• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Atomicorp WAF // 345114 "log4j"

R

rammstein

New Pleskian
Unfortunately, I have problems with this rule on some websites, and a question about the "best" solution to this problem.

The rule exits with the following error:
Code: 
Execution error - PCRE limits exceeded (-8)

The reason and the solution for this are relatively clear:
This message means that the locally configured internal limit was been exceeded in modsecurity. This limit is used to prevent a special type of DOS attack on the WAF itself. This is not caused by any of the Atomicorp rules. If you are using third party rules, please contact the rules developers for assistance.

When using just the Atomicorp rules, this error is caused by the following settings:

SecPcreMatchLimit

SecPcreMatchLimitRecursion

They limit the degree to which modsecurity will inspect content. This error means that modsecurity has stopped inspecting the content because the content itself has exceeded these limits. If your system is generating these kinds of errors, generally just need to increase the limits higher on your system as explained below.

It is also possible this is occurring due to an actual DOS attack on your system. If you are certain this is not a DOS attack, simply increase these limits accordingly for your system. We recommend a minimum of 250000 for a modern system, then restart your web server.

SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
Click to expand...
Source: https://support.atomicorp.com/hc/en...-execution-error-PCRE-limits-exceeded-8-null-

But how do I do this in Plesk so that it is update safe and not overwritten during an update?

Can I just put it here, under "Custom directives"? (Tools & Settings -> WAF -> Settings)

76906.webp

Source: Web Application Firewall (ModSecurity)


Thanks for any advice!
 
You must log in or register to reply here.

Similar threads

K
Question modsecurity
Replies
2
Views
1K
Knutsford
K
E
Issue PHP Chankro DOS attack
Replies
1
Views
1K
HHawk
HHawk
F
Issue Issue with modsecurity
Replies
3
Views
10K
payday
P
T
Apache2 ModSec Error - Apache2 fails to start and AH00111 error
Replies
1
Views
2K
Peter Debik
P
K
Question Error message during Plesk Updates “Warning: install PAM module not successed” (PAMConfig.confset.PAMServiceError: system-auth)
Replies
2
Views
2K
johnrdorazio
J
Back
Top