You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When there's a regular expression error due to SecPcreMatchLimit or SecPcreMatchLimitRecursion (i.e. MSC_PCRE_LIMITS_EXCEEDED), a rule using !@rx will say that the rule was triggered. However, failures with @rx will say that the rule was not triggered. I think both should assume the rule was not triggered. See coreruleset/coreruleset#3640 (comment) for additional context.
Describe the bug
When there's a regular expression error due to
SecPcreMatchLimit
orSecPcreMatchLimitRecursion
(i.e.MSC_PCRE_LIMITS_EXCEEDED
), a rule using!@rx
will say that the rule was triggered. However, failures with@rx
will say that the rule was not triggered. I think both should assume the rule was not triggered. See coreruleset/coreruleset#3640 (comment) for additional context.To Reproduce
See coreruleset/coreruleset#3640 (comment).
You can probably reproduce by setting
SecPcreMatchLimit
andSecPcreMatchLimitRecursion
really low (maybe 5) and adding a!@rx
rule.Expected behavior
I would expect
!@rx
to not trigger a rule if there's aMSC_PCRE_LIMITS_EXCEEDED
error.Server (please complete the following information):
Rule Set (please complete the following information):
The text was updated successfully, but these errors were encountered: