Hi, I just uploaded modsecurity-crs 2.2.8 which contains a fix in that rule, although reported upstream for a different reason. Could you check if this bug is still present with that version?
Thanks, Alberto On Fri, Apr 12, 2013 at 01:59:55AM +0200, Richard van den Berg wrote: > Package: modsecurity-crs > Version: 2.2.5-2 > Severity: normal > > All requests are blocked with: > > --e89aa861-H-- > Message: Rule 7f2a17e96280 [id "950901"][file > "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line > "77"] - Execution error - PCRE limits exceeded (-8): (null). > Message: Rule 7f2a17e96280 [id "950901"][file > "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line > "77"] - Execution error - PCRE limits exceeded (-8): (null). > Message: Rule 7f2a17e96280 [id "950901"][file > "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line > "77"] - Execution error - PCRE limits exceeded (-8): (null). > Message: Rule 7f2a17e96280 [id "950901"][file > "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line > "77"] - Execution error - PCRE limits exceeded (-8): (null). > Message: Access denied with code 403 (phase 2). Match of "streq 0" against > "TX:MSC_PCRE_LIMITS_EXCEEDED" required. [file > "/etc/modsecurity/modsecurity.conf"] [line "95"] [msg "ModSecurity internal > error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"] > Action: Intercepted (phase 2) > Stopwatch: 1365724321610331 46739 (- - -) > Stopwatch2: 1365724321610331 46739; combined=43414, p1=532, p2=41873, p3=0, > p4=0, p5=1004, sr=191, sw=5, l=0, gc=0 > Response-Body-Transformed: Dechunked > Producer: ModSecurity for Apache/2.6.6 (http://www.modsecurity.org/); > OWASP_CRS/2.2.5. > Server: Apache > > --e89aa861-Z-- > > Increasing SecPcreMatchLimit, SecPcreMatchLimitRecursion, > pcre.backtrack_limit and pcre.recursion_limit does not help. > > --e89aa861-Z-- > > -- System Information: > Debian Release: 7.0 > APT prefers stable > APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.4.0-Soleus (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages modsecurity-crs depends on: > ii libapache2-modsecurity 2.6.6-6 > > modsecurity-crs recommends no packages. > > Versions of packages modsecurity-crs suggests: > pn lua <none> > > -- no debconf information -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
