Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

DOS counter broken for files without dots

See original GitHub issue

_Issue originally created by user lifeforms on date 2016-07-30 16:12:16. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/462._

In bda2fff9, DOS rule 912150 was changed to:

SecRule REQUEST_BASENAME "\.(.*)$" \

Therefore, only filenames matching this regexp (so files containing a dot) are being counted towards the DoS limits.

DoS protection is now not functioning for file names like /, /contact etc. and you can request an unlimited number of these without triggering DoS burst detection.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5

github_iconTop GitHub Comments

1reaction
CRS-migration-botcommented, May 13, 2020

User dune73 commented on date 2016-08-02 16:49:33:

Nice find. And good fix. Thank you guys.

0reactions
CRS-migration-botcommented, May 13, 2020

User csanders-git commented on date 2016-08-03 00:54:51:

Please see PR #470

Read more comments on GitHub >

github_iconTop Results From Across the Web

ms dos - Why does the single dot entry exist in file systems?
It simply makes sense to have a symbol that stands for the current directory. It makes sense for the symbol to be easy...
Read more >
linux - Command to list all files except . (dot) and .. (dot dot)
I'm trying to find a command that would list all files (including hidden files), but must exclude ...
Read more >
List all files and dirs without recursion with junctions
But here is a simple one for listing all files recursively without junction folder loops. Use PowerShell and test each file if it...
Read more >
Windows command prompt: how to get the count of all files in ...
If you need an accurate count, then don't try this. Using find /c and try finding something that is always included in a...
Read more >
How to Create Files that Cannot be Found Using the “…” Dots
All this can be bypassed using the ::$INDEX_ALLOCATION trick. Using the folder name twice also creates the folders.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

IP.block set by a variety of rules in 910 and 913, leads to unconditional block in 949100

Next page

Vlad SuperList