You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ModSecurity Core Rule Set project
While CRS offers a way to block requests based off length of argument name or argument values, I am unable to find anything about path names length or path names count.
ModSecurity blocks buffer overflow attempts such as /file.xyz?aaaaaa(...) (where (...) means a large number of repetition), but I'm seeing a lot of attempts using /aaaaaaa(...)/file.xyz or /a/a/a/a(...)/file.xyz getting thru.
Since I know how deep my content would be, is there any action I can enable to restrict this?
Christian Folini
unread,
Jun 30, 2020, 7:50:47 AM6/30/20
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Alex Hautequest, ModSecurity Core Rule Set project
Hey Alex,
There is no prepared rule for this. So you may want to write one yourself.