From a72e76de92237e39cbc81c7112617a646396e5eb Mon Sep 17 00:00:00 2001 From: Martin Vierula Date: Fri, 28 Jul 2023 07:13:49 -0700 Subject: [PATCH] Additions for PCRE limits support. --- Reference-Manual-(v3.x).mediawiki | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Reference-Manual-(v3.x).mediawiki b/Reference-Manual-(v3.x).mediawiki index 8dcb3b8..56eb825 100644 --- a/Reference-Manual-(v3.x).mediawiki +++ b/Reference-Manual-(v3.x).mediawiki @@ -505,7 +505,15 @@ SecMarker END_HOST_CHECK == SecPcreMatchLimit == -'''Not supported in v3''' +'''Description:''' Sets the PCRE match limit for executions of the @rx and @rxGlobal operators. + +'''Syntax:''' SecPcreMatchLimit value + +'''Example Usage''': SecPcreMatchLimit 1500 + +'''Version''': 3.0.10 + +If the configured limit is exceeded, the variable MSC_PCRE_LIMITS_EXCEEDED will be set. == SecPcreMatchLimitRecursion == '''Not supported in v3''' @@ -1306,7 +1314,13 @@ SecRule MODSEC_BUILD "!@ge 030006100" "skipAfter:12345,id:29" SecRule ARGS "@pm some key words" "id:12345,deny,status:500" +== MSC_PCRE_LIMITS_EXCEEDED== +MSC_PCRE_LIMITS_EXCEEDED will be set to 1 if an execution of either the @rx or @rxGlobal operator exceeds the limits set by SecPcreMatchLimit. + +For compatibility convenience with ModSecurity v2, a synonym of this variable is also set as TX:MSC_PCRE_LIMITS_EXCEEDED. + == MULTIPART_CRLF_LF_LINES == + This flag variable will be set to 1 whenever a multi-part request uses mixed line terminators. The multipart/form-data RFC requires CRLF sequence to be used to terminate lines. Since some client implementations use only LF to terminate lines you might want to allow them to proceed under certain circumstances (if you want to do this you will need to stop using MULTIPART_STRICT_ERROR and check each multi-part flag variable individually, avoiding MULTIPART_LF_LINE). However, mixing CRLF and LF line terminators is dangerous as it can allow for evasion. Therefore, in such cases, you will have to add a check for MULTIPART_CRLF_LF_LINES. == MULTIPART_FILENAME ==