Hi,
With WordPress we continue to see lots of hits showing:
- Execution error - PCRE limits exceeded (-8): (null).
I’ve seen various discussion of this issue. Is there an effective fix that doesn’t require disabling the rule?
Thanks,
Mark
Hi,
With WordPress we continue to see lots of hits showing:
I’ve seen various discussion of this issue. Is there an effective fix that doesn’t require disabling the rule?
Thanks,
Mark
Hi!
To fix error “pcre-limits exceeded” we use only increasing SecPcreMatchLimit and SecPcreMatchLimitRecursion up to 250000 in mod_security.conf. Also you can add to php.ini:
pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000
Thanks. Do you recommend a certain procedure for doing this on cPanel systems (since cPanel is a bit peculiar about some settings, and has a tendency to overwrite some on updates).
Thank you!
We recommend for all configurations. To avoid rewrite on updates you can create conf file, for example, pcre_limits.conf and add it to “Include” in apache configuration.
On a cPanel server running CWAF, where is mod_security.conf located? I see modsec2.conf, etc., but it does not reference Pcre.
Thanks!
/var/cpanel/cwaf/etc/modsec2.conf is an example of configuration file. In your own modsecurity.conf you should include /var/cpanel/cwaf/etc/cwaf.conf with links to our rules and necessary configuration options. Our modsec2.conf (recommended configuration) contains:
LoadFile /opt/xml2/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
SecRequestBodyAccess On
SecDataDir /tmp
SecTmpDir /tmp
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
Include “/var/cpanel/cwaf/etc/cwaf.conf”