Set TX:MSC_PCRE_LIMITS_EXCEEDED variable is limits exceeded by airween · Pull Request #2901 · owasp-modsecurity/ModSecurity (original) (raw)

There was a PR (#2737) which fixes an earlier shortcoming, namely that the @rx (and @rxGlobal) operator(s) do not handle PCRE limit issues.

I didn't follow it, but unfortunately seems it implements a different behavior from the other engine (mod_security2).

In mod_security2's reference the relevant behavior is explained as:

MSC_PCRE_LIMITS_EXCEEDED: Set to nonzero if PCRE match limits are exceeded. See SecPcreMatchLimit and SecPcreMatchLimitRecursion for more information.

May be the documentation is a bit ambiguous, but it means the TX.MSC_PCRE_LIMITS_EXCEEDED will be set, not the "regular" MSC_PCRE_LIMITS_EXCEEDED variable.

This patch corrects this behavior.

Please note, that the introduced variable is not mentioned in v3's documentation.

Why is this important?

The OWASP Core Rule Set team has a plan for the rule set to handle these types of errors. Without the compatibility, we can't do that.