Talk:New Navy Classifications

April 2022 - Internal server errors blocking edits of large pages

I can't remove the header or edit the entire page (but I can edit individual sections).
It doesn't matter if I use the source or visual editor.

This appears to be a PCRE error with Apache mod_security:

Example error:

[Fri Apr 01 01:58:32.214871 2022] [:error] [pid 30754:tid 3531239319296] [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041] [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Rule 3364a83df28 [id "932110"][file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "255"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "library.jimgrisham.com"] [uri "/w/index.php"] [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1

[Fri Apr 01 01:58:32.215611 2022] [:error] [pid 30754:tid 3531239319296] [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041] [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Rule 33649e08738 [id "932115"][file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "294"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "library.jimgrisham.com"] [uri "/w/index.php"] [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1

[Fri Apr 01 01:58:32.230452 2022] [:error] [pid 30754:tid 3531239319296] [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041] [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:wpTextbox1. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "502"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: (EWS / PPWS per NAVADMIN 320/20 and OPNAVINST 1220.1E) (NECs N13O/N14O/N15O/N16O). NEC N13S/N14S/N15S/N16S).. < /pre>< pre> *** 0102LF0145600 Materiel, Serviceable Tag < /pre> < pre> Reference: https://www.mynavyhr.navy.mil/Portals/55/Reference/NEOCS/Vol2/NEC_Chap_4_Jan_22_rev.pdf?ver=LjFySzDt-gRZU9Ns5orWow== Current Career School Listing (CSL): https://www.mynavyhr.navy.mil/Portals/55/Career/EnlistedCareerAdmin/CSL Listing - July 2020.pdf?ver=_7xOyuk1lG0MxLdP0FB3VA== NEC Conversion timeline h..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [ [hostname "library.jimgrisham.com"] [uri "/w/index.php"] [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1

[Fri Apr 01 01:58:32.265759 2022] [:error] [pid 30754:tid 3531239319296] [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041] [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "library.jimgrisham.com"] [uri "/w/index.php"] [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1

[Fri Apr 01 01:58:32.214871 2022]
- [:error]
  - [pid 30754:tid 3531239319296]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Rule 3364a83df28
  - [id "932110"]
    - [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-932-APPLICATION-ATTACK-RCE.conf"]
      - [line "255"] - Execution error - PCRE limits exceeded (-8): (null).
- [hostname "library.jimgrisham.com"]
  - [uri "/w/index.php"]
  - [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1
[Fri Apr 01 01:58:32.215611 2022]
- [:error]
  - [pid 30754:tid 3531239319296]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Rule 33649e08738
  - [id "932115"]
    - [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-932-APPLICATION-ATTACK-RCE.conf"]
      - [line "294"] - Execution error - PCRE limits exceeded (-8): (null).
- [hostname "library.jimgrisham.com"]
  - [uri "/w/index.php"]
  - [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1
[Fri Apr 01 01:58:32.230452 2022]
- [:error]
  - [pid 30754:tid 3531239319296]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Warning. Pattern match "(?:(?:\\\$|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\$|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\$[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\$|\\\$[\\\\s]*string[\\\\s]*\\\$[\\\\s]*(?:\\"|'))" at ARGS:wpTextbox1.
    - [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"]
      - [line "502"]
      - [id "933210"]
        [msg "PHP Injection Attack: Variable Function Call Found"]
        
        [data "Matched Data: (EWS / PPWS per NAVADMIN 320/20 and OPNAVINST 1220.1E) (NECs N13O/N14O/N15O/N16O). NEC N13S/N14S/N15S/N16S).. < /pre>< pre> *** 0102LF0145600 Materiel, Serviceable Tag < /pre> < pre> Reference: https://www.mynavyhr.navy.mil/Portals/55/Reference/NEOCS/Vol2/NEC_Chap_4_Jan_22_rev.pdf?ver=LjFySzDt-gRZU9Ns5orWow== Current Career School Listing (CSL): https://www.mynavyhr.navy.mil/Portals/55/Career/EnlistedCareerAdmin/CSL Listing - July 2020.pdf?ver=_7xOyuk1lG0MxLdP0FB3VA== NEC Conversion timeline h..."]
        
        [severity "CRITICAL"]
        
        [ver "OWASP_CRS/3.3.2"]
        
        [tag "application-multi"]
        
        [tag "language-php"]
        
        [tag "platform-multi"]
- [
  - [hostname "library.jimgrisham.com"]
    - [uri "/w/index.php"]
    - [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1

[Fri Apr 01 01:58:32.265759 2022]
- [:error]
  - [pid 30754:tid 3531239319296]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34:22041]
  - [client 2601:742:202:db50:8453:fe83:5ee3:4d34] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score.
    - [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"]
      - [line "93"]
      - [id "949110"]
        [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"]
        
        [severity "CRITICAL"]
        
        [ver "OWASP_CRS/3.3.2"]
        
        [tag "application-multi"]
        
        [tag "language-php"]
        
        [tag "platform-multi"]
        
        [tag "attack-generic"]
- [hostname "library.jimgrisham.com"]
  - [uri "/w/index.php"]
  - [unique_id "Yka@uBLs-st0hJerv-KxFwAAAAE"], referer: https://library.jimgrisham.com/w/index.php?title=New_Navy_Classifications&action=edit&veswitched=1

References

This occurred with MediaWiki 1.35.2 to 1.35.6 and PHP FastCGI 7.4 and PHP FastCGI 8.1.

Jim Grisham (talk) 02:23, 1 April 2022 (PDT)

Talk:New Navy Classifications

April 2022 - Internal server errors blocking edits of large pages

Navigation menu

Search