para>The <literal>--enable-pcre-match-limit-recursion=val</literal>
|
||||
configure option will set a custom default and the
|
||||
<literal>--disable-pcre-match-limit-recursion</literal> option will
|
||||
resort to the compiled PCRE library default.</para>
|
||||
</note>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
@@ -3930,7 +3959,7 @@ SecAction setsid:%{REQUEST_COOKIES.PHPSESSID}</programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><literal moreinfo="none">TX:MSC_.*</literal> - ModSecurity
|
||||
<para><literal moreinfo="none">TX:MSC_*</literal> - ModSecurity
|
||||
processing flags.</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
Reference in New Issue
Block a user