store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Sep 02, 2014 2:46 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: googlebot and PCRE recursion error
Unread postPosted: Tue May 18, 2010 12:48 pm 
Offline
Forum User
Forum User

Joined: Sat Jan 17, 2009 2:19 pm
Posts: 99
Hello Mike,
I have a doubt, hope you can help me out.

In my server I have seen that the PCRE recursion error is only triggered when a searcher crawl is made, as an example:
Quote:
2010-05-18 09:55:45 66.249.68.88 /comunity/index.php?tags_mode=ad〈=en HTTP/1.1 www.anydomain.com Rule execution error - PCRE limits exceeded (-8): (null). 200

Doing a whois on the IP 66.249.68.88, it shows:
Quote:
canonical name crawl-66-249-68-88.googlebot.com.

Any idea on how to fix this error with the searchers?

Regards,

Sergio


Top
 Profile  
 
 Post subject: Re: googlebot and PCRE recursion error
Unread postPosted: Fri Nov 19, 2010 1:06 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 18, 2010 9:41 am
Posts: 27
sergio, did you set the PCRE limit in your modsec2.conf and in your php.ini ? Can you check what value it is, maybe it is too high. I read that 50,000 - 150,000 is ok.

It works fine for me, I only had the PCRE limit error when it was set too high (1000000)...


Top
 Profile  
 
 Post subject: Re: googlebot and PCRE recursion error
Unread postPosted: Fri Nov 19, 2010 4:49 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
The only solution to pcre limiting in mod_security (natively) is to either disable it, or to set it higher. The logic in mod_security, for this feature, is something I don't agree with - if you exceed the limits, and its an attack that triggers a pcre limit, it should block the attack - instead it allows the attack to go thru (you dont get a DOS, but you might get owned).

In ASL, we disable this feature in mod_security, detect the DOS attacks, and shun them - if its a trigger its a trigger period.

I recommend you do the same.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: googlebot and PCRE recursion error
Unread postPosted: Mon Nov 22, 2010 10:05 pm 
Offline
Forum User
Forum User

Joined: Sat Jan 17, 2009 2:19 pm
Posts: 99
Mike, What is the way to disable this in Mod_Security?


Top
 Profile  
 
 Post subject: Re: googlebot and PCRE recursion error
Unread postPosted: Tue Nov 23, 2010 11:58 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
Compile mod_security with it disabled, or use our builds.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: googlebot and PCRE recursion error
Unread postPosted: Tue Nov 23, 2010 3:33 pm 
Offline
Forum User
Forum User

Joined: Sat Jan 17, 2009 2:19 pm
Posts: 99
Ok, thanks.


Top
 Profile  
 
 Post subject: Re: googlebot and PCRE recursion error
Unread postPosted: Tue Nov 23, 2010 4:47 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
yeah check out the ASL Lite thread on this, we've been putting together all the steps to do this on a cpanel system there.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group