Your message dated Fri, 9 Mar 2012 13:58:05 +0100
with message-id <[email protected]>
and subject line Newer CRS do not work with modsecurity < 2.6.0
has caused the Debian Bug report #662947,
regarding libapache-mod-security: Rule execution error - PCRE limits exceeded
(-8): (null)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
662947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662947
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache-mod-security
Version: 2.5.12-1
Severity: normal
Hi,
I'm getting this message on multiple web pages:
| Message: Rule execution error - PCRE limits exceeded (-8): (null).
| Message: Access denied with code 403 (phase 2). Match of "streq 0"
| against"TX:MSC_PCRE_LIMITS_EXCEEDED" required. [file
| "/etc/modsecurity/00debian7.conf"] [line "93"] [msg "ModSecurity
| internal error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"]
| Action: Intercepted (phase 2)
| Stopwatch: 1331122914310502 8477 (1514 8124 -)
| Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); core
ruleset/2.2.3.
| Server: Apache/2.2.16 (Debian)
The file 00debian7.conf is in fact 'modsecurity.conf-recommended' from
Debian package version 2.6.3-1 with small changes to make it start with
libapache-mod-security from Debian 6.0.
# s%REQBODY_ERROR%REQBODY_PROCESSOR_ERROR%
# s%^\(SecRequestBodyLimitAction\)%#\1%
These are caused by legitimate web access requests.
Removing/disabling SecPcreMatchLimit parameters doesn't change anything.
Increasing to 10000000 doesn't help either. Thus, this appears to be
an internal error of ModSecurity.
Thanks
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libapache-mod-security depends on:
ii apache2.2-common 2.2.16-6+squeeze6 Apache HTTP Server common files
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii liblua5.1-0 5.1.4-5 Simple, extensible, embeddable pro
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libxml2 2.7.8.dfsg-2+squeeze3 GNOME XML library
ii mod-security-commo 2.5.12-1 Tighten web applications security
libapache-mod-security recommends no packages.
libapache-mod-security suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi,
As Teodor stated newer core ruleset (> 2.2.0) do not work (properly)
with old modsecurity (< 2.6.0).
I (or others) may work on a backport (that should be asked using the
backports list, not this bug report) if there's enough demand.
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
--- End Message ---
