HIDS 30117
Rule 30117 | |
---|---|
Status | Active |
Alert Message | Invalid URI, file name too long. |
Contents |
[edit] Description
This event is not caused by the rules, ASL or modsecurity. This rule simply reports when apache reports a critical error with a request. Specifically, this error is generated by apache when a URI exceeds the limit set in Apache. By default, Apache sets a limit on URIs of 8190 characters. Any request over this limit will be rejected by Apache.
Please see the Tuning Guidance below for assistance with changing this limit in Apache.
This rule does not cause this error, therefore disabling this rule will not prevent apache from rejecting these requests, nor will it prevent apache from reporting these errors. This is just a reporting rule that reports when apache has rejected the request. The rule does not cause this event, it simply reports it.
[edit] Troubleshooting
[edit] False Positives
None. This rule is not generated by ASL. This is a reporting rule, it simply reports when Apache generates this error.
[edit] Tuning Guidance
Please contact your Apache vendor for assistance with increasing URI limits. In general, it is recommended by web server vendors that you use POST requests and HTTP bodies for large requests, and not use large GET request URIs. The information provided below is provide as a courtesy for our customers. If you have issues with increasing the URI limit in Apache, please contact your Apache vendor.
To increase the limit in Apache, you can change the LimitRequestLine variable to a larger number, as documented in the Apache configuration documentation for Apache 2.2 at the URL below:
https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline
And for Apache 2.4 at the URL below:
https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestline
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.