PCRE match limits backward incompatible behavior #2902
Comments
|
Hello @azurit , It has been the position of the ModSecurity team that not every aspect of functionality in ModSecurity v2 must be replicated exactly in ModSecurity v3. Keep in mind that it is common in software for major version changes to indicate differences that might affect a seamless upgrade. Sometimes differences between v2 and v3 may mean a better way of doing things in v3, and that v2 oughtn't be slavishly imitated. In this particular case, I am not convinced that changing the variable in question to be TX:MSC_PCRE_LIMITS_EXCEEDED would be an improvement. Note that other error variables that may be set by the ModSecurity engine do not use To my mind, it's potentially confusing to have all other error flags use non-TX names but to have pcre error flags require TX:. |
|
Closing this as a duplicate of the recently merged #2901 |
Describe the bug
This PR #2736 introduced a PCRE match limits which, when hit, sets the variable
MSC_PCRE_LIMITS_EXCEEDED. This behavior is incompatible with ModSecurity v2, which is in the same situation setting variableTX:MSC_PCRE_LIMITS_EXCEEDED.Expected behavior
Variable names must be unified to keep backward compatibility with v2. Please
renameremoveMSC_PCRE_LIMITS_EXCEEDEDtoTX:MSC_PCRE_LIMITS_EXCEEDEDMSC_PCRE_LIMITS_EXCEEDEDand setTX:MSC_PCRE_LIMITS_EXCEEDEDinstead in v3.The text was updated successfully, but these errors were encountered: