Description
Motivation
Currently, there are a few rules which have been split into multiple rules, such as 933151.
This has been done due to a size limitation with regexes on Modsecurity 2 with httpd.
Splitting a rule into multiple rules in such a manner is not only harder for maintenance e.g. updating 3 regex assemblies instead of 1, but also decreases performance.
Proposed solution
The proposed solution is as follows:
- check if a regex assembly has an include where the included file is over an arbitrary limit
- if it is over the limit, split the file x times
- for each part of the include, generate the entire regex
- next, literally copy paste the rule x times, increment the rule id (a simple replace should work here)
- finally, duplicate or split the tests for the specific rule id up to rule id + x
The last step may need some further thinking, as some of the tests are "general" negative tests that need to run on all siblings, whereas others are for a specific regex pattern/string, which is divided across the split rules.
Alternatives
Remove the regex size limitation from modsecurity 2 with httpd. I'm not sure what the reason for this is or whether or not this is something feasible.
Additional context
Related pr #4139 with some discussions with @theseion and @fzipi