Difference between revisions of "HIDS 30117"

From Atomicorp Wiki
Jump to: navigation, search
m (Description)
m (Tuning Guidance)
Line 23: Line 23:
 
== Tuning Guidance ==
 
== Tuning Guidance ==
  
Please contact your Apache vendor for assistance with increasing URI limits.  In general, it is recommended by web server vendors that you use POST requests and HTTP bodies for large requests, and not large GET request URIs.
+
Please contact your Apache vendor for assistance with increasing URI limits.  In general, it is recommended by web server vendors that you use POST requests and HTTP bodies for large requests, and not use large GET request URIs.
 
+
'''
The information provided below is provide as a courtesy.  If you have issues with increasing the URI limit in Apache, please contact your Apache vendor.
+
The information provided below is provide as a courtesy for our customers.''' If you have issues with increasing the URI limit in Apache, please contact your Apache vendor.
  
 
To increase the limit in Apache, you can change the LimitRequestLine variable to a larger number, as documented in the Apache configuration documentation for Apache 2.2 at the URL below:
 
To increase the limit in Apache, you can change the LimitRequestLine variable to a larger number, as documented in the Apache configuration documentation for Apache 2.2 at the URL below:

Revision as of 18:01, 25 November 2012

Rule 30117
Status Active
Alert Message Invalid URI, file name too long.

Contents

Description

This event is not caused by the rules, ASL or modsecurity. This rule simply reports when apache reports a critical error with a request. Specifically, this error is generated by apache when a URI exceeds the limit set in Apache. By default, Apache sets a limit on URIs of 8192 characters. Any request over this limit will be rejected by Apache.

Please see the Tuning Guidance below for assistance with changing this limit in Apache.

This rule does not cause this error, therefore disabling this rule will not prevent apache from rejecting these requests, nor will it prevent apache from reporting these errors. This is just a reporting rule that reports when apache has rejected the request. The rule does not cause this event, it simply reports it.

Troubleshooting

False Positives

None.

Tuning Guidance

Please contact your Apache vendor for assistance with increasing URI limits. In general, it is recommended by web server vendors that you use POST requests and HTTP bodies for large requests, and not use large GET request URIs. The information provided below is provide as a courtesy for our customers. If you have issues with increasing the URI limit in Apache, please contact your Apache vendor.

To increase the limit in Apache, you can change the LimitRequestLine variable to a larger number, as documented in the Apache configuration documentation for Apache 2.2 at the URL below:

https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline

And for Apache 2.4 at the URL below:

https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestline

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

Personal tools