ModSecurity Rule execution error - PCRE limits exceeded

[Theodor]

Hello,

have somebody an ideea how to change the ModSecurity PCRE limits?

Wed Feb 24 22:11:13 2010] [error] [client...] ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null). [hostname "..."] [uri "/administrator/index.php"] [unique_id "..."]

THX for help

Theodor

 

[IgorG]

Look at recommendations here. Maybe it will help.

 

[atomicturtle]

This has to do with the new PCRE recursion anto-DOS measures added into 2.5.12. It required a fairly significant rule update to support, which we added in last month.

 

[Theodor]

I "fix" the PCRE limits exceeded Problem, I renamed the PHPIDS filters file with a new empty file, restart the Apache and now all my customers can change the website content with no restrctions.

Of course this is a quick an dirty method but much easyer like recompiling the ModSecurity.

Hope this help

Theodor

 

[atomicturtle]

Haha, yup... turning all the rules off is one way to do it

 

[PabloVargas]

HI Theodor: you can compile modsecurity with pcre limit

./configure --enable-pcre-match-limit=90000 --enable-pcre-match-limit-recursion=90000
make && make install

and you can check limits whit

php -i | egrep -i pcre

or can set limit en php.ini

[Pcre]
pcre.backtrack_limit=1000000
pcre.recursion_limit=1000000

 

[PabloVargas]

Hi Theodor: you can compile modsecurity with PCRE limit

./configure --enable-pcre-match-limit=90000 --enable-pcre-match-limit-recursion=90000
make && make install

 

[Theodor]

Hello PabloVargas,

Thank you very much, this help

THX for help

Theodor

 

[atomicturtle]

Just be careful with that, what you're doing is creating a way to bypass mod_security on your system by limiting regular expression recursion.