I have a contact form, within this contact form is a textarea.
If i fill out the contact form and in the test area, i enter one line of text, e.g.
Example
The form completes and i am notified via email. However, if inside of the textarea i do the following:
Example
Example
I get the following:
403 - Forbidden
Forbidden
You don't have permission to access /contact_us.php on this server.
I get this in the apache error log:
[Thu Mar 13 08:06:54 2014] [error] [client my.ip.my.ip] ModSecurity: Rule 7fd0751d6280 [id "950901"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.test.com"] [uri "/index.php"] [unique_id "UyFK-mAcYdcAACwKBI8AAAAE"]
[Thu Mar 13 08:06:59 2014] [error] [client my.ip.my.ip] ModSecurity: Rule 7fd0751d6280 [id "950901"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.test.com"] [uri "/contact_us.php"] [unique_id "UyFLA2AcYdcAACwKBJAAAAAE"]
[Thu Mar 13 08:06:59 2014] [error] [client my.ip.my.ip] ModSecurity: Rule 7fd075bb3940 [id "-"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_55_application_defects.conf"][line "27"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.test.com"] [uri "/contact_us.php"] [unique_id "UyFLA2AcYdcAACwKBJAAAAAE"]
[Thu Mar 13 08:06:59 2014] [error] [client my.ip.my.ip] ModSecurity: Warning. Match of "rx (?i:(<meta.*?(content|value)=\\"text/html;\\\\s?charset=|<\\\\?xml.*?encoding=))" against "RESPONSE_BODY" required. [file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_55_application_defects.conf"] [line "23"] [id "981220"] [msg "[Watcher Check] No charset was specified in the HTTP Content-Type header nor the HTML content's meta tag."] [data "Content-Type Response Header: text/html"] [tag "WASCTC/WASC-15"] [tag "APP_DEFECT/MISCONFIGURATION"] [tag "http://code.google.com/p/browsersec/wiki/Part2#Content_handling_mechanisms"] [hostname "www.test.com"] [uri "/contact_us.php"] [unique_id "UyFLA2AcYdcAACwKBJAAAAAE"]
[Thu Mar 13 08:06:59 2014] [error] [client my.ip.my.ip] ModSecurity: Rule 7fd074f08b10 [id "-"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_55_application_defects.conf"][line "41"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.test.com"] [uri "/contact_us.php"] [unique_id "UyFLA2AcYdcAACwKBJAAAAAE"]
[Thu Mar 13 08:06:59 2014] [error] [client my.ip.my.ip] ModSecurity: Warning. Match of "rx (<meta.*?(content|value)=\\"text/html;\\\\s?charset=utf-8|<\\\\?xml.*?encoding=\\"utf-8\\")" against "RESPONSE_BODY" required. [file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_55_application_defects.conf"] [line "36"] [id "981222"] [msg "[Watcher Check] The charset specified was not utf-8 in the HTTP Content-Type header nor the HTML content's meta tag."] [data "Content-Type Response Header: text/html"] [tag "WASCTC/WASC-15"] [tag "MISCONFIGURATION"] [tag "http://websecuritytool.codeplex.com/wikipage?title=Checks#charset-not-utf8"] [hostname "www.test.com"] [uri "/contact_us.php"] [unique_id "UyFLA2AcYdcAACwKBJAAAAAE"]
How could i fix this issue so that the form submits without issue?
Best Answer
You can adjust the PCRE match and recursion limits by adding
SecPcreMatchLimitandSecPcreMatchLimitRecursionstatements to the nodsecurity.conf file e.g.but be aware that there can be performance issues with this so don't set it too large.
For the other errors from
modsecurity_crs_55_application_defects.confyou should read the file and then look at the links it provides to understand the issue and (in this case) make the necessary changes to your application.