• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Atomicorp WAF // 345114 "log4j"

rammstein

New Pleskian
Unfortunately, I have problems with this rule on some websites, and a question about the "best" solution to this problem.

The rule exits with the following error:
Code:
Execution error - PCRE limits exceeded (-8)

The reason and the solution for this are relatively clear:
This message means that the locally configured internal limit was been exceeded in modsecurity. This limit is used to prevent a special type of DOS attack on the WAF itself. This is not caused by any of the Atomicorp rules. If you are using third party rules, please contact the rules developers for assistance.

When using just the Atomicorp rules, this error is caused by the following settings:

SecPcreMatchLimit

SecPcreMatchLimitRecursion


They limit the degree to which modsecurity will inspect content. This error means that modsecurity has stopped inspecting the content because the content itself has exceeded these limits. If your system is generating these kinds of errors, generally just need to increase the limits higher on your system as explained below.

It is also possible this is occurring due to an actual DOS attack on your system. If you are certain this is not a DOS attack, simply increase these limits accordingly for your system. We recommend a minimum of 250000 for a modern system, then restart your web server.

SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
Source: https://support.atomicorp.com/hc/en...-execution-error-PCRE-limits-exceeded-8-null-

But how do I do this in Plesk so that it is update safe and not overwritten during an update?

Can I just put it here, under "Custom directives"? (Tools & Settings -> WAF -> Settings)

76906.webp

Source: Web Application Firewall (ModSecurity)


Thanks for any advice!
 
Back
Top