Hi,

With WordPress we continue to see lots of hits showing:

• Execution error - PCRE limits exceeded (-8): (null).

I’ve seen various discussion of this issue. Is there an effective fix that doesn’t require disabling the rule?

Thanks,

Mark

Hi!
To fix error “pcre-limits exceeded” we use only increasing SecPcreMatchLimit and SecPcreMatchLimitRecursion up to 250000 in mod_security.conf. Also you can add to php.ini:

pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000

Thanks. Do you recommend a certain procedure for doing this on cPanel systems (since cPanel is a bit peculiar about some settings, and has a tendency to overwrite some on updates).

Thank you!

We recommend for all configurations. To avoid rewrite on updates you can create conf file, for example, pcre_limits.conf and add it to “Include” in apache configuration.

On a cPanel server running CWAF, where is mod_security.conf located? I see modsec2.conf, etc., but it does not reference Pcre.

Thanks!

/var/cpanel/cwaf/etc/modsec2.conf is an example of configuration file. In your own modsecurity.conf you should include /var/cpanel/cwaf/etc/cwaf.conf with links to our rules and necessary configuration options. Our modsec2.conf (recommended configuration) contains:

LoadFile /opt/xml2/lib/libxml2.so

LoadFile /opt/lua/lib/liblua.so

LoadModule security2_module modules/mod_security2.so

SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
SecRequestBodyAccess On
SecDataDir /tmp
SecTmpDir /tmp
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
Include “/var/cpanel/cwaf/etc/cwaf.conf”