[rt-users] VERY long query strings in Search, Bulk Update and other menus under Tickets

Thomas Smith theitsmith at gmail.com
Mon Feb 28 18:59:10 EST 2011


I just upgraded from RT 3.6.6 to 3.8.8 (yesterday, in fact).
Everything is working fine except that when I click on a few menu
options under Tickets I get a mod_security error:

[Mon Feb 28 16:50:46 2011] [error] [client 10.*.*.*] ModSecurity: Rule
execution error - PCRE limits exceeded (-8): (null). [hostname
"sub.domain.tld"] [uri "/Search/Edit.html"] [unique_id
"WURk2H8AAAEAAAwm0zMAAAAK"]

This is the full query string that is sent when I click on these options:

https://sub.domain.tld/Search/Edit.html?Format=%27%20%20%20%3Cb%3E%3Ca%20href%3D%22__WebPath__%2FTicket%2FDisplay.html%3Fid%3D__id__%22%3E__id__%3C%2Fa%3E%3C%2Fb%3E%2FTITLE%3A%23%27%2C%0A%27%3Cb%3E%3Ca%20href%3D%22__WebPath__%2FTicket%2FDisplay.html%3Fid%3D__id__%22%3E__Subject__%3C%2Fa%3E%3C%2Fb%3E%2FTITLE%3ASubject%27%2C%0A%27__Status__%27%2C%0A%27__QueueName__%27%2C%0A%27__OwnerName__%27%2C%0A%27__Priority__%27%2C%0A%27__NEWLINE__%27%2C%0A%27%27%2C%0A%27%3Csmall%3E__Requestors__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__CreatedRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__ToldRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__LastUpdatedRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__TimeLeft__%3C%2Fsmall%3E%27&Order=ASC&OrderBy=id&Query=&RowsPerPage=50&SavedChartSearchId=

This happens with Edit Search, Advanced, Show Results, Bulk Update and
Graph. (The query string is a little different depending on which
option is clicked, but the length of the string is consistent.)

The browser simply returns a "403 Forbidden" because mod_security
blocks access to that URL.

Is this query string of a normal length for these options?



More information about the rt-users mailing list