'웹방화벽'에 해당되는 글 14건

  1. 2015.11.16 mod_security - PCRE limits exceeded
  2. 2013.12.27 공개 웹 방화벽 WebKnight 3.1 사용설명서
  3. 2013.12.19 ModSecurity v2.7.6 Release
2015.11.16 14:54

mod_security - PCRE limits exceeded

Just about on every request I am getting the following error:

Rule execution error - PCRE limits exceeded (-8): (null).

After a bunch of googling the only solutions seem to be

a) Add the following in your httpd.conf

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

b) Add the following to your php.ini

pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000

c) Use a version that was compiled with -disable-pcre-match-limit option.


I am running the following:

ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/).

Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8

For ModSec my rules, I am using the OWASP ModSecurity Core Rule Set Project version (CRS) version 2.2.3 which is the newest as of this posting.

My httpd.conf consists of essentially:

<IfModule security2_module>
    SecUploadDir /var/asl/data/suspicious
    SecDataDir /var/asl/data/msa
    SecTmpDir /tmp
    SecAuditLogStorageDir /var/asl/data/audit

    Include modsecurity.d/modsecurity_crs_10_config.conf
    Include modsecurity.d/activated_rules/*.conf

    SecRuleEngine On

    # Debug log
    SecDebugLog /var/log/apache2/modsec_debug.log
    SecDebugLogLevel 3

    # Serial audit log
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus ^5
    SecAuditLogParts ABIFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/apache2/modsec_audit.log

    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000

</IfModule>


<IfModule mod_php5.c>
    php_admin_flag pcre.backtrack_limit 10000000
    php_admin_flag pcre.recursion_limit 10000000
</IfModule>

Of which inside my modsecurity.d directory is just all the default rules CRS has in their install file. I have also set the pcre limits to 150000000 and 100000000000 and more, but to no available.

So in conclusion:

solutions a and b are not working, and I prefer greatly not to do c...as I don't really understand/like compiling.

Anyone have any other ideas?



출처 : http://serverfault.com/questions/


Trackback 0 Comment 0
2013.12.27 02:58

공개 웹 방화벽 WebKnight 3.1 사용설명서

1. 개요
2. WebKnight 소개

3. WebKnight 설치 및 제거
3.1. WebKnight 설치
3.2. WebKnight 제거

4. 웹나이트(WebKnight) 운영
4.1. WebKnight 기본동작
4.2. WebKnight 설정관리자(Config.exe)

5. KISA 웹 취약점 점검과 차단정책 설정
5.1. 웹 취약점 점검 소개
5.2. 웹 취약점 점검 결과보고서 설명
5.3. WebKnight 차단정책 설정


WebKnight_3.1_사용설명서.pdf



출처 : KISA


Trackback 0 Comment 0
2013.12.19 19:13

ModSecurity v2.7.6 Release

New Continuous Integration Platform (BuildBot)

The ModSecurity Project team here in SpiderLabs Research wants to ensure the quality of the project so that it will run properly within the different web servers (Apache, IIS, Nginx and Java) and OS platforms.  Testing each feature manually in all supported platforms versus all  supported web servers is not feasible due to the amount of time that it will demand. This testing, however, is mandatory to ensure the quality of ModSecurity's code. In order to make the tests easy for the developers, as well as to foster transparency with  the community, a continuous integration (CI) schema was deployed -http://www.modsecurity.org/developers/buildbot/ 


Download : http://www.modsecurity.org/download/








출처 : http://blog.spiderlabs.com/


Trackback 0 Comment 0